Nokia Redirecting Traffic On Some of Its Phones, Including HTTPS 200
An anonymous reader writes "On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic on some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any other usernames and passwords you use to login to services on the Internet. Last month, Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a proxy, instead of directly hitting the requested server. The connections are either redirected to Nokia/Ovi proxy servers if the Nokia browser is used, and to Opera proxy servers if the Opera Mini browser is used (both apps use the same User-Agent)."
Quick note (Score:4, Informative)
Note before anyone says anything: this isn't related to Windows Phone or Microsoft.
Opera Mini is supposed to be proxied (Score:5, Informative)
The whole point of Opera Mini is to use Opera's proxies to reduce the load on the phone so complaining about that would be stupid (their other browser, Opera Mobile, is the one that doesn't use proxies). Is Nokia's browser expected to do the same as Opera Mini? (that they use the same user agent may imply so)
This isn't exactly a secret (Score:5, Informative)
Re:Opera Mini is supposed to be proxied (Score:5, Informative)
Exactly!
From http://www.opera.com/mobile/specs/ [opera.com]
"Opera Mini always uses Opera’s advanced server compression technology to compress web content before it gets to a device. The rendering engine is on Opera’s server."
On the Nokia website it states outright that "Compressed pages mean lower data charges" http://www.nokia.com/gb-en/products/phone/302/ [nokia.com]
Re:httpS (Score:5, Informative)
Actually it may not be that simple without verifying the certificates.
Many corporations for instance use products that look inside SSL streams (typically IM's) for sensitive data. The way they do this is to install a cert signed by the company on the proxy, and set the company's CA cert on your computer to always trust. Your machine makes a connection which is grabbed by the proxy, the proxy presents the valid corporate certificate. It then makes a connection off to the real service using SSL as well. Your basic man in the middle attack.
For clients that don't show the cert (like many IM clients) there's no way to know, and on those that do the user would have to check. If they are trained to just look for the padlock it appears all is well.
I can't tell if Nokia is doing something like that or not, but if you work at a big corporation you might want to check the cert fingerprints for say your bank and compare them to an access from home. I've been told the newer products can generate a cert per site on the fly, making the fake certs look correct (right company name and all of that). If your company is going to that length to spy on you, perhaps it's time to rethink your employer...
Re:httpS (Score:5, Informative)
Nokia has certificates pre-installed to make a man-in-the-middle attack. From the article:
From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature. In short, be it HTTP or HTTPS site when browsed through the phone in subject, Nokia has complete information unencrypted (in clear text format) available to them for them to use or abuse.
So this is the worst privacy nightmare.
Re:ISPs can do the same thing. (Score:5, Informative)
Wrong. It requires the ISP to plant a certificate on your system that is used to perform the MITM attack. Never install software from your ISP is my motto.
AC
Re:httpS (Score:4, Informative)
Traffic is *supposed to* be proxied. (Score:5, Informative)
For heavens sake - the point of these featurephone browsers (Opera Mini has been doing this since dawn of time) is that they use proxy to reduce data transferred and/or reformat the sites to better use lower resolution. Instead of a lot screenshots to prove that he is a very l33t h4x0r he could have just opened the friendly page [opera.com] showing how the browser works.
The only thing that rises eyebrows a little is that they indeed MITM https traffic by re-encrypting the traffic and using their own certificate (which is installed as trusted on the phone) on phoneproxy communication. But this is how SSL is supposed to work - if you want to be sure about both sides you will also need client-side certificates.
Yup. (Score:5, Informative)
Re:Traffic is *supposed to* be proxied. (Score:5, Informative)
The only thing that rises eyebrows a little is that they indeed MITM https traffic by re-encrypting the traffic and using their own certificate (which is installed as trusted on the phone) on phoneproxy communication. But this is how SSL is supposed to work - if you want to be sure about both sides you will also need client-side certificates.
