Nokia Admits to Decrypting Secure User Data But Denies Spying on Customers

rated by 0 users
This post has 1 Reply | 0 Followers

Top 10 Contributor
Posts 26,814
Points 1,213,420
Joined: Sep 2007
News Posted: Thu, Jan 10 2013 10:14 AM
Nokia can ill-afford any missteps as it attempts to rebuild its brand into a major smartphone player, so it's a little concerning on a number of levels that it was caught intercepting Internet traffic on its phones and redirecting the data through its own server farm. Is Nokia engaging in so-called man-in-the-middle attacks against its own customers?

That's the conclusion Gaurang Pandya came to, who first discovered that HTTPS traffic was being diverted through Nokia's servers. Pandya, who is an infrastructure security architect at Unisys Global Services India, says "it is evident Nokia is performing man-in-the-middle attacks for sensitive HTTPS traffic" originating from his Nokia Asha phone. What's alarming here is that the way Nokia is going about it, the company has "access to clear text information" such as bank logins, credit card information, and other sensitive data.

Nokia Asha

When pressed by TechWeekEurope, Nokia didn't deny that it was intercepting web traffic, but refuted the notion that there's any malicious intent behind what it's doing. It's just the way Nokia's traffic compression feature works, which results in faster page loads.

"The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value out of their data plans," Nokia told TechWeekEurope. "Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner."

Nokia further added that it has technical safeguards in place to prevent access to private information.
  • | Post Points: 20
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
3vi1 replied on Thu, Jan 10 2013 12:44 PM

Just another reason to not buy a Nokia phone. They claim they're not retaining or parsing any of the unencrypted data, but they intercepted it without telling anyone (I don't care about the reason), so why the heck would you trust them?

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?


  • | Post Points: 5
Page 1 of 1 (2 items) | RSS