Nokia Xpress browser found to decrypt HTTPS traffic and get all your sensitive information, Nokia says don't worry
Basically, Nokia admitted the Xpress Browser would decrypt all data going through HTTPS connections, after Indian security researcher Gaurang Pandya signaled the alarm that traffic from his Asha Series 40 phone was being routed through Nokia’s servers.
This is done to condense traffic and is similar to what other browsers like Opera Mini do. The benefit is for those with low data allowances who still want to make the most of their megabytes.
What’s troubling however is the particular fact that Nokia gets to see decrypted HTTPS requests and get access to sensitive information.
“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.”
Nokia has now replied to the allegations with the following:
“Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them,” the company said. “When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.
Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”
Bottomline is you’d just have to trust Nokia. What is troubling however is the fact that unlike other similar browsers like Opera Mini, the company was up until now secretive about all of this activity happening under the hood.
Posts: 281; Member since: Jun 07, 2012
posted on Jan 11, 2013, 7:16 AM 8
Posts: 4769; Member since: Mar 07, 2012
posted on Jan 11, 2013, 6:05 AM 5
Posts: 973; Member since: Aug 09, 2012
posted on Jan 11, 2013, 6:24 AM 4
Posts: 7; Member since: Jan 04, 2013
posted on Jan 11, 2013, 6:02 AM 14
Posts: 5498; Member since: Aug 05, 2011
posted on Jan 11, 2013, 6:05 AM 4
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):