Slashdot Mirror
Nokia Admits Decrypting User Data Claiming It Isn't Looking
judgecorp writes "Nokia has admitted that it routinely decrypts user's HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn't convince security researcher Gaurang Pandya, who accuses the company of spying on customers."
From the article, Nokia says: "'Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner. ... Nokia has implemented appropriate organisational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.'"
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
Then you would have looked somewhat better. Now you're worse than Dropbox.
security researcher Gaurang Pandya
What are this guy's credentials apart from being a guy with a blog?
Amazon Silk browser does the same, Opera mini does the same, what's with this jumping on the Nokia hate bandwagon? Perhaps they should stop proxying HTTPS traffic, but remember in third world countries data comes at a HUGE premium, so these services are a god send, especially with a lot of sites moving to HTTPS by default. I would hope that Opera/Amazon/Nokia are atleast as credible as your ISP though it's an additional point of failure.
This space for rent.
Big data is caught doing something it shouldn’t. Big data claims “no harm no fowl”. The point is not that it isn’t hurting anyone, nor why they are doing it but the fact that they are creating a security breach in doing so.
Yes, we're opening your mail, but we're not LOOKING at it. We're just making sure you aren't wasting paper and ink.
We don't access your personal information with our closed source NSA backdoors, we just plug this strange Narus device into our routers.
The reason Nokia is able to do this is that they control the browser. According to the article browsers on Nokia phones are delivered with a certificate, that allows Nokia to perform this MITM attack. They call it a feature and provide a plausible explanation of what benefit it has for the users. However enabling such a risky feature without user consent is a really bad move and means users should no longer trust Nokia products as much as they have done in the past.
Do you care about the security of your wireless mouse?
or subpoena is all it will take and they will be recording all that information without telling anyone.
What countries does Nokia do business in? Do you trust the courts in all of them?
Isn't that the whole point of HTTPS, to ensure that a man-in-the-middle attack (in this case, a probably benign proxy) is impossible?
Also, why? Doesn't every website now compress html/css/js with mod_gzip?
All the more reason to use open source software and not buy phones that have opaque software on them. Cyanogenmod is the way to go. Or maybe in a few months Tizen or Ubuntu.
Get a BlackBerry.
Blast them all you want for getting left behind in the app ecosystem but iOS, Android, and WP can't hold a candle to RIM's security.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
I think a bigger concern with this type of stuff is the potential for someone to gain access to the decrypted streams. They would have access to a treasure trove of personal information. While this type of activity can come from an external source, the biggest vector is from internal staff. I would not be comfortable having something being operated by Nokia etc. having full access to my sessions. How often do we see headlines describing xx number of people's personal information being compromised... by BIG companies who most would have assumed would be experts at security.. Another big problem with this is that people using these devices ASSUME that their sessions are secured between their end and the end point (a bank, online retailer, etc) because this is what they have been told time and again by experts in trying to educate the masses. If a device is going to intercept these historically secured point to point sessions, a warning / disclaimer should pop up for each session explaining (in clear, short terms) what is happening..
I understand and accept the good intentions and reasoning behind this approach but good intentions have so often been the cause for bad results..
Fowl.
I find it disturbing the increasing audacity of large organization who get caught with their hands in the cookie jar and put it off as "I know my hand is in there, but I'm really not going to take a cookie." It reminds me of the Instagram "Sign over the rights for us to sell your pictures, but we're not going to sell your work."
Buck buck
if this were in the UK then this would be illegal under RIPA. Nokia is a third party (i.e. they aren't a network provider) to their interception of this traffic would be illegal without a court order or informed connect.
If a "browser" does its work inside their remote server then what you have is a remote viewer and they are the ones with the real browser. The problem is that all the security is in the actual browser part, and none in the remote viewer.
except your email goes through RIM's mail servers. You don't download your email from your mail server to your phone directly. RIM could be reading all your email.
Dear god. Is this what corporations do instead of serious engineering work to debloat the network stacks, drivers and hardware or start implementing things like TCP Fast Open? :-|
Another example where fixing bufferbloat needs a strong front because people will start doing the wrong things when trying to fix something.
Just as BitTorrent-induced latency was made the culprit of slow networks and caused people to think it's good to go away from Net Neutrality and charge premium for a premium experience. Nonsense!
...who were claiming that this was perfectly innocent and harmless in the last post on the subject. Care to weigh in this time? Seeing as how many of you claimed that Nokia couldn't, or wouldn't, do anything of the sort with SSL traffic out of fear of "jail" and other non-existent threats? Is it still perfectly good and innocent now that they're actively _decrypting_ your SSL traffic?
Wrong profile linked. Correct profile. Stupid misclick. Ugh. In other news, his background is not a software developer, but a network admin with some cisco experience. Like many in that area of IT, there is some exposure to security. I wouldn't call him an expert in MIM attacks, but he's not a layperson either.
#fuckbeta #iamslashdot #dicemustdie
...my ass
Right up until the government shows up and demands that they send all the traffic to them first, and forbids them from notifying their customers.
Looks like Big Brother got caught with his hand in the cookie jar yet again.
This all sounds a lot like Homeland Security snooping to me. I am quite confident that I am not the only one to see it that way,either.
Why else would you have to Actively Decrypt the data, if not for spying purposes?
Compression for speed? Really? You expect us to buy that?
There is no point to this post. If you don't trust Nokia, then why are you using their phone? The same story could be run for *every* manufacturer of a phone or web browser. You have to trust the manufacturer, otherwise it's game over. Do you think that proxying traffic is the only way that the phone maker can spy on you? Naive.
Nokia executives:
Please send me all your super sensitive and secret documents. I promise I won't look at them.
This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret.
Any web page retrieved through HTTPS is parsed into an unencrypted DOM within the web browser. You have to trust that the browser publisher knows what it is doing and how to keep a secret.
Nokia says none of their staff is looking at unencrypted data.
They don't say "no one", my guess is they are handing off that data to other "entities".
Wasn't it Benjamin Franklin who said "They who can give up essential security to obtain a little speed increase, deserve neither security nor speed"?
... if you have private data on Apple software.
At the risk of rehashing the drowned-out explanations from yesterday, Nokia admits this *on the box*. This isn't like adding a wild card cert into a Web browser: this is exactly the behaviour that Nokia advertises for these devices on their Web site, on the box, in the manual, and in their marketing material. This is the same thing Opera Mini has been doing for about a decade.
This isn't a full-blown on-device browser. This is a viewer for data that is pulled and rendered "in the cloud" as the kids say today, compressed and sent to end user devices in an optimized manner (just like Opera Mini, or Opera in "Turbo" mode iirc). This is a browser included on lower-end (lower spec, lower-developed markets generally) phones by Nokia and designed to reduce costs where bandwidth is poor and expensive. This used to be normal in the first world as well (if you consider Europe/US first-world in mobile telephony).
tldr;
Doesn't this violate the DMCA?
I don't know the meaning of the word 'don't' - J
Not really, it's relatively trivial to establish a man in the middle attack if you completely control the communication channel. A requests a secure channel to B from C. Instead C establishes a secure channel with A *claiming* that it's B, while also establishing a secure channel to B claiming that it's A. Theoretically any node your connection passes through could do this, but given the fluidity of internet routing algorithms only the ISPs at either end are likely to be able to actually pull it off. Or any routers between them and the actual computers that are doing the talking of course.
That's why they tell you never to do internet banking, shopping, etc. at an internet cafe or other open hotspot - a fully controlled malicious data channel can do whatever it wants, and how are you going to detect it? All the validation has to go through them.
In the case where you have vendor-controlled browsers or proxy servers it's even easier, but basically those are just additional nodes your data is guaranteed to pass through.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
If you don't trust Nokia to not snoop on your data then why are you carrying around a device made by Nokia that contains a camera and a microphone and a cellular connection to the internet (and probably a gps though I don't know the details of Nokia's phones)?
The user makes what he believes to be an encrypted connection. Nokia interposes their server into this connection without the user's knowledge and decrypts their data (both ways), and then claims this is perfectly OK, since they're doing it to optimize bandwidth or such. whether they make use of the information or not, they are intercepting and decrypting a connection the user believes to be private.
This seems awfully like wiretapping and unauthorized interception of data communications. If it isn't illegal to decrypt an encrypted transaction if you are not the intended recipient, perhaps it should be. I'd wager it *is* illegal under EU data protection laws, but IANAL. It's probably OK in the US, due to some obscure law permitting just this activity, passed at the request of some large corporation.
This seems like it will be common place as cloud based web rendering becomes popular to save people "bandwidth".
Kindle: http://www.zdnet.com/blog/networking/amazons-kindle-fire-silk-browser-has-serious-security-concerns/1516
Amazon Silk's terms and conditions state that Amazon will keep your the Web addresses you visit, the IP addresses you use, and your Kindle Fire's unique media access control (MAC) addresses for 30 days. With that information, Amazon can track your every Web move.
