Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nokia Admits Decrypting User Data Claiming It Isn't Looking

Posted by Unknown on from the we-won't-peek dept.

judgecorp writes "Nokia has admitted that it routinely decrypts user's HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn't convince security researcher Gaurang Pandya, who accuses the company of spying on customers." From the article, Nokia says: "'Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner. ... Nokia has implemented appropriate organisational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.'"

36 of 264 comments (clear)

  1. What? by recoiledsnake · · Score: 4, Insightful

    security researcher Gaurang Pandya

    What are this guy's credentials apart from being a guy with a blog?

    Amazon Silk browser does the same, Opera mini does the same, what's with this jumping on the Nokia hate bandwagon? Perhaps they should stop proxying HTTPS traffic, but remember in third world countries data comes at a HUGE premium, so these services are a god send, especially with a lot of sites moving to HTTPS by default. I would hope that Opera/Amazon/Nokia are atleast as credible as your ISP though it's an additional point of failure.

    --
    This space for rent.
    1. Re:What? by h4rr4r · · Score: 3, Insightful

      Your ISP cannot decrypt SSL traffic.
      Not everyone lives in a third world nation and surely they should be able to opt out of this.

    2. Re:What? by godrik · · Score: 4, Insightful

      Amazon Silk and Opera mini clearly states that every single connexion goes through them in clear. I do not think nokia does.

      My ISP does not do that. When I negogiate an HTTPS session, my ISP does not intercept it and perform a MITM attack. apparently nokia does.

      That's so much not ok.

    3. Re:What? by godrik · · Score: 3, Insightful

      I know this is slashdot and we do not read much what people so that we can rant and seem smart. But come on, it is written in TFS and TFT (the F-ing title). "Nokia admits decrypting user data." From their own admission, they are performing a MITM attack, that is to say, they are putting themself in the middle of an encrypted connexion making each party believe they are directly and securely talking to each other.

      Whether they clearly explained it to the user, I do not know, but I am sure they are performing MITM.

    4. Re:What? by Rockoon · · Score: 5, Insightful

      I know this is slashdot and we do not read much what people so that we can rant and seem smart. But come on, it is written in TFS and TFT (the F-ing title). "Nokia admits decrypting user data."

      ..because they encrypt the users data on the device, and send it to their servers where it must be decrypted in order to know what it is and even where to send it.

      Would you rather they didnt encrypt the data and sent it over the air like that instead?

      You claim to know that this is slashdot, but dont seem to know to at least make an attempt to understand the technologies that you are talking about? Worthless blabber.

      Hint: the phone is not the endpoint of the browsing session - the phone is a remote terminal for a server that is the endpoint of the browsing session

      --
      "His name was James Damore."
    5. Re:What? by Anonymous Coward · · Score: 3, Informative

      According to Amazon's statement to the EFF Silk does _not_ intercept HTTPS traffic:

      SSL Traffic

      Amazon does not intercept encrypted traffic, so your communications over HTTPS would not be accelerated or tracked. According to Jon Jenkins, director of Silk development, “secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon’s EC2 servers.” In other words, no HTTPS requests will ever use cloud acceleration mode. Given the prevalence of web pages served over HTTPS, this gives Amazon good incentive to make Silk fast and usable even when cloud acceleration is off. Turning it off completely should be a viable option for users.

      (from https://www.eff.org/2011/october/amazon-fire%E2%80%99s-new-browser-puts-spotlight-privacy-trade-offs)

  2. Listen... by rickatnight11 · · Score: 5, Funny

    Yes, we're opening your mail, but we're not LOOKING at it. We're just making sure you aren't wasting paper and ink.

  3. Fedware by Anonymous Coward · · Score: 4, Insightful

    We don't access your personal information with our closed source NSA backdoors, we just plug this strange Narus device into our routers.

  4. The reason Nokia is able to do this by kasperd · · Score: 4, Informative

    The reason Nokia is able to do this is that they control the browser. According to the article browsers on Nokia phones are delivered with a certificate, that allows Nokia to perform this MITM attack. They call it a feature and provide a plausible explanation of what benefit it has for the users. However enabling such a risky feature without user consent is a really bad move and means users should no longer trust Nokia products as much as they have done in the past.

