Skip to content


Nokia Man in the middle hacking attack against HTTPS

Treasure Hunt

The statements I have posted on this site are mine alone and do not necessarily reflect the views of Unisys

Tested On

Handset Model Nokia Asha 302
OS Version 14.78 (31-08-12), RM-813
Browsers Tested On Nokia Browser (
OS Type Series 40 (S40)

After discovering that HTTP traffic from the phone is getting redirected through Nokia’s server farm as shown in previous post, the most obvious next step was to check if at least HTTPS traffic is getting its due respect and is being transferred without any intermediate host inspecting it. Due to fact that HTTPS traffic is encrypted before getting transmitted, it is not possible to look at HTTP(S) packet header in order to figure out details as was done in case of HTTP as per previous post. However there are two ways to get an idea of how traffic is flowing.

  1. Check if DNS requests are sent…

View original post 876 more words

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: