Carrier IQ Admits SMS Log Bug In Data Collection FAQ
Carrier IQ has admitted that its cellphone monitoring software contains an SMS bug that can inadvertently collect text message data, though the company says such accidental records are "not human readable." Detailed in a comprehensive Carrier IQ FAQ document supplied to SlashGear – and which you can read after the cut – the bug only exists in embedded versions of the service tracking software, and the company says it has already released an updated version that addresses the issue.
"Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable" Carrier IQ
Despite the flaw, Carrier IQ insists that the potential for privacy leaks is minimal. "No multi-media messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured" the company insists, and the fault itself has been addressed.
The rest of the document details exactly what data Carrier IQ's software can collect and what it can't, though the exact extent of the collection is down to the operators themselves. "Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred" the company concludes, reiterating that it "is not a keylogger and no customer has asked Carrier IQ to capture key strokes."
Nonetheless, Carrier IQ should probably expect even more attention in the coming months, after it was revealed yesterday that the FBI has seemingly used some of the data collected in its investigations. The company is already the subject of a class-action lawsuit, and European regulators are looking into potential breaches of privacy law.