+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Nokia Caught Exposing User Data To Potential Snoops

Jan 11, 2013, 23:55 IST

Steve Kovach, Business InsiderNokia has changed how it handles data after an investigation by IT blogger Guarang K Pandya.

Advertisement

Pandya uncovered how Nokia was having all of its handset users' supposedly secure data diverted to its own servers, unencrypted, then re-encrypted and sent out to its intended destination server. They did this through preinstalled software that automatically rerouted all traffic to Nokia servers.

The action, Pandaya rightfully pointed out, potentially gave eyes at the company an opportunity to look at classified information.

Caught in the act, the company quickly rerouted encrypted data to other servers — but the damage had been done.

From a Information Security Magazine post just today:

Advertisement

Nobody suggests that Nokia has abused this information; but it is a clear issue of trust. The whole purpose of https encrypted traffic is so that the user can have confidence that his message cannot be eavesdropped en route. “It is a big deal,” says Rick Falkvinge (the founder of the Swedish Pirate Party), “because banks rely on having a secure connection all the way to you. As do corporate networks. As do news outlets’ protection of sources.

While no one is suggesting that Nokia spied on data, the potential exposure of proprietary corporate information, secret sources, possibly even state secrets without users permission is a huge deal in the information security world.

Nokia's statement to TechWeek UK:

“The proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.”

Last August, privacy advocates were concerned as Nokia developed the ability to track users' movements in the future, up to 24 hours in advance, with a margin of error of about 10 feet. Nokia claimed that process was also for the benefit of users.

Advertisement
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article