Nokia Found to Perform Man-in-the-Middle Attacks on HTTPS Traffic

The company says it's not collecting any sensitive information from users

By on January 11th, 2013 12:10 GMT

Over the past period, security researcher Gaurang Pandya has been studying the way Nokia handles data traffic and he has identified some interesting things. The expert has found that when the Nokia browser is used, all the traffic is redirected to Nokia/Ovi proxy servers.

Moreover, after further analysis, Pandya determined that Nokia was actually performing “man-in-the-middle attacks (MitM)” on traffic originating from their devices – including HTTPS traffic –, gaining access to all user data in an unencrypted form.

It’s known that the Finnish phone manufacturer compresses data to speed up the loading times of webpages on some devices. However, according to the expert, in order to do this, it has to direct traffic via its servers and perform the MitM attacks.

“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature,” Pandya noted.

“In short, be it HTTP or HTTPS site when browsed through the phone in subject, Nokia has complete information unencrypted (in clear text format) available to them for them to use or abuse.”

In a statement provided to TNW, Nokia representatives have explained that their proxy servers do not store the content of the webpages visited by users or any information they enter into them.

“When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner,” they explained.

“Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”

In the latest update made to his post describing his research, the expert has explained that since the news broke out, Nokia has taken some important steps towards addressing the issues identified by Pandya.

Now, according to the expert, Nokia is still diverting traffic via its own servers, but it is no longer performing MitM attacks.

1 Comment