A cellphone eavesdropping scandal casts a shadow on Apple’s competitors
Caught red-handed: Carrier IQ logging Eckhart’s keystrokes
Have you heard that every text message, every e-mail, every phone number, every keystroke made on a Google (GOOG) Android phone may be secretly recorded, logged and sent to your cellular provider by a tracking service called Carrier IQ?
No? That’s a surprise, because it’s a scandal that’s been brewing for several weeks — ever since security researcher Trevor Eckhart discovered Carrier IQ’s analytics app on HTC phones running Android. The app comes pre-installed on more than 140 million handsets, including phones made by Samsung, Nokia (NOK) and Research in Motion (RIMM) — but not Apple (AAPL).
Carrier IQ’s first response was to have its lawyers send Eckhart a cease-and-desist letter (since withdrawn, with an apology). Its second was to issue a statement that its software does not record keystrokes and that any information it gathers is “encrypted and secured.”
It didn’t take long for Eckhart to put the lie to those claims. On Monday he posted a 17-minute YouTube video that takes viewers step by step through the set-up and then, at the 13:45 mark, shows Carrier IQ recording his keystrokes — in clear text — as he performs a supposedly encrypted HTTPS Google search.
Looks like almost everyone who bought an Android has seen a tremendous amount of persona, private data sent, unbeknownst to the, to a private company who seems to be in a position to sell that data.
It records all your keystrokes – like passwords – and transmits them in the clear, with no encryption.
This is about the largest security meltdown one could imagine with mobile devices. Yet we have heard little about it in the press.
But iPhone has no such app. Here is what one of the few tech guys reporting on this said:
“The CIQ software, as it currently functions,” he writes, “blatantly violates both privacy agreements and security best practices. It’s also the best reason to buy an iPhone that we’ve heard in months. Given the choice between a closed software ecosystem and an open phone that spies on its user, we’ll take closed software every time.”
This could be about as damaging to Google and Android as one could imagine. We shall see how this turns out.
If there’s any doubt how social networks have presented hackers with a wealth of social engineering tools, a Brazilian security researcher recently demonstrated how he could “friend” even allegedly more wary Facebook users in less than 24 hours. At the Silver Bullet security conference in São Paulo, UOLDiveo chief security officer Nelson Novaes Neto showed how he leveraged LinkedIn, Amazon, and Facebook to convince a target—a Web security expert he called “SecGirl” using social engineering.
Novaes created a fraudulent Facebook account, “cloning” the identity of the manager of the target. He then sent friend requests to friends of friends of the manager from the cloned account—sending out 432 requests. In just one hour, 24 of those requests were accepted, even though 96 percent of them already had the legitimate account of the manager in their contact list. He moved on to 436 direct friends of the manager, using his connections from LinkedIn—getting acceptances from 14 of them in an hour. Seven hours into the experiment, his cloned account’s friend request was granted by SecGirl.
With the information obtained by friending someone, it’s possible, Neto said, to then take over a legitimate Facebook account using Facebook’s “Three Trusted Friends” password recovery feature. Through the password recovery tool, a hacker can change both the password and the contact e-mail address for an account. The hacker could then use that hacked account for social engineering attacks on other accounts.
In an interview with Brazil’s UOL Noticias, Neto said, “People have simply ignored the threat posed by adding a profile without checking if this profile is true. Social networks can be fantastic, but people make mistakes. Privacy is a matter of social responsibility.”
In 2006, scientists announced a provocative finding: a retrovirus called XMRV, closely related to a known virus from mice, was associated with cases of prostate cancer. But other labs, using different sets of patients, found no evidence of a viral infection. Before the controversy could be sorted out, another research group published a 2009 paper containing an even more intriguing claim. XMRV, it said, was associated with chronic fatigue syndrome (CFS), a disorder that some had claimed was purely psychosomatic.
Reaction came quickly. The CFS community, viewing a viral cause as a validation of their malady, embraced the finding. One author of the XMRV/CFS paper, Judy Mikovits, landed a position as research director of a private foundation dedicated to CFS. A company associated with the foundation started offering tests for infections.
Then the story took a strange turn. A long chain of events led not only to the collapse of the XMRV hypothesis, but it landed Mikovits in jail—and brought death threats upon some of the researchers who debunked her ideas.
