Nokia Admits Decrypting User Data But Denies Man-in-the-Middle Attacks
Nokia has rejected claims it might be spying on users’ encrypted Internet traffic, but admitted it is intercepting and temporarily decrypting HTTPS connections for the benefit of customers.
A security professional alleged Nokia was carrying out so-called man-in-the-middle attacks on its own users. Gaurang Pandya, currently infrastructure security architect at Unisys Global Services India, said in December he saw traffic being diverted from his Nokia Asha phone through to Nokia-owned proxy servers.
Pandya wanted to know if SSL-protected traffic was being diverted through Nokia servers too. Yesterday, in a blog post, Pandya said Nokia was intercepting HTTPS traffic and could have been snooping on users’ content, as he had determined by looking at DNS requests and SSL certificates using Nokia’s mobile browser.
“When checked, the DNS request was sent for ‘cloud13.browser.ovi.com’ which is same host where we had seen even HTTP traffic being sent,” he wrote.
“It is evident … that even HTTPS requests are also getting redirected to Nokia/Ovi servers, which raises a question about [the] certificate that [is] being received from Nokia’s servers and [the] trusted list of certificates in Nokia [phones].
Having checked the trusted certificates list in the phone, the researcher found Nokia had pre-configured the device to trust certificates sent from its servers. “Which is the reason why there are no security alerts being shown during this man-in-the-middle attack by Nokia,” he added.
“From the tests that were preformed, it is evident that Nokia is performing man-in-the-middle attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.”