Contemporary wireless technology showcases a martial relationship between security and privacy concerns; sometimes appearing to balance each other while always being leveraged to gain advantage with emerging commerce.

 

Knowing how always implies a readiness to do—which lacks only a motive and opportunity, as any sleuth will tell you.

 

For a time the company Carrier IQ would happily tell you of their deal with the Nielsen Company to “deliver critical insights into the consumer experience of mobile phone and table users worldwide, which adhere to Nielsen’s measurement science and privacy standards.” On November 12th, thanks to Trevor Eckhart, we discovered that Carrier IQ technology embedded in millions of mobile devices could record and send as data to the relevant carrier (AT&T and Spring, in the US) not just the usual clicks on webpages but also strokes made on the device’s keypad.

 

Following the Carrier IQ ‘rootkit’ disclosure, Carrier IQ, wireless device manufacturers, and wirless service providers attempted to reassure consumers that all data was being used to improve the consumer experience. Everyone denied that, though keystrokes could be recorded, such data was being collected; or if it was being collected, they hedged, the data wasn't being used for commercial purposes.

 

Meanwhile, the FBI implicitly finds Carrier IQ-related data so valuable in their ongoing surveillance operations that it declined to comply with a Senate Judiciary Subcommittee’s request for the bureau’s written guidance on how to access and analyze Carrier IQ-gathered data.

 

Every Wireless Device is a Potential "Wire"

 

Telecommunications carriers have a legal right to ensure that their networks are working properly, which extends to listening to customer phone-calls as needed. PR from Carrier IQ and the carriers themselves emphasizes the diagnostic use of the wireless usage data they are collecting.

 

Under these circumstances, we should assume that any consumer wireless device can be a ‘wire’ in the surveillance use of the term. The company Fortinet in part builds its business on developing security products based on this assumption. The FortiGate thick wireless access point, for example, besides managing wireless networks and traffic, filters data in many different ways.

 

Let’s say your team uses the SolarWinds product Mobile Admin as part of its triage workflow. While the Mobile Admin server mediates access to a network device, Carrier IQ technology on an individual mobile device could capture configuration changes tapped into the keypad. Properly setup, the FortiGate access point would provide a layer of security that prevents that keypad data from being transmitted out of the network.

 

Ultimately, since technology can be used for good and bad ends, an indispensable part of taking care of your network is knowing what users are doing on the network, when they are doing it, and with which devices. For that, you need a monitoring product like the SolarWinds User Device Manager.