    --

    Do you care about the security of your wireless mouse?
  5. Re:How do they even do that? by kasperd · · Score: 5, Informative

    There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.

    They control the browser. According to the article, the necessary certificate is installed on phones as Nokia ships them.

    --

    Do you care about the security of your wireless mouse?
  6. Re:How do they even do that? by ledow · · Score: 4, Informative

    On their own phones, they just install a browser and their own trusted wildcard cert.

    Then anything you browse to, the browser trusts and encrypts but just to the "wrong" destination.

    On any decent machine, or decent browser under your own control, you wouldn't let it happen. And if you did, SSL would be similarly "broken".

    SSL is a trust mechanism only. If your phone trusts Nokia, the padlock icon means nothing beyond that you're talking to Nokia. If your phone DIDN'T trust Nokia, it wouldn't be an issue and they would have to pass your traffic through unchanged (and still encrypted!) to the destination servers or risk SSL warnings on your browser.

    This is why you don't ignore browser certificate warnings, and why you NEVER install a certificate on your computer (or allow software to). I've seen software that installs a trust certificate for the vendor when installed (as administrator), that would be show up and be allowed in the IE certificate store too (so browsing to any site with a cert signed by that cert would let you think you were talking to Google, etc.)

    See also Google's TURKTRUST issue lately - if you trusted TURKTRUST, you thought you were talking to Google and weren't. If you didn't, you would just have got an error and still been secure.

  7. Re:How do they even do that? by jeffmeden · · Score: 5, Insightful

    There must be serious flaws in HTTPS if they can decrypt the traffic for hosts that they don't control the certs for.

    They control the browser. According to the article, the necessary certificate is installed on phones as Nokia ships them.

    This is exactly what i was thinking/fearing. This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret. The striking thing is that users obviously have no idea they are handshaking with Nokia instead of their bank, doctor, etc. Are there at least alternate browsers available?

  8. Re:How? by Rich0 · · Score: 5, Informative

    Isn't that the whole point of HTTPS, to ensure that a man-in-the-middle attack (in this case, a probably benign proxy) is impossible?

    It is only impossible without the collusion of a trusted certificate authority. When was the last time you reviewed the list on your browser? Oh, and did YOU do anything to determine if any of those organizations were trustworthy.

    If you get a mobile device from your mobile provider, there is a pretty good chance that they stuck their own root CA in there somewhere. Maybe they just use it for SSL connections to their own websites/email/etc. But, trusted is trusted in the world of SSL which means they could just MITM every connection you make.

    Ditto for any PC you use at work. Chances are your employer has a trusted CA somewhere in there, which means they can MITM any SSL connection you make to any service on the web.

    If they didn't actually modify your browser you can probably spot this by pulling up the certificate info for your connection and noting who issued it.

    This is why I believe SSL offers a false sense of security. Moving to certificates distributed over DNSSEC would cut out the middlemen, and it would improve security. Only the domain registrar for google.com could tamper with their certificates, for example. That still isn't perfect, but it is better than any CA anywhere on the globe.

  9. CORRECTION by girlintraining · · Score: 3, Insightful

    Wrong profile linked. Correct profile. Stupid misclick. Ugh. In other news, his background is not a software developer, but a network admin with some cisco experience. Like many in that area of IT, there is some exposure to security. I wouldn't call him an expert in MIM attacks, but he's not a layperson either.

    --
    #fuckbeta #iamslashdot #dicemustdie
  10. Re:How do they even do that? by dririan · · Score: 4, Informative

    The same thing can be (and is) accomplished in normal desktop OSs by adding a CA certificate to the certificate store. It's commonly used in businesses that have an HTTPS proxy as well as an HTTP proxy so they can filter/monitor HTTPS access as well. IIRC there was an Ask Slashdot question about it as well. In any case, no modification of the implementation is needed.

  11. "In a secure fashion..." by eth1 · · Score: 4, Insightful

    ...my ass

    Right up until the government shows up and demands that they send all the traffic to them first, and forbids them from notifying their customers.

  12. Re:RIM isn't any better by thePowerOfGrayskull · · Score: 5, Informative

    If you're using BES, it's all encrypted - it goes through RIM's servers, but RIM can't read it.

