Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Nokia Smartphones Leak E-mail Passwords

Posted by ScuttleMonkey on from the lazy-engineers dept.

Noksu writes "Despite of the recent plunge in Nokia's profits, the company is doing well in the surveillance business. The infamous 'Lex Nokia' got ratified in Finland and the company has launched a massive Nokoscope research project for data gathering. In the meantime Nokia's new smartphones forward e-mail account credentials to a remote server. Surprisingly enough, this is done in HTTP request headers. The company has been informed, but there has not been an official statement yet. Time for class action suit in the US?"

5 of 94 comments (clear)

  1. Re:Non-issue? by Nos. · · Score: 5, Insightful

    I guess Nokia getting your email account credentials isn't an issue for you.

  2. Re:Non-issue? by InsertWittyNameHere · · Score: 5, Insightful

    If you setup an email on your Blackberry with BIS (not BES) then RIM has your credentials.

    Why is it an issue now with only Nokia?

  3. Re:Solution: by tritonman · · Score: 4, Insightful

    After reading the article, it doesn't seem that it uses the HTTP headers, it appears to use actual URL parameters, which is probably 100x worse. Either way, if it sends plain text passwords, that's just idiotic.

  4. Re:Solution: by janeuner · · Score: 3, Insightful

    In the clear? No.

    In apache access logs? muahahah....

  5. Re:An issue. by Culture20 · · Score: 4, Insightful

    it is still not such a big deal.

    Not a big deal to have your credentials sent to a third party? What if Nokia's wizard used a Finnish government server instead?
    What if a Chinese-made phone was sending username/password to a Chinese government server?
    What if Antti Järjestelmävalvojanen, a (fictitious) Nokia network admin, starts storing them on his thumb drive?