Slashdot Mirror
Nokia Admits Decrypting User Data Claiming It Isn't Looking
judgecorp writes "Nokia has admitted that it routinely decrypts user's HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn't convince security researcher Gaurang Pandya, who accuses the company of spying on customers."
From the article, Nokia says: "'Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner. ... Nokia has implemented appropriate organisational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.'"
Then you would have looked somewhat better. Now you're worse than Dropbox.
security researcher Gaurang Pandya
What are this guy's credentials apart from being a guy with a blog?
Amazon Silk browser does the same, Opera mini does the same, what's with this jumping on the Nokia hate bandwagon? Perhaps they should stop proxying HTTPS traffic, but remember in third world countries data comes at a HUGE premium, so these services are a god send, especially with a lot of sites moving to HTTPS by default. I would hope that Opera/Amazon/Nokia are atleast as credible as your ISP though it's an additional point of failure.
This space for rent.
Big data is caught doing something it shouldn’t. Big data claims “no harm no fowl”. The point is not that it isn’t hurting anyone, nor why they are doing it but the fact that they are creating a security breach in doing so.
Yes, we're opening your mail, but we're not LOOKING at it. We're just making sure you aren't wasting paper and ink.
We don't access your personal information with our closed source NSA backdoors, we just plug this strange Narus device into our routers.
The reason Nokia is able to do this is that they control the browser. According to the article browsers on Nokia phones are delivered with a certificate, that allows Nokia to perform this MITM attack. They call it a feature and provide a plausible explanation of what benefit it has for the users. However enabling such a risky feature without user consent is a really bad move and means users should no longer trust Nokia products as much as they have done in the past.
Do you care about the security of your wireless mouse?
Isn't that the whole point of HTTPS, to ensure that a man-in-the-middle attack (in this case, a probably benign proxy) is impossible?
Also, why? Doesn't every website now compress html/css/js with mod_gzip?
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
They control the browser. According to the article, the necessary certificate is installed on phones as Nokia ships them.
Do you care about the security of your wireless mouse?
On their own phones, they just install a browser and their own trusted wildcard cert.
Then anything you browse to, the browser trusts and encrypts but just to the "wrong" destination.
On any decent machine, or decent browser under your own control, you wouldn't let it happen. And if you did, SSL would be similarly "broken".
SSL is a trust mechanism only. If your phone trusts Nokia, the padlock icon means nothing beyond that you're talking to Nokia. If your phone DIDN'T trust Nokia, it wouldn't be an issue and they would have to pass your traffic through unchanged (and still encrypted!) to the destination servers or risk SSL warnings on your browser.
This is why you don't ignore browser certificate warnings, and why you NEVER install a certificate on your computer (or allow software to). I've seen software that installs a trust certificate for the vendor when installed (as administrator), that would be show up and be allowed in the IE certificate store too (so browsing to any site with a cert signed by that cert would let you think you were talking to Google, etc.)
See also Google's TURKTRUST issue lately - if you trusted TURKTRUST, you thought you were talking to Google and weren't. If you didn't, you would just have got an error and still been secure.
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
I guess if Nokia controls both the proxy server and the mobile device then their implementation of HTTPS can be designed so that the mobile device trusts the fake cert on the proxy server.
Get a BlackBerry.
Blast them all you want for getting left behind in the app ecosystem but iOS, Android, and WP can't hold a candle to RIM's security.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
On their own phones?
Nokia is not selling these devices?
This sort of language that makes it sound as though the OEM is the owner not the purchaser needs to stop.
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
They control the browser. According to the article, the necessary certificate is installed on phones as Nokia ships them.
This is exactly what i was thinking/fearing. This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret. The striking thing is that users obviously have no idea they are handshaking with Nokia instead of their bank, doctor, etc. Are there at least alternate browsers available?
I think a bigger concern with this type of stuff is the potential for someone to gain access to the decrypted streams. They would have access to a treasure trove of personal information. While this type of activity can come from an external source, the biggest vector is from internal staff. I would not be comfortable having something being operated by Nokia etc. having full access to my sessions. How often do we see headlines describing xx number of people's personal information being compromised... by BIG companies who most would have assumed would be experts at security.. Another big problem with this is that people using these devices ASSUME that their sessions are secured between their end and the end point (a bank, online retailer, etc) because this is what they have been told time and again by experts in trying to educate the masses. If a device is going to intercept these historically secured point to point sessions, a warning / disclaimer should pop up for each session explaining (in clear, short terms) what is happening..
I understand and accept the good intentions and reasoning behind this approach but good intentions have so often been the cause for bad results..
Fowl.
I find it disturbing the increasing audacity of large organization who get caught with their hands in the cookie jar and put it off as "I know my hand is in there, but I'm really not going to take a cookie." It reminds me of the Instagram "Sign over the rights for us to sell your pictures, but we're not going to sell your work."
