Home

Share this Story

Android Community Member “TrevE” Hit With Cease & Desist For Researching Security Vulnerability

For a refresher, back in October a user over at the XDA forums came across a major security flaw on HTC devices which allowed for the tracking and recording of every use of your phone through certain app permissions.  Since then, HTC released pressers that acknowledged the issue and that they would have fixes.  Better yet, they said that no data had been stolen by any users and that HTC’s people were on the case to fix the problem. Unfortunately, nothing ever seems to end on a good note.

After his initial findings, research then led Trevor Eckhart to CarrierIQ.  That company, has now issued a cease and desist to the Mr. Eckhart for the research he published on their software.  CarrierIQ claims that “TrevE” reproduced copyrighted Training Material and made “false allegations” about their software’s purposes.  And this is not just a slight slap on the wrist.  CarrierIQ wants Mr. Eckhart to issue a formal announcement that shows that what CarrierIQ is doing is completely normal, and is in no way a vulnerability to users. 

It’s almost scary to read these C&D letters as if you are the person it is addressed to.  Of course, if Mr. Eckhart does not stop his research and retract all previous posts and articles showing CarrierIQ’s software at work, then there will be legal ramifications.  Luckily, there is a good shot at the good guys coming out on top.  Echkhart reached out to the EFF (Electronic Frontier Foundation) for legal counsel and they feel that CarrierIQ’s claims are pretty much bologna.

We have now had a chance to review your allegations against our client, and have concluded that they are entirely baseless. Mr. Eckhart used and made available these materials in order to educate consumers and security researchers about the functionality of your software, which he believes raises substantial privacy concerns. Mr. Eckhart’s legitimate and truthful research is sheltered by both the fair use doctrine and the First Amendment.

I have felt that Eckhart’s research was for the greater good of the consumer and was most definitely just a,”Hey, watch out for this type of thing,” then an actual attack on CarrierIQ.  I could be wrong, but I feel that the research done was in good heart.  What do you all think?  Will the first amendment save this guy from an ugly court hearing?

Trevor Eckhart’s C&D PDF

Via: TechCrunch

  • Anonymous

    Another reason to root and rom your phone.

  • http://twitter.com/#!/wwickedd wicked

    A Conversation With Andrew Coward, Marketing VP of Carrier iQ -http://bit.ly/vWDKdQ

  • http://twitter.com/#!/wwickedd wicked

    A Conversation With Andrew Coward, Marketing VP of Carrier iQ -http://bit.ly/vWDKdQ

  • Tj

    Good for TrevE.  Fighting the machine. 

  • Anonymous

    I’m making a donation to the EFF.

  • Jamie

    ” ‘A matter of internal security…’ the age-old cry of the oppressor.”  -Jean-Luc Picard

  • FSFer

    If the “Protect IP” act is passed, CarrierIQ could have gotten an injunction to shut down XDA.

    Dangerous times. 

    Thank god for people like Mr Ekhart. Sunlight is the best disinfectant.

  • Anonymous

    If it’s true and he didn’t break any laws obtaining the information, then finger of flight to CarrierIQ and they can go blow a goat. I would like to know if what I am using has verified vulnerabilities and what the vendors are planning to do about it. Sweeping things under the rug is good for Governments and salesmen only. :)

  • Azndan4

    The picture implies that HTC is behind the legal action against Mr. Eckhart.  Maybe a picture of CarrierIQ would be more appropriate?

  • Jamdev12

    You know what this reminds me of. The recent Apple App Developer Account lockout of Dr. Charlie Miller who has been pointing out that the notion of Apple’s products not been prone to hacks is naive and a downright lie. He loves what he does and he likes Apple products and the fact that he has made Macs more secure because of his exploits gets him axed from bringing up these issues is kind of sad and downright stupid. Instead of doing something like this and what has happened to Eckhart, why don’t you hire them to help you fix these problems instead of bringing bad publicity on yourselves for doing stupid stuff like this. I will never understand companies that have this sort of mentality.

    http://www.engadget.com/2011/11/18/the-engadget-interview-dr-charlie-miller/

  • Anonymous

    CarrierIQ can eat a donk! That’s how I feel about it. They are probably tracking at the moment I write this. Well suck it Trebeck!