Perhaps XMRV will follow the same trajectory as cold fusion – continuing work by a small group of believers mostly outside the purview of mainstream research. But current research have greatly damaged it as a viable hypothesis for an extremely frustrating disease.
One part of the article stood out:
These features are all necessary parts of scientific self-correction. Frequently, non-scientists view the corrective process as one where people question some results and attempt to perform an exact reproduction of the experiments that generated them. That’s not what usually happens. Instead, the best questions usually focus on the consequences of the result—what should we be seeing if this is right?
Much of scientific research falls into the rhetorical “If true, then what?” It is a valuable logical tool called modus tollens. If we assume something is true, it should lead to known consequences. If those consequences are not found, then the assumption is weakened if not outright disproved.
Do this enough times, then add in alternative assumptions whose consequences CAN be found, and virtually any scientific hypothesis will collapse.
We’ve learned from experience that the truth will come out. Other experimenters will repeat your experiment and find out whether you were wrong or right. Nature’s phenomena will agree or they’ll disagree with your theory. And, although you may gain some temporary fame and excitement, you will not gain a good reputation as a scientist if you haven’t tried to be very careful in this kind of work. And it’s this type of integrity, this kind of care not to fool yourself, that is missing to a large extent in much of the research in cargo cult science.
It appears that this has happened here. It would be nice to hope that the increased focus this hypothesis has brought to this disease might enhance the chances that a solution would be more rapidly reached.
But harassment and death threats make it likely that fewer people will want to touch such a controversial subject.
The digital age has left men’s nether parts in a squeeze, if you believe the latest science on semen, laptops and wireless connections.
In a report in the venerable medical journal Fertility and Sterility, Argentinian scientists describe how they got semen samples from 29 healthy men, placed a few drops under a laptop connected to the Internet via Wi-Fi and then hit download.
I’ll bet some caveats. They simply placed sperm samples under the laptop.
But in reality, sperm are inside tissue underneath clothes. Do WiFi transmissions get that far in? There is no evidence that they penetrate much deeper than the skin.
If they were powerful enough to penetrate into the testicles, I’d expect your skin would be pretty damaged also. Even in these experimental conditions, 75% of the sperm were motile compared with 86% of the control. And 91% showed no DNA damages compared with 96% of the control. I’d be willing to say that Wifi would have even less effect in a real setting.
This is like hitting the sperm with a hammer and stating that wearing tight pants could cause sperm to be harmed due to the increased pressure.
Apple’s Black Friday sales were a resounding success according to two separate accounts, which revealed that most of the company’s retail stores sold out of the iPhone 4S on the biggest shopping day of the year.
None were available on Friday but I was able to make a reservation Friday night and pick up 2 16GB black iPhone 4S for my son and I. Trading up from our iPhone was sweet and we got to keep our unlimited data plans.
My son immediately tried to ask Siri the score of the Oregon game and Siri failed to provide a useful answer. I asked when the Amazing Race would be on and also had no answer. Still need a little more work on the AI.
But the things she does, she does nicely. I sent text messages without any problem. This will be pretty useful as it becomes more mature.
And all my cloud stuff came over without a hitch. Getting all hooked up at the Apple Store was so much easier than at any phone store I have ever gone to. Just amazing.
Online retailers have long gathered behavioral metrics about how customers shop, tracking their movements through e-shopping pages and using data to make targeted offers based on user profiles. Retailers in meat-space have had tried to replicate that with frequent shopper offers, store credit cards, and other ways to get shoppers to voluntarily give up data on their behavior, but these efforts have lacked the sort of data capacity provided by anonymous store browsers—at least until now. This holiday season, shopping malls in the US have started collecting data about shoppers by tracking the closest thing to “cookies” human beings carry—their cell phones.
The technology, from Portsmouth, England based Path Intelligence, is called Footpath. It uses monitoring units distributed throughout a mall or retail environment to sense the movement of customers by triangulation, using the strength of their cell phone signals. That data is collected and run through analytics by Path, and provided back to retailers through a secure website.
Combine cell phone tracking with video and they would be able to follow the wanderings of anyone. Do I really want the mall to know exactly where I have been and for how long? What real benefit will I get?
How long before people figure out ways to degrade this process?
For me, another reason to ignore the mall or leave my cell phone in the car.
