Nokia Redirecting Traffic On Some of Its Phones, Including HTTPS

An anonymous reader writes "On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic on some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any other usernames and passwords you use to login to services on the Internet. Last month, Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a proxy, instead of directly hitting the requested server. The connections are either redirected to Nokia/Ovi proxy servers if the Nokia browser is used, and to Opera proxy servers if the Opera Mini browser is used (both apps use the same User-Agent)."

Re:Quick note

[hawguy]

Note before anyone says anything: this isn't related to Windows Phone or Microsoft.

Obviously, Microsoft is behind this to push users to Windows Phone.

Re:httpS

[fatphil]

They are the middle and the endpoint. Without any proxying, you only have to trust their client on your terminal. With the proxy, you also have to trust their proxy on their server.

Fortunately, no servers have ever been hacked, and nobody's ever written an insecure proxy, so that worry can be dismissed.