Nokia Redirecting Traffic On Some of Its Phones, Including HTTPS 200
An anonymous reader writes "On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic on some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any other usernames and passwords you use to login to services on the Internet. Last month, Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a proxy, instead of directly hitting the requested server. The connections are either redirected to Nokia/Ovi proxy servers if the Nokia browser is used, and to Opera proxy servers if the Opera Mini browser is used (both apps use the same User-Agent)."
So...um... (Score:3, Insightful)
Are they actively trying to kill the company? I have to ask, because it really seems as if that's their goal.
Many mobile browsers do this. (Score:5, Insightful)
Re:So...um... (Score:5, Insightful)
The Opera and Silk (Amazon) browsers channel their data through to home servers to render most of the page there and is especially useful for situations with high bandwidth but low end CPU.
This is how most i things render Flash video, incidentally -- it replaces the flash object with a transcoder on their own servers.
Non-story. Yawn.
Re:httpS (Score:2, Insightful)
It's their phone
No. It was their phone. Then they sold it to someone else.
My employer just started doing this also. (Score:4, Insightful)
Doesn't this open them up to all kinds of legal problems? I mean if my bank account gets compromised after I use my nokia phone to check my balance, would I not have a pretty good cause for lawsuit?
Re:Many mobile browsers do this. (Score:5, Insightful)
They shouldn't be doing it for HTTPS traffic, though. That's straight-up a MITM attack that allows gathering of info (credentials, bank info, HIPAA info etc.), that should not be viewable to anyone outside of the user and the site he's connecting to. Despite Nokia's TOS, they could be in trouble legally here.
Re:Many mobile browsers do this. (Score:5, Insightful)