Show me where you can edit the list of trusted SSL certificates and I'll concede and call it a user's phone.
Your idealisms are unfortunately blocked by fact, and that knowledge was reflected in my post.
except your email goes through RIM's mail servers. You don't download your email from your mail server to your phone directly. RIM could be reading all your email.
All you are proving is that no one should be buying these.
It is not idealism to expect a sold product to have been sold. That is how things have worked for my whole life. Even my current smartphone, but I made sure to buy one I could own.
Dear god. Is this what corporations do instead of serious engineering work to debloat the network stacks, drivers and hardware or start implementing things like TCP Fast Open? :-|
Another example where fixing bufferbloat needs a strong front because people will start doing the wrong things when trying to fix something.
Just as BitTorrent-induced latency was made the culprit of slow networks and caused people to think it's good to go away from Net Neutrality and charge premium for a premium experience. Nonsense!
...who were claiming that this was perfectly innocent and harmless in the last post on the subject. Care to weigh in this time? Seeing as how many of you claimed that Nokia couldn't, or wouldn't, do anything of the sort with SSL traffic out of fear of "jail" and other non-existent threats? Is it still perfectly good and innocent now that they're actively _decrypting_ your SSL traffic?
Wrong profile linked. Correct profile. Stupid misclick. Ugh. In other news, his background is not a software developer, but a network admin with some cisco experience. Like many in that area of IT, there is some exposure to security. I wouldn't call him an expert in MIM attacks, but he's not a layperson either.
#fuckbeta #iamslashdot #dicemustdie
The same thing can be (and is) accomplished in normal desktop OSs by adding a CA certificate to the certificate store. It's commonly used in businesses that have an HTTPS proxy as well as an HTTP proxy so they can filter/monitor HTTPS access as well. IIRC there was an Ask Slashdot question about it as well. In any case, no modification of the implementation is needed.
...my ass
Right up until the government shows up and demands that they send all the traffic to them first, and forbids them from notifying their customers.
Show me where you can edit the list of trusted SSL certificates and I'll concede and call it a user's phone.
Your idealisms are unfortunately blocked by fact, and that knowledge was reflected in my post.
Show me a way to allow this without creating a huge potential security hole and I'll concede this should be something that's easy to do.
E pluribus unum
There is no point to this post. If you don't trust Nokia, then why are you using their phone? The same story could be run for *every* manufacturer of a phone or web browser. You have to trust the manufacturer, otherwise it's game over. Do you think that proxying traffic is the only way that the phone maker can spy on you? Naive.
How is easy, as other have said. How legally? That is another matter. As I read it, they are committing a DMCA violation by breaking a security measure. Should be able to go after them for anticircumvention tools, and force them to remove the cirt.
This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret.
Any web page retrieved through HTTPS is parsed into an unencrypted DOM within the web browser. You have to trust that the browser publisher knows what it is doing and how to keep a secret.
HTTPS is only as secure as the implementation. The implementation in their browser deliberately implements it poorly, and accepts Nokia's server saying "yes, I verified the certificate on the remote server" as being valid verification of the cert.
It may be illegal in the US as well, since they are breaking encryption... DMCA
or openmoko.
Uh, my ISP can record all the SSL connections they want, because they can't decrypt what I'm sending.
So are Nokia spending their Microsoft billion on astroturfing Slashdot, or does it just look like they are?
Wasn't it Benjamin Franklin who said "They who can give up essential security to obtain a little speed increase, deserve neither security nor speed"?
Your trust is extended because of the expectations involved. The user/owner of the device is not informed that, unlike his PC or other smart phone devices, Nokia is handling encyption differently. As https is used primarily for the purpose of securing data traffic between the user and their banks or their other services which need security, the expectation has always been that it would not involve the maker of the device which is being used.
I "trust" my car maker to build a good car. I do not "trust" them not to install cameras in it without my knowledge and then tell me later "there are cameras, but we are not looking at the video feed."
tldr;
It may be illegal in the US as well
Just like warrantless wiretapping...oh wait!
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Doesn't this violate the DMCA?
I don't know the meaning of the word 'don't' - J
I don't trust Microsoft in the slightest, but I can use their stuff on my PC because I have the ability to audit and control what comes in and out of my computer. If they try something, either I can discover it myself, or one of a hundred security researchers will be able to find it. Also, the application software encrypting my data is installed by me and under my control and ability to inspect.
The idea with HTTPS is that you know that you *cannot* trust the intervening internet/cellular carrier infrastructure to not be monitored, so you set up an encrypted discussion that can pass through that untrusted domain without being read. Nokia subverting this process for any reason, any reason, renders it pointless because Nokia is now a third party that can read your data, even if they double pinky swear that they won't be evil. I don't want their assurances, I don't want them to even be able to do it, period.
