Conspiracy theorists look out. Security researcher Trevor Eckhart has exposed a potentially very serious rootkit hidden deep in the operating systems of many Android, Blackberry and Nokia phones.

Millions of phones apparently feature a sneaky piece of software dubbed Carrier IQ and Eckhart claims the software is nearly impossible to spot and it cannot be disabled or removed. What’s more, he claims the software not only records the device’s location, but also records every keystroke on some handsets.

Understandably, the makers of Carrier IQ dismiss the findings and claim their benevolent piece of code is merely there to provide telecoms with information needed to diagnose reception problems and improve their service. Exactly how this is achieved through logging keystrokes in anyone’s guess.

The company filed a cease-and-desist order against Eckhart, but failed to silence him. Law professor Paul Ohm thinks there is a good chance the software is violating federal wiretapping laws in the US.

“If CarrierIQ has gotten the handset manufactures to install secret software that records keystrokes intended for text messaging and the Internet and are sending some of that information back somewhere, this is very likely a federal wiretap,” he said.

So, in the unlikely case that CarrierIQ really did store or send recorded keystrokes anywhere, phone makers could be looking at the mother of all class-action suits.