10-04-2015 03:49 AM - edited 10-04-2015 04:08 AM
If I have understand correctly EM7345 is made specifically for Lenovo based on their requirements and specifications. Lenovo is also responsible for this firmware....on Carbon X1 etc...
I found an interesting AT command for Sierra Wireless EM7345. The command is “AT+XCIQ”. There’s the following text string in EM7345 firmware file (it is present in any version so far): +XCIQ CIQ: Carrier IQ enable/disable.
Let’s try to get “help” about this command:
So, we can suppose that 0 disables this Carrier IQ feature, and 1 enables it.
Let’s read the current setting of this feature:
Looks like it’s on by default. Let’s try to switch it off?
NOTE: If you’re running firmware earlier than 1522.02, don’t enter the following command!
If we try to enter:
i.e try to disable Carrier IQ, EM7345 will have a fatal crash and reboot into boot flashing mode and it will be stuck there for good.
So, Carrier IQ is always on and if you try to turn it off using the above AT command, that will kill the device!
With firmware version 1522.02, AT+XCIQ=0 returns OK and there’s no fatal crash like in previous firmware versions. Also AT+XCIQ now accepts 3 possible values with 1522.02 firmware:
So, 0 must be disable, 1 enable, and what is 2? Any value gets OK response and there’s no any error. Can Carrier IQ be really disabled or enabled using the above values? Who knows… If you don’t know what Carrier IQ is, fear and read:
There’s not much in the news now, all seems quiet, but they definitely are looking for more stealthie ways to do their dirty business. At first, it used to be just an app in your Android phone, though using some stealth techniques, but still an ordinary app. You could block, patch, firewall, sniff, analyze it to any of your like.
But now, it is not in your phone, now it is sitting at the very firmware of your LTE device, it can analyze your internet traffic, extract your passwords and private data, do man in the middle attacks, report back home and whatever they want. Looking at the firmware dump file and the strings, one can say that there’s a complete TCP/IP stack implemeted and it is functioning on its own, independently from your OS and firewall.
And it’s perfectly undetectable, if, for example, they put someting like this in your Ethernet card or router, it can be detected on the next router where the traffic is going thru. But in our case, where are you gonna sniff packets generated by EM7345? That can be done only on a cellular carrier’s network equipment, and no one has access to that… except cellular carriers themselves.
So who’s spying on us when we go online using an ultra-fast LTE network? Whose decision was it to embed this dreaded Carrier IQ into EM7345 firmware? The truth is out there. Use your brain and take care....
Solved! Go to Solution.
10-04-2015 04:08 AM
Do it well, worse becomes itself
10-04-2015 04:17 AM
Is there any Lenovo response ? Especially after the Superfish case.
10-04-2015 04:29 AM - edited 10-04-2015 10:08 AM
i dont think so...no one wont to speak about this...HTTPS Spoofing etc..
and we all know why... this will cost millions...and millons of Dollars if it comes to court.
The luck is only a few people know anything about that.
HTTPS Spoofing (and in this case with Superfish Worldwide private data Network Spoofing) etc..is one crime and of course not legal.
The truth is out there. Use your brain and take care....
the same will come with Sierra Wireless EM 7345 Carrier IQ enable/disable.etc..only we can hope Lenovo will disable Carrier IQ (Network Spoofer) in the next driver (firmware) version...we will see..
the truth is you have the right to protect you personal data....and no one have the right to spy on you...
10-12-2015 12:33 PM
A solution regarding the EM7345 command “AT+XCIQ=?” has been published.
It can be found here: https://support.lenovo.com/us/en/documents/SF15-T0070
02-05-2016 11:53 AM
can you please help me ...where are the drivers for the EM7345 all links are broken ..i can only find this on you tube...