Naughty Nokia

  • (2 Pages)
  • +
  • 1
  • 2

21 Replies - 6287 Views - Last Post: 14 January 2013 - 07:48 AM

#1 h4nnib4l  Icon User is offline

  • The Noid
  • member icon

Reputation: 1181
  • View blog
  • Posts: 1,673
  • Joined: 24-August 11

Naughty Nokia

Posted 10 January 2013 - 01:49 PM

So apparently Nokia has been caught decrypting HTTPS traffic, ostensibly for its customers good. Here's the entire article: cite.

Quote

Nokia has since responded by confirming that it shifts HTTPS requests from its Asha and Lumia handsets to Nokia’s own proxy servers, decrypts the data, compresses it, and sends back the appropriate response.


You mean you did it for me? Well shucks, that was sweet of you.

Quote

As Gaurang Pandya, the researcher who discovered the flaw, points out, the flaw here is that Nokia has configured these devices to trust certificates it issues — and therefore not throw warnings that HTTPS traffic is being hijacked.

...

This is rather more serious than the question of whether or not Nokia is stealing credit card data. By circumventing the security measures that are supposed to tell people they’re communicating with the server they think they’re communicating with, Nokia has made itself the single point of failure for customers who use these devices. The phones in question have been configured not to warn users that their web traffic has been compromised by what amounts to a man-in-the-middle attack.


However, this can be circumvented by simply not using Nokia's browser. So it can be avoided. I've been waiting for upgrade eligibility to get a new phone, and I wanted to try out the Lumia 920, but this really makes me question that. What do you guys think? Deal breaker due to the blatant disregard for security? Or just dumb but easy enough to circumvent that it's only an afterthought? I don't know if you can change the default browser on those phones, but that would definitely be an issue for me.

Is This A Good Question/Topic? 0
  • +

Replies To: Naughty Nokia

#2 AnalyticLunatic  Icon User is offline

  • D.I.C Lover

Reputation: 221
  • View blog
  • Posts: 1,030
  • Joined: 25-June 12

Re: Naughty Nokia

Posted 10 January 2013 - 01:55 PM

Definitely sketchy enough to make me question using their phones. Personally I'm a Motorola Droid-Line fan though.
Was This Post Helpful? 0
  • +
  • -

#3 h4nnib4l  Icon User is offline

  • The Noid
  • member icon

Reputation: 1181
  • View blog
  • Posts: 1,673
  • Joined: 24-August 11

Re: Naughty Nokia

Posted 10 January 2013 - 02:06 PM

I've played with plenty of Androids (but never owned one), but I'm really interested in picking up a Windows phone. It's an obvious starting point for me for mobile development (I develop exclusively in .NET), and it's something I haven't even played with. These phones are all pretty much the same, but at least the Nokia differentiated itself by having a good camera. Apparently it also differentiates itself by circumventing web security.
Was This Post Helpful? 0
  • +
  • -

#4 AnalyticLunatic  Icon User is offline

  • D.I.C Lover

Reputation: 221
  • View blog
  • Posts: 1,030
  • Joined: 25-June 12

Re: Naughty Nokia

Posted 10 January 2013 - 02:09 PM

All my smartphones to date have been Android, specifically the Droid-X. This will probably continue until the Motorola Razr Maxx HD comes down in cost from it's mighty price of $300.00 w/2yr Contract. Mainly interested in it due to it's quoted 32hrs of Battery Life.

If I ever pick up a secondary line, I'd probably be willing to try out a Windows phone myself. I'm also a purely .NET developer at the moment. I've heard a few good things about Windows phones, but personally haven't used any.
Was This Post Helpful? 0
  • +
  • -

#5 Ticon  Icon User is offline

  • D.I.C Regular

Reputation: 28
  • View blog
  • Posts: 320
  • Joined: 20-August 09

Re: Naughty Nokia

Posted 10 January 2013 - 03:55 PM

I prefer droids, simply because you can delete anything you want when rooted.
Was This Post Helpful? 0
  • +
  • -

#6 farrell2k  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 822
  • View blog
  • Posts: 2,529
  • Joined: 29-July 11

