Forgot your password?
typodupeerror
Security Technology

Nokia Redirecting Traffic On Some of Its Phones, Including HTTPS 200

Posted by Soulskill
from the you-can-trust-us dept.
An anonymous reader writes "On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic on some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any other usernames and passwords you use to login to services on the Internet. Last month, Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a proxy, instead of directly hitting the requested server. The connections are either redirected to Nokia/Ovi proxy servers if the Nokia browser is used, and to Opera proxy servers if the Opera Mini browser is used (both apps use the same User-Agent)."
This discussion has been archived. No new comments can be posted.

Nokia Redirecting Traffic On Some of Its Phones, Including HTTPS

Comments Filter:
  • So...um... (Score:3, Insightful)

    by grasshoppa (657393) <skennedy&tpno-co,org> on Wednesday January 09, 2013 @03:52PM (#42536129) Homepage

    Are they actively trying to kill the company? I have to ask, because it really seems as if that's their goal.

  • by Kenja (541830) on Wednesday January 09, 2013 @03:53PM (#42536141)
    Is this different then the acceleration offered by Amazon on the Kindles or other browsers? I know that in Amazons case it can be turned off, but they use a proxy so that the can recompress images and run scripts off of the mobile device. I know of one or two third party browsers including Opera Mobile that do much the same thing.
  • Re:So...um... (Score:5, Insightful)

    by Anonymous Coward on Wednesday January 09, 2013 @03:57PM (#42536227)

    The Opera and Silk (Amazon) browsers channel their data through to home servers to render most of the page there and is especially useful for situations with high bandwidth but low end CPU.

    This is how most i things render Flash video, incidentally -- it replaces the flash object with a transcoder on their own servers.

    Non-story. Yawn.

  • Re:httpS (Score:2, Insightful)

    by Anonymous Coward on Wednesday January 09, 2013 @04:05PM (#42536419)

    It's their phone

    No. It was their phone. Then they sold it to someone else.

  • by codewarren (927270) on Wednesday January 09, 2013 @04:07PM (#42536453)

    Doesn't this open them up to all kinds of legal problems? I mean if my bank account gets compromised after I use my nokia phone to check my balance, would I not have a pretty good cause for lawsuit?

  • by Anonymous Coward on Wednesday January 09, 2013 @04:20PM (#42536707)

    They shouldn't be doing it for HTTPS traffic, though. That's straight-up a MITM attack that allows gathering of info (credentials, bank info, HIPAA info etc.), that should not be viewable to anyone outside of the user and the site he's connecting to. Despite Nokia's TOS, they could be in trouble legally here.

  • by Anonymous Coward on Wednesday January 09, 2013 @05:02PM (#42537497)
    If you open an SSL connection, I think most people assume that the protocol is working as intended, and ONLY the sender and the receiver have knowledge of the exchange. It *IS* an active MITM attack; they have done exactly what an attacker would do. Why the HELL should I trust Nokia's certificate? Do they run a CA using industry standard practices that assure the identity of the sites on the other side of the connection? No? Then get their freaking certificate OFF of my trust list!

"Don't talk to me about disclaimers! I invented disclaimers!" -- The Censored Hacker

Working...