On top of that, when you lock into a site that uses Secure-Socket Layer (SSL) or HTTPS for security, EC2 will handle that for you as well. According to the Silk FAQ, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./ Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist."
Amazon will do this by acting as man-in-the-middle (MTM) SSL proxy. That's fine if you trust Amazon. I'm not sure I do. I'm not crazy about extending my trust to any large corporation. I have to trust my ISP, they connect me with the net, I don't want to extend my trust much farther than my ISP.
What happens with random law enforcement officials subpoena Nokia's IT department?
The browser here has a Nokia cert pre-installed AND uses that cert to make you THINK you are talking to the bank when in actual fact you are talking to Nokia AND will ALSO lie to you about the certificate being used to secure your connection (tell you you're using the cert given by your bank when you're actually using the cert given by Nokia).
So you need a browser to
a) install their cert.
b) make it impossible to REMOVE that cert.
c) make the browser LIE about which cert it is using.
d) make the browser always go to your machine where you do the MITM attack.
in "channel", yes. However...
The whole point of SSL is that you don't have to trust the communications channel (i.e. everything
between your box and the server at the other end). The magic is that the client can encrypt a secret
using the server's public key that only the server can decode. This secret is used to generate subsequent
keys, so if the server cert and public key are valid (i.e. correct AND PRIVATE) then you are sure you
are communicating with the server and only that server. The whole point of the key exchange is to prevent MITM attacks,
which it does if done correctly -- i.e. the client only has certs it trusts, and the server doesn't share
its private keys with anyone.
You can do even better with smartcards.
"It's a feature"
http://www.zdnet.com/nokia-hijacks-mobile-browser-traffic-decrypts-https-data-7000009655/
So those previously claiming "Not MITM, Nothing To See", where are you?
Where are you saying "OK, I was wrong"?
If that had told us about this, then there wouldn't have been any posts saying "This isn't a MITM". Nobody using that very page as "proof" that this isn't a MITM attack.
If you had posted that this was a non story or false previously, you are now proof of your own error.
We only require Nokia to decrpt the data so we can log all user activities that's all. It's used for CIA, FBI and other third party agencies but it's safe.
I get how it all works, but what happens when the real endpoint certificate isn't trusted by Noikia's proxy? If your browser sees Nokia's certificate, and already trusts it, you have no visibility to the validity of the certificate on the website you are trying to access. Nokia's proxy will either fail if the certificate isn't trusted (according to _their_ list of trusted CA's, not yours) or always succeed without telling the user that the certificate is invalid (eg because dns poisoning has lead you to a Russian website that looks exactly like your bank). Neither way is consistent with the current browsing experience where the browser says "hey this certificate isn't currently trusted. What do you want to do about it?"
In a corporate setting it is quite reasonable to run your own private certificate authority and distribute the CA to your own devices, but it seems not if one of those devices is a Nokia.
Who audits the datacenters of the major SSL CAs? The trust given to the operator of an HTTPS proxy isn't that much more than the trust granted to Symantec or Comodo or Go Daddy or StartCom or any other root CA.
They are pretending to be your bank to you, and pretending to be you to your bank.
This is illegal.
Twice.
Big whoop.
Really, why do they HAVE to do compression?
Your post is rather like telling the Officer "If I don't go 140mph, then how am I supposed to get to where I'm going in half an hour?".
They wanted access to all that encrypted (now decrypted) data.
Be seeing you...
From their response, it is clear that they still do not understand what secure connections are for. They seem to want to assure customers that their data is not examined or stored by the company at all, which is hardly even relevant. The point of https is to establish a secure connection with two endpoints. Period. I would not worry about Nokia, but some government or criminal syndicate using Nokia's proxy security hole to ruin my life or spy on me. There are a few outfits doing this with https now, and they don't understand why https wants to work the way that it does!
I am embarrassingly, British. In origin as well as decent. Unfortunately however I suffer from dyslexia, I have friends who despite not suffering dyslexia would proudly state that “dyslexia is just an excuse for bad grammar”. Getting mistaken between two words that look similar and sound the same yet have different meanings is common, although usually solved by a quick Google if I’m not being lazy. In this case it could have saved me some embarrassment, however word could have also been more helpful in pointing out the elephant, or should I say poultry in the room regarding that last sentence.
So please be patient with those people you come across who may be dyslexic, especially if they spell most things correctly, they may be trying harder than you think.
Or the one similar can put an end to this ?