Re: Naughty Nokia

Posted 10 January 2013 - 07:34 PM

Almost as bad as their tax evasion.
Was This Post Helpful? 0
  • +
  • -

#7 alicemenezes  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 16
  • Joined: 09-January 13

Re: Naughty Nokia

Posted 11 January 2013 - 01:50 AM

So...I don't understand. Does that count as a security invasion?
Was This Post Helpful? 0
  • +
  • -

#8 calvinthedestroyer  Icon User is offline

  • D.I.C Lover

Reputation: 167
  • View blog
  • Posts: 1,908
  • Joined: 13-October 07

Re: Naughty Nokia

Posted 11 January 2013 - 04:20 AM

Maybe we should all switch back to cans and string...
Was This Post Helpful? 1
  • +
  • -

#9 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,596
  • Joined: 16-October 07

Re: Naughty Nokia

Posted 11 January 2013 - 04:54 AM

View Postalicemenezes, on 11 January 2013 - 03:50 AM, said:

So...I don't understand. Does that count as a security invasion?


It is technically a man-in-the-middle attack.

Some proxy servers do this, allowing for consistent enforcement of proxy rules. Otherwise, once https is established, the proxy can't seem what's going on.

You can argue that Nokia is using a proxy to better serve their customers, but it still means they can see data you assumed was only visible to site you were talking to.
Was This Post Helpful? 0
  • +
  • -

#10 h4nnib4l  Icon User is offline

  • The Noid
  • member icon

Reputation: 1181
  • View blog
  • Posts: 1,673
  • Joined: 24-August 11

Re: Naughty Nokia

Posted 11 January 2013 - 05:57 AM

And, as the article points out, now Nokia is the single point of failure for all of the secure web traffic on its servers. There is a single place where all HTTPS traffic on its devices is decrypted. That's just bad security practices. Their intentions aren't nefarious, but that doesn't mean it's a good thing to do.
Was This Post Helpful? 0
  • +
  • -

#11 j4v3d  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 52
  • Joined: 24-November 12

Re: Naughty Nokia

Posted 11 January 2013 - 10:43 AM

I'm surprised Nokia still even exist, they must be down there in the markets, I mean its all about Apple, Samsung and HTC's now.
Was This Post Helpful? 0
  • +
  • -

#12 farrell2k  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 822
  • View blog
  • Posts: 2,529
  • Joined: 29-July 11

Re: Naughty Nokia

Posted 11 January 2013 - 11:32 AM

View Postj4v3d, on 11 January 2013 - 05:43 PM, said:

I'm surprised Nokia still even exist, they must be down there in the markets, I mean its all about Apple, Samsung and HTC's now.


I think Nokia is still the number two mobile device manufacturer in the world, behind samsung.
Was This Post Helpful? 0
  • +
  • -

#13 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,596
  • Joined: 16-October 07

Re: Naughty Nokia

Posted 11 January 2013 - 12:46 PM

They've been dropping like a stone since iPhone. Samsung, who recently passed Apple, are stamping on their grave.

Quote

In the third quarter, Nokia held on to a 4 percent share of the global smartphone market, and was ranked a distant No. 10 in the sector, according to Strategy Analytics, a research firm.

Samsung and Apple, the No. 1 and No. 2 smartphone makers, together had 50 percent of the global smartphone market, and their sales were growing. While its competitors rose, Nokia has generated nearly 5 billion euros ($6.5 billion) in losses under Mr. Elop, and eliminated a third of its work force.
-- http://www.nytimes.c...-line.html?_r=0

Was This Post Helpful? 0
  • +
  • -

#14 shintetsu_80  Icon User is offline

  • D.I.C Head

Reputation: 31
  • View blog
  • Posts: 105
  • Joined: 01-July 08

Re: Naughty Nokia

Posted 11 January 2013 - 12:52 PM

When I first read the topic heading I was expecting to see some dirty pics of Nokia phones. Is that weird?
Was This Post Helpful? 0
  • +
  • -

#15 h4nnib4l  Icon User is offline

  • The Noid
  • member icon

Reputation: 1181
  • View blog
  • Posts: 1,673
  • Joined: 24-August 11

Re: Naughty Nokia

Posted 11 January 2013 - 12:59 PM

Yes.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2