I’ve spent nearly seven years and an enormous amount of verbiage writing about the difference between pseudoscience and science, between cranks and skeptics, between denialists and scientists. Along the way, I’ve identified a number of factors common to cranks and denialists. For example, two of the most prominent characteristics are a tendency to cherry pick studies and evidence and–shall we say?–a major “inconsistency” in how they deal with data. If a study appears to support their viewpoint, it doesn’t matter how small it is, how preliminary it is, how poorly designed it is, or how weak its conclusions are. It agrees with their pre-existing beliefs; so it must be a good study. In marked contrast, if a study, no matter how big, no matter how well-designed and exquisitely executed, no matter how clear cut its results, doesn’t conclude what cranks want it to conclude, to the crank it’s utter crap (at best), the result of unyielding dogma, or the result of a conspiracy to suppress The Truth (at worst). Often it’s declared to be a combination of all three.
We just saw this very phenomenon yesterday in the way that Katie Wright castigated a perfectly fine little pilot study with a provocative result about neuron counts in the prefrontal cortex in autistic children. If you listened to the anti-vaccine contingent, you’d think that the study was not only horrible science but carried out by Satan himself “sacrificing” autistic children to get their brains. In contrast, when a real crap study (namely the “monkey business” study by Laura Hewitson) was published, anti-vaccine cranks treated it as though it were the “smoking gun” demonstrating that thimerosal-containing vaccines cause autism. When the study was withdrawn, it was treated as though a conspiracy had “silenced” Hewitson. Then, of course, there’s the biggest, baddest example of this of all, namely Andrew Wakefield himself. His original study published in The Lancet in 1998 was a 12 subject case series with no control group that later shown by Brian Deer to have been fraudulent. Even before it was known that the study was fraudulent, however, it was obvious that at best this was a small, preliminary study whose results wee not all that convincing. Yet this study was the beginning of the MMR scare in the U.K. that drove MMR uptake rates to levels well below that needed to maintain herd immunity and made Andrew Wakefield a star in the anti-vaccine movement. When this paper was finally retracted due to fraud, the anti-vaccine movement turned Wakefield into a martyr many times over. He remains to this day a hero of the anti-vaccine movement.
Given that background, it’s rather interesting (to me at least) and, I daresay, educational to compare two different scientists in trouble with the law and how anti-sciencecranks have reacted to this situation. The reason this comes up is because a scientist who rose to prominence in the cranksophere due to her highly questionable findings is now finding herself in trouble with the law. I’m referring to Judy Mikovits, a researcher who published a report two years ago linking the XMRV retrovirus to chronic fatigue syndrome. If you click on the link, you’ll note that the study, which was published in one of the highest impact journals there is, Science, was retracted. In July 2011, the editor of Science issued a statement of concern that stated:
Now the paper is on the way to being retracted, reasonable evidence has been produced demonstrating that contamination is responsible, yet the authors have reacted thusly:
Of course, it’s not so much that Mikovits was wrong. Scientists are wrong all the time. Mikovits was very likely wrong about XMRV having a relationship to the etiology of CFS. (Either that, or something is going on that all the scientists trying to replicate her work are missing, which is highly unlikely.) That’s OK, though. That’s part of science. There’s no shame in that. What isn’t OK and is shameful is what Mikovits did with her results and how she behaved afterward. She extended them to autism (even going so far as to speak at the anti-vaccine conference Autism One), blaming XMRV for autism and other conditions. Even worse, she attacked scientists personally who couldn’t replicated their results, accusing them of, in essence, incompetence and of intentionally designing their experiments to minimize the chances of detecting XMRV in their samples. She also accused insurance companies of trying to sully the findings of her study in much the same way that anti-vaccine zealots and alt-med mavens like to claim that big pharma is trying to keep you from finding out The Truth and the government of trying to undermine her research because it fears an outbreak of XMRV.
She is now attempting to commercialize a diagnostic for the virus, even though so many researchers have negated the work that Science is now concerned about it.
When researchers start claiming a conspiracy preventing others from repeating their work, we can usually infer that their work simply does not withstand the scrutiny.
In a stunning twist, Mikovits was arrested on Friday, and spent five days in a California jail cell, held without bond. She was released Tuesday after an arraignment hearing, according to court records. An arrest warrant issued by University of Nevada at Reno police listed two felony charges: possession of stolen property and unlawful taking of computer data, equipment, supplies or other computer-related property.
She was fired in September, and this month her former employer filed a lawsuit alleging she had wrongfully taken lab notebooks, a computer and other proprietary data. Other researchers have discredited her work, and the journal Science, which published her study, is investigating whether the data were manipulated.
Climate change denialists invoke a global conspiracy of researchers in order to explain why the data does not match their ‘reality’. We see similar responses here by those who support XMRV – that a worldwide conspiracy is behind all of this, including the arrests.
As long as these sorts of arguments are made, the science behind all of this will stay confusing.
In all other cases of confusing, paradigm-shifting science that I have seen in my life that turned out to be correct – such as RNA enzymes or antibiotics for ulcers – the true response to controversy is to attack the criticisms with better science, not to attack those who present the criticisms.
That is how paradigms are overturned. Not by commercializing the research before all the results are in.
Somebody clone Attenborough, quick — the British nature program must continue forever! His latest documentary is Frozen Planet, and all I’ve seen of it is short clips on youtube and various other sites…which just makes me want to see more.
Here is a time lapse video of a brinicle forming: a column of cold water descending from the surface which is saltier than the surrounding sea, so it both sinks and remains liquid as it oozes downward, but it freezes the less briny water around it. It’s slow, but if you’re a slow-moving echinoderm, it’s like the icy finger of a vindictive god reaching down to destroy you.
As a theological ethicist who also used to work in law enforcement, I feel obligated to comment on the latest incident involving police using pepper spray on Occupy Wall Street protesters. Garance Franke-Ruta over at The Atlantic provides, I think, a fair account of this, including most recently the one at the University of California-Davis. In my view, based on the videos and the reports available to date, the spraying of kneeling students by Lt. John Pike was unjustified; it was excessive force and an example of police brutality. Most law enforcement officers are pepper-sprayed as part of their training so that they know what it feels like whenever they use it (plus, often when it is employed, some blows onto the officer, so s/he had be prepared beforehand for what it feels like). I remember being out of commission for a whole day following being sprayed directly in the face during training–it is very painful and incapacitating. Indeed, Fox’s Megyn Kelly should try it before making the silly comment that it’s “a food product, essentially”.
A very worthwhile read. This is an important point:
Police are supposed to serve and protect all citizens, including those they regrettably have to arrest. For the latter, though, any force necessary to subdue the suspect should be proportionate (i.e., similar to the moral reasoning found in the Catholic just war tradition–just enough necessary to accomplish the job and in the least harmful way, if possible, given a constellation of available options).
Misdemeanor trespassing is what the pepper-sprayed students were charged with. Pepper spray – a level 5 tool just one step below lethal force – was not proportionate to the crime.
But the student’s response, as mentioned in another article on faith, was not only proportionate the pepper spray but also a much more sustaining approach than the violence of the officers. The campus minister, Rev. Kristin Stoneking, helped defuse the situation following a press conference by helping negotiate this response.
Those 3 minutes of silence from angry students, as they adopted the same positions as the students from the previous day, is pretty amazing. The only sounds come from reporters who have to be reminded that something important is happening.
The fact that it was the campus chaplain who helped negotiate this response serves to demonstrate that people of faith still have a tremendously powerful role. Here is some of her firsthand account:
Once inside, and through over an hour of conversation, we learned the following:
The Chancellor had made a commitment that police would not be called in this situation
Though the message had been received inside the building that students were offering a peaceful exit, there was a concern that not everyone would hold to this commitment
The Chancellor had committed to talk with students personally and respond to concerns at the rally on Monday on the quad
The student assistants to the Chancellor had organized another forum on Tuesday for the Chancellor to dialogue directly with students
What we felt couldn’t be compromised on was the students’ desire to see and be seen by the Chancellor. Any exit without face to face contact was unacceptable. She was willing to do this. We reached agreement that the students would move to one side of the walkway and sit down as a show of commitment to nonviolence.
Before we left, the Chancellor was asked to view a video of the student who was with me being pepper sprayed. She immediately agreed. Then, he and I witnessed her witnessing eight minutes of the violence that occurred Friday. Like a recurring nightmare, the horrific scene and the cries of “You don’t have to do this!” and students choking and screaming rolled again. The student and I then left the building and using the human mike, students were informed that a request had been made that they move to one side and sit down so that the Chancellor could exit. They immediately complied, though I believe she could have left peacefully even without this concession.