  • http://pulse.yahoo.com/_YEOAH3SHAKV7OYIWDABN2TOZR4 preachJESUS!

    He will easily win this case.

  • http://www.hammertechnologies.net Chase Johnson

    MMMMM i smell a coverup.

  • Matthew Rosidivito

    They should be sending this guy a job offer, not a cease and desist.

  • Scott Hartman

    It won’t save him from a court battle, but the first amendment should ensure he emerges victorious at the end.

  • EC8CH

    So if this software was on a desktop it would be considered spyware, but on my phone it’s all good?

    Ok… got it.

    • Anonymous

      No Spy on your phone just ware lol

  • Ben Kafka

    There’s an exception in the DMCA for “encryption research,” which seems to apply here.. Good luck TrevE!

  • Russ

    I don’t think he needs to be too worried. He has the ultimate defense against libel… THE TRUTH!

  • EC8CH

    How dare he tell us how carriers are spying on us through our phones without our consent!

    Rabble Rabble Rabble.

    • Matthew Rosidivito

      Your cease and desist is on its way, sir.

  • Anonymous

    Who cares about the “greater good” perspective as that is often a double edged sword (communism anyone?) but Eckhart should be just fine in court (not that it will ever go there).

  • Anonymous

    this is the kind of shady sh!t that apple does and that needs to go away for the world to be a better place.

  • Bryan Williams

    Wow, go Trevor!  Hopefully score one for the privacy of the little guy.

    Too many things can be unknowingly monitored these days.  My cell phone should not be one of them unless I choose it to be.

  • Anonymous

    At first I get the same feeling kellex, fearful as if I’m on the receiving end of the letter…
    Then anger that these idiots would pull something like this, when he is saying ,”Hey, watch out for this type of thing”….
    Then I just laugh because it’s just bad publicity for the company (more bad publicity..) For when they lose… And not just lose, but lose for fighting a guy that is trying to HELP them!

    Jeez..

    • http://twitter.com/IRONMatt14 IRONMatt14

      *Tim-o-Tato is the author ;)

    • http://www.facebook.com/profile.php?id=25001493 Hank Godwin

      Tim wrote this article, not Kellen.

    • Anonymous

      I always look at the author too, always.. Including this time.. Not sure why I messed that up :-/

  • http://twitter.com/TonyG916 Tony Garza

    what a load of crap. now where’s my galaxy nexus news?

  • bigrob60

    FIGHT THE POWER!!!!
    I do hope he wins in this day in age. Did anyone notice how Leno was cutoff last week when he was talking to McCain’s daughter about how the occupy movement should occupy congress instead. First Amendment what?

    • Anonymous

      Damn can u help me find a link to that? Everywhere i look so far its taken down

    • Ryan Perry

      How was Leno cut off? I watched the clip he said what he had to say and people clapped?

      • bigrob60

        I was watching on my DVR and right after he said they should occupy congress b/c wall street does whatever D.C. let’s them get away with. It went straight to commercial w/ him in mid-sentence. When it came back the interview was over & he was introducing the band. It really looked like a cutoff. 

  • http://www.facebook.com/5.second.minute Kit Tihonovich

    First to lawl at the situation.

  • Anonymous

    Total gay balls.

  • Kris Brandt

    Wow.  If anything, he has the EFF on his side.  That bodes very well for him.

  • Derek Stiles

    Go TrevE!  I was shocked when I first learned of his findings.

  • Edwin M

    Typical, punish the guy trying to help you out.

  • http://twitter.com/dizknee24 Peter Wassel

    I support TrevE

    • Anonymous

      Yep, and if it does what he claims, then there’s no reason to retract the information.

    • Mctypething

      u supportive bro?

      • MctypethingGAY4life

        U gay bro?

        • Someone

           Propositioning someone on a forum? I think there are other forums for that.

    • Anonymous

      I think it would be best if CarrierIQ just left it alone and dropped it.  Why bring more attention to the matter when it was bad enough as it was.  Why drudge it all up again?

      • Anonymous

        because they’re refining their techniques.

  • http://twitter.com/dizknee24 Peter Wassel

    Yuck double post