    Hence the big kerfuffle about governments insisting on access to BES data, and RIM's refusal to give it -- they literally can't.

    Consumer email/BIS access is a different story. RIM does have access to that, and presumably government as well (similar to what any other provider gives).

  13. Re:How do they even do that? by houstonbofh · · Score: 3, Interesting

    How is easy, as other have said. How legally? That is another matter. As I read it, they are committing a DMCA violation by breaking a security measure. Should be able to go after them for anticircumvention tools, and force them to remove the cirt.

  14. Any browser publisher is the same way by tepples · · Score: 3, Informative

    This is some scary shit, basically you ought to treat HTTPS on your Nokia device like HTTP, unless you really really trust that Nokia knows what they are doing and how to keep a secret.

    Any web page retrieved through HTTPS is parsed into an unencrypted DOM within the web browser. You have to trust that the browser publisher knows what it is doing and how to keep a secret.

    1. Re:Any browser publisher is the same way by 0123456 · · Score: 4, Insightful

      Yeah, because having the browser display the page locally is just exactly the same as having a remote server decrypt your connection as a man in the middle.

    2. Re:Any browser publisher is the same way by Anonymous Coward · · Score: 5, Insightful

      Nothing stops the browser from transmitting information to a third-party server.

      =>

      You have to trust that the browser publisher knows what it is doing and how to keep a secret.

    3. Re:Any browser publisher is the same way by tepples · · Score: 4, Interesting

      The point is... you can find a browser that doesn't fuck you over and use that.

      And you can find a phone that doesn't take advantage of you and use that. The trouble is, this sort of "doesn't take advantage of you" isn't exactly a selling point among the mass market, which means a product like this won't be produced for a mass-market price.

      for things like, say, open source browsers, you can read the code and see what it is doing.

      But do most people verify that the binary they download matches the source code? And do they diverse-double-compile their compiler toolchain to make sure it isn't infected with a "Reflections on Trusting Trust"-style virus? I'm under the impression most end users take this on faith.

    4. Re:Any browser publisher is the same way by smpoole7 · · Score: 3, Insightful

      > If it's open source YOU have the power to stop it from doing anything like that

      In principle and theory, yes. In practice, maybe not. You would almost certainly use libraries installed on the device, unless you plan to roll your own from scratch (and that's going to eat a lot of SRAM). They could still sniff and snoop at the library level.

      Or, they could simply sniff and snoop whatever is displayed on the screen. Your open-source browser is "clean," but Nokia is, in essence, a snoop looking over your shoulder. Character-recognition software is small and fast nowadays.

      Waiting for a Slashdot story about how THAT is happening, by the way. Some manufacturers and providers are already admitting that they can access the mike and the camera on your smartphone to "see" and "hear" what you're up to ...

      Ergo, I have no doubt whatsoever that even using an open-source browser won't protect you. The only real answer is to ensure that you never do anything really sensitive on a smartphone. I certainly don't.

      --
      Cogito, igitur comedam pizza.
    5. Re:Any browser publisher is the same way by Minwee · · Score: 4, Informative

      Yeah, because having the browser display the page locally is just exactly the same as having a remote server decrypt your connection as a man in the middle.

      Is this your first time using a web browser on a mobile device?

      Data has been being received, rendered and compressed by remote servers for years. Opera billed it as a major feature of their browser in 2005, but even then it was nothing new.

    6. Re:Any browser publisher is the same way by gl4ss · · Score: 4, Insightful

      From what I understand, the browser is not doing HTTPS at all to the bank/docter etc, its doing HTTP or HTTPS to the nokia proxy and proxy is doing the HTTPS to bank/doctor. In this scenario HTTPS is not broken, the phone is. Total fail Nokia

      it's doing a special protocol to nokias servers(encrypted).
      just like opera mini has been doing for years.

      they did this as a feature catchup. also it enables them to actually RENDER THE FUCKING PAGES THE PHONE WOULDN'T OTHERWISE BE ABLE TO. that's how these light browsers manage to do their magic on really shitty hw.

      sometimes slashdot feels like full of fucking idiots who have been living under 324 feet of rock without internet.

      if you don't like it, buy a phone that costs more than ninety bucks(no subs).

      here's a shocking reveal of opera mini passing all data through their servers on slashdot from 2006 http://tech.slashdot.org/story/06/01/24/227227/opera-mini-mobile-browser-officially-released

      --
      world was created 5 seconds before this post as it is.
    7. Re:Any browser publisher is the same way by Anonymous Coward · · Score: 4, Funny

      And you can find a phone that doesn't take advantage of you

      Which part of "Microsoft Product" did you not understand?