I returned to the building and walked with the Chancellor down the human walkway to her car. Students remained silent and seated the entire way.
I have to say that Katahi showed some real strength of character to make that walk. She was a student in Greece during the early 70s when students rose up and helped topple a military regime. She knows firsthand the destructive power of angry mobs.
To walk among them like that must have been hard, and perhaps it needed to be in order to begin reconcialiation. Stoneking has a keen knowledge of how to do this.
The silent walk demonstrates not only the ability of people willing to have a discussion to find creative solutions, but also the importance of dealing with anger without succumbing to it.
Why did I walk the Chancellor to her car? Because I believe in the humanity of all persons. Because I believe that people should be assisted when they are afraid. Because I believe that in showing compassion we embrace a nonviolent way of life that emanates to those whom we refuse to see as enemies and in turn leads to the change that we all seek. I am well aware that my actions were looked on with suspicion by some tonight, but I trust that those seeking a nonviolent solution will know that “just means lead to just ends” and my actions offered dignity not harm.
I believe Jesus Christ – whether God or man – was a great teacher because he described the path out of the revenge cycle of violence so common to many religions and cultures. Anger against the other creates violence which engenders anger in the other that creates violence which produces anger…
A Greek friend has sent me lots of information on links between the suppression of dissent at UC Davis and similar events in Greece from the days of the military junta to the present. Here’s a video commemorating the 1973 uprising centred on Athens Polytechnic, which led to the downfall of the military junta the following year[1]. the last title says “The Polytechneio lives on. In struggles today.” Link
Among the legacies of the uprising was a university asylum law that restricted the ability of police to enter university campuses. University asylum was abolished a few months ago, as part of a process aimed at suppressing anti-austerity demonstrations. The abolition law was based on the recommendatiions of an expert committee, which reported a few months ago (report here, in Greek). There’s an English translation here, but it doesn’t work well for me.
Fortunately, my friend has translated the key recommendations
University campuses are unsafe. While the [Greek] Constitution permits the university leadership to protect campuses from elements inciting political instability, Rectors have shown themselves unwilling to exercise these rights and fulfill their responsibilities, and to take the decisions needed in order to guarantee the safety of the faculty, staff, and students. As a result, the university administration and teaching staff have not proven themselves good stewards of the facilities with which society has entrusted them.
The politicizing of universities – and in particular, of students – represents participation in the political process that exceeds the bounds of logic. This contributes to the rapid deterioration of tertiary education.
Among the authors of this report – Chancellor Linda Katehi, UC Davis. And, to add to the irony, Katehi was a student at Athens Polytechnic in 1973.
fn1. The fall of the Greek junta, only a year after Pinochet’s coup in Chile was, in retrospect, a historic turning point, after which rule by generals became steadily less common.
The world is a strange place. And a Greek student from 1973 seems to be reliving history, because she feels a major part of the administration is to protect facilities, not students. I wonder if she ever thought she would be on the same side of student protests and suppression of dissent as the military junta of her youth.
One hundred years ago, an American pharmacist named Wilbur Scoville developed a scale to measure the intensity of a pepper’s burn. The scale – as you can see on the widely used chart to the left – puts sweet bell peppers at the zero mark and the blistering habanero at up to 350,000 Scoville Units.
I checked the Scoville Scale for something else yesterday. I was looking for a way to measure the intensity of pepper spray, the kind that police have been using on Occupy protestors including this week’s shocking incident involving peacefully protesting students at the University of California-Davis.
As the chart makes clear, commercial grade pepper spray leaves even the most painful of natural peppers (the Himalayan ghost pepper) far behind. It’s listed at between 2 million and 5.3 million Scoville units. The lower number refers to the kind of pepper spray that you and I might be able to purchase for self-protective uses. And the higher number? It’s the kind of spray that police use, the super-high dose given in the orange-colored spray used at UC-Davis.
The longterm health effects of this agent, especially the pulmonary effects, are not well characterized. It is designed as a general dispersal agent, not as a tool to be directly targeted at specific individuals.