I imagine that most people did not realize that Nokia had subverted the certificates and they think that they are having a more or less safe conversation with their destination... as they would be if Nokia didn't replace the certs.
The same way you do on your computer?
it depends if you count this as breaking encryption.
its more like them running a browser on there server and giving you remote access to this browser. so its not 'breaking' encryption any more than you are when you visit the a HTTPS site.
Not really, it's relatively trivial to establish a man in the middle attack if you completely control the communication channel. A requests a secure channel to B from C. Instead C establishes a secure channel with A *claiming* that it's B, while also establishing a secure channel to B claiming that it's A. Theoretically any node your connection passes through could do this, but given the fluidity of internet routing algorithms only the ISPs at either end are likely to be able to actually pull it off. Or any routers between them and the actual computers that are doing the talking of course.
That's why they tell you never to do internet banking, shopping, etc. at an internet cafe or other open hotspot - a fully controlled malicious data channel can do whatever it wants, and how are you going to detect it? All the validation has to go through them.
In the case where you have vendor-controlled browsers or proxy servers it's even easier, but basically those are just additional nodes your data is guaranteed to pass through.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
If you don't trust Nokia to not snoop on your data then why are you carrying around a device made by Nokia that contains a camera and a microphone and a cellular connection to the internet (and probably a gps though I don't know the details of Nokia's phones)?
Likewise, its debatable whether it counts as 'interception' for the purposes of RIPA.
Yes? Unless you're a tinfoil hat type, you likely know that this has been done for about a decade by opera.
I used to use opera mini ages ago on my old symbian phone. It's a really nice tool to save network traffic costs.
Apple executives:
Please send me all your super sensitive and secret documents. I promise I won't look at them.
Google executives:
Please send me all your super sensitive and secret documents. I promise I won't look at them.
Do you seriously think that any of the widespread modern smartphones don't have far, FAR better ways of spying on you if they wanted to then proxy-browser?
I'm sure some government agents are swearing this morning, "Nokia, you're letting out all our best secrets!"
"Remember when you asked me to tell you when you were being rude and insensitive?"
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
MS-Nokia partnership = it's worth investigating if any aspect of this decryption means that windows software is also accessing the unencrypted data.
The user makes what he believes to be an encrypted connection. Nokia interposes their server into this connection without the user's knowledge and decrypts their data (both ways), and then claims this is perfectly OK, since they're doing it to optimize bandwidth or such. whether they make use of the information or not, they are intercepting and decrypting a connection the user believes to be private.
This seems awfully like wiretapping and unauthorized interception of data communications. If it isn't illegal to decrypt an encrypted transaction if you are not the intended recipient, perhaps it should be. I'd wager it *is* illegal under EU data protection laws, but IANAL. It's probably OK in the US, due to some obscure law permitting just this activity, passed at the request of some large corporation.
This seems like it will be common place as cloud based web rendering becomes popular to save people "bandwidth".
Kindle: http://www.zdnet.com/blog/networking/amazons-kindle-fire-silk-browser-has-serious-security-concerns/1516
Amazon Silk's terms and conditions state that Amazon will keep your the Web addresses you visit, the IP addresses you use, and your Kindle Fire's unique media access control (MAC) addresses for 30 days. With that information, Amazon can track your every Web move.
On top of that, when you lock into a site that uses Secure-Socket Layer (SSL) or HTTPS for security, EC2 will handle that for you as well. According to the Silk FAQ, "We will establish a secure connection from the cloud to the site owner on your behalf for page requests of sites using SSL (e.g. https://siteaddress.com./ Amazon Silk will facilitate a direct connection between your device and that site. Any security provided by these particular sites to their users would still exist."
Amazon will do this by acting as man-in-the-middle (MTM) SSL proxy. That's fine if you trust Amazon. I'm not sure I do. I'm not crazy about extending my trust to any large corporation. I have to trust my ISP, they connect me with the net, I don't want to extend my trust much farther than my ISP.
Uh, the technical solution is... drum roll please... don't conduct man in the middle attacks on SSL sessions.
And my technical solution is... never buy a Nokia phone.
As for 'discrediting the other party', anyone who thinks that a third party cracking my SSL session to my bank is no big deal has already discredited themselves. The fact that we have a dozen or people people in this thread saying it's OK is a clear sign of how far Slashdot has sunk.
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
The flaw isn't in HTTPS; the flaw is in browsers that trust whatever the programmer wants them to trust, as opposed to what the end user wants them to trust.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Yes, this IS wiretapping. I don't care if they've got a tiny tiny line item in their terms of service that say they're doing this, NO ONE expects their https encrypted session with their bank to be in the clear on Nokia's servers.
I'd really really like to see the RCMP charge Nokia Canada's CIO just on principle. Just because big companies have lawyers and huge t.o.s. don't mean they should be treated any differently than joe blow secretly inserting software on his aunt's computer to listen in to her voip conversations.