    8. Re:Any browser publisher is the same way by shutdown+-p+now · · Score: 3, Insightful

      The difference is that Opera Mini is explicitly advertised as a "proxy browser". If you choose to use it, you know what it is about, and what the implied security risks are.

      Here, we're talking about a stock browser in a smartphone, doing this by default with no warnings given to the user. I don't care why they thing it's a good idea, it's a major compromise of security.

    9. Re:Any browser publisher is the same way by spongman · · Score: 3, Insightful

      you trust Google over Microsoft?

      one of those companies has a business model that relies on gathering as much information about you that it can and selling it to advertisers.

      the other one sells software.

  15. Benjamin Franklin by Frankie70 · · Score: 4, Funny

    Wasn't it Benjamin Franklin who said "They who can give up essential security to obtain a little speed increase, deserve neither security nor speed"?

  16. Re:How do they even do that? by erroneus · · Score: 4, Insightful

    Your trust is extended because of the expectations involved. The user/owner of the device is not informed that, unlike his PC or other smart phone devices, Nokia is handling encyption differently. As https is used primarily for the purpose of securing data traffic between the user and their banks or their other services which need security, the expectation has always been that it would not involve the maker of the device which is being used.

    I "trust" my car maker to build a good car. I do not "trust" them not to install cameras in it without my knowledge and then tell me later "there are cameras, but we are not looking at the video feed."

  17. Re:illegal here by ArhcAngel · · Score: 3, Insightful

    It may be illegal in the US as well

    Just like warrantless wiretapping...oh wait!

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  18. It's a documented and advertised feature by nedlohs · · Score: 4, Insightful

    If you don't trust Nokia to not snoop on your data then why are you carrying around a device made by Nokia that contains a camera and a microphone and a cellular connection to the internet (and probably a gps though I don't know the details of Nokia's phones)?

  19. Re:If it was so good then why didn't you tell us? by Luckyo · · Score: 4, Informative

    They don't just tell you - they advertise it. It's one of the phones biggest selling features.

    The issue in countries where the phone is sold is network traffic. It's costly. VERY costly. This browser does what opera mini did for about a decade - it works through nokia's special proxy that fetches the page for you, renders it in unique way that saves a lot of traffic and then sends it to your phone's browser.

  20. Re:How do they even do that? by CKW · · Score: 3, Interesting

    Yes, this IS wiretapping. I don't care if they've got a tiny tiny line item in their terms of service that say they're doing this, NO ONE expects their https encrypted session with their bank to be in the clear on Nokia's servers.

    I'd really really like to see the RCMP charge Nokia Canada's CIO just on principle. Just because big companies have lawyers and huge t.o.s. don't mean they should be treated any differently than joe blow secretly inserting software on his aunt's computer to listen in to her voip conversations.

  21. Re:If it was so good then why didn't you tell us? by Pieroxy · · Score: 3, Insightful

    They advertise the feature without advertising the implications.

    Of course, that's called "marketing". Push up the upsides, burry the downsides.

    --
    Write boring code, not shiny code!
  22. Re:It's easy when you're god by FrangoAssado · · Score: 4, Informative

    It's sad that this is modded so high; it's completely wrong.

    A requests a secure channel to B from C. Instead C establishes a secure channel with A *claiming* that it's B, while also establishing a secure channel to B claiming that it's A.

    You're describing a MITM attack, which is prevented by SSL and TLS by using certificates -- C can only fool A into thinking it's B if C knows B's private key (in which case, C has essentially stolen B's identity).

    What happens in Nokia phone's case is that the browser happily trusts C to forward things to B without looking at what's being transmitted (the browser accepts C's certificate authority).