And not only is it a possible health risk, meaning it should be used in extreme circumstances, and not only is its use in war prohibited by international treaty and not only did the Army find it could cause “mutagenic effects, carcinogenic effects, sensitization, cardiovascular and pulmonary toxicity, neurotoxicity, as well as possible human fatalities,” but a Federal court in this country has found that its use against peaceful protesters who pose no danger is not legal and can open the officers to personal liability.
Yes these officers might also lose their qualified immunity and could be sued in civil actions. This also applies to the Chancellor and Board of Regents at Davis if they are found to have authorized the attack. Hope so.
Perhaps then they would use it properly.
The consequences of ones action’s should be commensurate with those actions. Someone committing a misdemeanor should not be tortured to make them comply. Torturing someone who is not under arrest purely to assure compliance should not be ignored.
Pepper spray is not something to use lightly. If an officer does, they should be punished.
I really enjoyed this presentation because at its heart it is about the meal with family, not the bird. Don’t worry about how the bird comes out. That is what gravy, cranberries, stuffing and wine are there for.
Turkey is not meant to stand on its own at any dinner. It is meant to support and enhance the taste of everything else.
My memories about my mother and the bird do not stem from the manner she cooked them in. It was usually about the timing so that everything came out at the right time – after the Dallas game. How she cooked the bird seldom impinged on my consciuousness.
My Mom always had a great Thanksgiving dinner but I really never remember the bird itself. It was her Waldorf salad – sometimes with oranges added, I think – giblet gravy, the smell of sweet potato pie (that I never ate but was a favorite of my father), mashed potatoes, crescent rolls, cranberry sauce – first just the jellied kind but advancing to the whole berry as I matured – and the dressing – which changed greatly over the years as she experimented but which never failed to be my favorite. And sometimes we might have kernels of corn or green beans but to my mind they simply added color
I would simply pile my plate high with turkey, mashed potatoes, dressing, with gravy on each of them. A huge amount of cranberry sauce and a couple of rolls on the side. Each bite would have a bit of turkey, potato and gravy. Or turkey, dressing and cranberry.
After finishing one plate where I politely ate a bit of everything laid out – except the sweet potato pie which I simply have never been ale to swallow. The small bit I might put on the plate always sat alone when I went back for seconds – I return to get more of my favorites.
Turkey, cranberry sauce, gravy and dressing. The magic four that I live for.
Hot turkey sandwiches were my reward for the next few days.
I am lucky that my own family does appreciate much of the same – although I am the only one who eats dark meat. We have some different opinions on what type of bird to get and how big but we all agree that turkey, cranberries, gravy and dressing make the meal.
Thanks Mom for providing so many great Thanksgiving memories.
Here is a discussion of the changes since the last analysis:
Sony Ericsson was valued through its acquisition by Sony. We did not have a way to value the enterprise before as it was not traded independently. Last June I estimated a 14x multiple on its trailing twelve months’ profits and got $3.0 billion. Since then half the company changed hands for about €1.05 thus yielding a total company value of $2.8 billion. The enterprise value should be therefore slightly lower but I’ll stick with the current transaction value as the EV.
Motorola Mobility has entered into an agreement to be acquired by Google for $12.5 billion by Google. The company’s enterprise value jumped as a result to about $8.6 billion.
RIM’s share price collapsed and it’s now also trading at an EV of about 7.3 billion (Yahoo finance).
Nokia’s price has also dropped and it now has an EV of about $13 billion (Yahoo finance).
HTC recently dropped significantly in price and is now worth about $15 billion EV. (Note that pricing of its equities is subject to suspended trading due to drop limits).
LG’s phone business is still losing money and it’s still difficult to value. In November it was revealed that the company was seeking to raise $890 million in capital to fund new initiatives including smartphones. The share price fell by 14%. In June I suggested a nominal value for the phone business of $10 billion. I think that’s very generous and with recent events I would place that value at $9 billion today.
Samsung’s fortunes have increased. In June I applied a 14x multiple to their trailing 12 months’ operating earnings. Given overall discounting of the sector I applied a multiple of 13 today. That yields a business value of $78 billion. Interestingly, that is larger than the value of all other competitors apart from Apple. That also makes it six times more valuable than Nokia.
Apple’s cash and cash equivalents and investments grew by about $12 billion and were worth about $82 billion as of October.
by 
by 