It may be illegal in the US as well, since they are breaking encryption... DMCA
they're not breaking it. it's just how it works. it's two separate encrypted connections with them rendering the pages into their special sauce code which gets rendered on the phone.
this article could be summed up as "nokia's proxy web browser does exactly what it claims".
somehow people aren't claiming that citrix is breaking dmca if you visit a https site with a browser running in it..
world was created 5 seconds before this post as it is.
Where is this "other entity" of which you speak?
No doubt, everyone is thinking NSA/CIA/FBI. But Nokia isn't a US company and there's no reason to expect that they'll intercept US user's data on a US server. Or an Indian user' inside India. It would be a simple matter for them to direct HTTPS traffic through a nation with little regard (or laws) for privacy protection or espionage.
Have gnu, will travel.
There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.
They control the browser. According to the article, the necessary certificate is installed on phones as Nokia ships them.
This is exactly what i was thinking/fearing. This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret. The striking thing is that users obviously have no idea they are handshaking with Nokia instead of their bank, doctor, etc. Are there at least alternate browsers available?
If you read the other comments, and also have some understanding how PROXY browsers such as Opera Mini and the Nokia Xpress Browser in question work, you would understand also the scope of this discussions. It is NOT all browsers on Nokia devices, it is only the proxy-based browsers for limited resource devices (S40 devices with small amount of memory), that are unable to run a full-fledged browser for any page beyond simple "hello world" even if they would be able to launch the browser.
So, the facts on the case are:
1) You do not have a full browser on device
2) In order for the device to get "browsing" experience, you need to translate the html-page to a simpler markup, resize the images, etc. that the device can render with the limited amount of cpu and memory it has
3) Nokia or any other proxy browser vendor may choose then to support SSL protected sites by rendering it on the server and securely transferring the translated content to the device, OR not support SSL protected sites at all.
Now whether the choice they made is the correct one, we can debate... But this is NOT for all Nokia devices and all Nokia browsers (they have other webkit-based browsers on Symbian devices, Windows Phone has Microsoft's browser, etc.)
A good point. Yes, as long as you can get their public key through a trusted channel you're good to go. You still need to start a chain of trust somewhere though - if you start out on an "evil" channel there's nothing to stop C from providing their own public key, claiming that it belongs to B, and nothing has fundamentally changed. I presume browsers typically ship with at least a few trusted keys for certification authorities to get you started, so as long as your browser itself hasn't been compromised you should be good to go (and if it has been compromised security keys are the least of your concern)
--- Most topics have many sides worth arguing, allow me to take one opposite you.
http://www.zdnet.com/nokia-hijacks-mobile-browser-traffic-decrypts-https-data-7000009655/
I get how it all works, but what happens when the real endpoint certificate isn't trusted by Noikia's proxy? If your browser sees Nokia's certificate, and already trusts it, you have no visibility to the validity of the certificate on the website you are trying to access. Nokia's proxy will either fail if the certificate isn't trusted (according to _their_ list of trusted CA's, not yours) or always succeed without telling the user that the certificate is invalid (eg because dns poisoning has lead you to a Russian website that looks exactly like your bank). Neither way is consistent with the current browsing experience where the browser says "hey this certificate isn't currently trusted. What do you want to do about it?"
In a corporate setting it is quite reasonable to run your own private certificate authority and distribute the CA to your own devices, but it seems not if one of those devices is a Nokia.
Who audits the datacenters of the major SSL CAs? The trust given to the operator of an HTTPS proxy isn't that much more than the trust granted to Symantec or Comodo or Go Daddy or StartCom or any other root CA.
That just made me think, how will this affect the share of the government's business that Nokia receives? :)
simple, fast homepage with your links: http://www.ngumbi.com/
They wanted access to all that encrypted (now decrypted) data.
Be seeing you...
Same reason Opera also does it https://plus.google.com/114753028665775786510/posts/4s1YbzcCYPB
From their response, it is clear that they still do not understand what secure connections are for. They seem to want to assure customers that their data is not examined or stored by the company at all, which is hardly even relevant. The point of https is to establish a secure connection with two endpoints. Period. I would not worry about Nokia, but some government or criminal syndicate using Nokia's proxy security hole to ruin my life or spy on me. There are a few outfits doing this with https now, and they don't understand why https wants to work the way that it does!
This is why I dislike hardware producers also providing the software. I wouldnt purchase a computing device where I cannot install a selection of 3rd party software. Preferably the 3rd party software should be open sourced so it is difficult for anyone to hide vulnerable routines in the code. It is far to easy for manufacturers to reduce functionality or security in order to further their own interests. Examples: you see this in the chrome browser, where google reduces login security in order to further their own google account login management service and apple products where music selection and ownership is channelled through their own offerings and competing offerings are limited or blocked.