This is *not* how SSL is supposed to work. Any certificate authority that is forging certificates for other people's web servers is not one that should be trusted. Essentially, Nokia is lying to the web browser and saying that they are actually Amazon.com or whoever you are making a secure connection with. By fraudulently representing that they are Amazon.com or whoever, they are intercepting your passwords to these sites. Client side certificates would not help in this case because the client is controlled by Nokia. So, they would have a copy of your client side certificates as well.
Re:Many mobile browsers do this. (Score:4, Informative)
Re:Many mobile browsers do this. (Score:5, Informative)
They shouldn't be doing it for HTTPS traffic, though. That's straight-up a MITM attack that allows gathering of info (credentials, bank info, HIPAA info etc.), that should not be viewable to anyone outside of the user and the site he's connecting to. Despite Nokia's TOS, they could be in trouble legally here.
No, it's not a MITM attack. From the sound of it, that's exactly how the browser was always intended to work. I haven't used the Nokia browser, but the Opera Mini "browser" isn't actually a browser properly speaking, it downloads everything onto Opera's servers, renders it, compresses it to an image file, and sends it to the phone (reduces bandwidth and CPU costs). It does this to HTTPS and HTTP connections alike (couldn't use HTTPS without it at all). I'm guessing that is exactly what the Nokia browser is doing too. There's no legal trouble with doing that, at least if they aren't recording the data (Opera doesn't, I'd assume Nokia doesn't either). FFS, Wikipedia lists the damned browser as a proxy-based one, as does Nokia's website. It's like being surprised your browser can see the passwords you type into a website. Can't be an "attack'" if they publicly inform you that's how the thing works.
Re:httpS (Score:4, Informative)
No he hasn't. You've completely misunderstood.
1) It's still a HTTPS connection, which means the browser still needs a valid certificate for the domain it is connecting to.
2) There is no way the proxy can do any prerendering unless it can actually decrypt the stream.
This means the proxy has to run two separate HTTPS connections phone->proxy and proxy->server. The proxy doesn't have the SSL certificate installed for the real website - so it has to generate its own one for the domain on-the-fly so that the phone doesn't display an error about invalid certificates. The ONLY way that can be done is for Nokia to have created their own Certificate Authority to sign these on-the-fly certificates and ships these phones with this certificate installed by default.
a) You become entirely reliant that the proxy correctly checks the SSL certificate of the web server your're connecting it
b) It will be unable to verify any certificates signed any unknown CAs including ones you have created yourself for personal or corporate use
c) If their CA private key is cracked/leaked all your phone HTTPS sessions are insecure (and it will be accessible to at least all Nokia sysadmins working on the proxy servers)
d) Since the stream gets decrypted and reencrypted on the proxy as it prerenders, it is trivial to spy on or modify sessions there. It's completely different from a router forwarding encrypted packets without being able to look inside them.
c & d mean you become extremely vulnerable to insider jobs or hackers attacking the proxies.
This is exactly a man-in-the-middle attack, albeit a 'trusted' and 'innocent' one. But by deliberately engineering such a system gives you a single point that you can attack to break every encrypted sessions for all Nokia phones!
Real CAs have a lot of security systems in place to make sure the CA private key never gets leaked, since if it is the entire CA is broken and would need to be revoked and all certificates reissued. That means dedicated signing servers accessible by a elite select trusted few, and all other interfaces submitting CSRs and getting the CRT but never getting access to the signing key. That's simply not possible on this kind of proxy system, since every proxy server needs the private key installed and readable by the proxy software at all times. The sheer load means it wouldn't be possible to have a small group of servers signing every request, so you end up having to put a lot of trust in servers directly connected to the 'net.
Whether they cache by default is irrelevant. Just because their system doesn't do it by design doesn't mean a hacker/insider couldn't modify it to do so. Plus if they have copied the server's private keys from the proxy then they only need to capture the HTTPS session to the phone on any network it passes through and will be able to decrypt it after-the-fact.