70 Comments

Summary:

The company has confirmed that the Xpress Browser used on its Asha and Lumia handsets does route HTTPS traffic via its servers, temporarily decrypting it as it does so. However, Nokia maintains that it wouldn’t access complete unencrypted information.

Asha handsets

Nokia has confirmed reports that its Xpress Browser decrypts data that flows through HTTPS connections – that includes the connections set up for banking sessions, encrypted email and more. However, it insists that there’s no need for users to panic because it would never access customers’ encrypted data.

The confirmation-slash-denial comes after security researcher Gaurang Pandya, who works for Unisys Global Services in India, detailed on his personal blog how browser traffic from his Series 40 ‘Asha’ phone was getting routed via Nokia’s servers. So far, so Opera Mini: after all, the whole point of using a proxy browser such as this is to compress traffic so you can save on data and thereby cash. This is particularly handy for those on constricted data plans or pay-by-use data, as those using the low-end Series 40 handsets on which the browser is installed by default (it used to be known as the ‘Nokia Browser for Series 40′) are likely to be.

However, it was Pandya’s second post on the subject that caused some alarm. Unlike the first, which looked at general traffic, the Wednesday post specifically examined Nokia’s treatment of HTTPS traffic. It found that such traffic was indeed also getting routed via Nokia’s servers. Crucially, Pandya said that Nokia had access to this data in unencrypted form:

“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.”

Pandya pointed out how this potentially clashes with Nokia’s privacy statement, which claims: “we do not collect any usernames or passwords or any related information on your purchase transactions, such as your credit card number during your browsing sessions”.

So, does it clash?

Nokia came back today with a statement on the matter, in which it stressed that it takes the privacy and security of its customers and their data very seriously, and reiterated the point of the Xpress Browser’s compression capabilities, namely so that “users can get faster web browsing and more value out of their data plans”.

“Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them,” the company said. “When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.

“Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”

To paraphrase: we decrypt your data, but trust us, we don’t peek. Which is, in a way, fair enough. After all, they need to decrypt the data in order to de-bulk it.

The issue here seems to be around how Nokia informs – or fails to inform – its customers of what’s going on. For example, look at Opera. The messaging around Opera Mini is pretty clear: the browser’s FAQs spell out how it routes traffic. Although you can find out about the Xpress Browser’s equivalent functionality with a bit of online searching, it’s far less explicit to the average user. And this is particularly unfortunate given that the browser is installed by default — people won’t necessarily choose it based on those data-squeezing chops.

And it looks like Nokia belatedly recognizes that fact. The statement continued:

“We aim to be completely transparent on privacy practices. As part of our policy of continuous improvement we will review the information provided in the mobile client in case this can be improved.”

The moral of the story is that those who want absolute security in their mobile browsing should probably steer clear of browsers that compress to cut down on data. Even if Nokia isn’t tapping into that data – and there is no reason to suspect that it is – the very existence of that feature will be a turn-off for the paranoid, and reasonably so. And that’s why Nokia should be up-front about such things.

UPDATE: A kind soul has reminded me that, unlike Xpress Browser and Opera Mini, two other services that also do the compression thing leave HTTPS traffic unperturbed, namely Amazon with its Silk browser and Skyfire. This is arguably how things should be done, although it does of course mean that users don’t get speedier loading and so on on HTTPS pages.

You’re subscribed! If you like, you can update your settings

  1. This is really a very weak condemnation of a very serious matter.

    The point is that a user on the web (on any device at all) has an expectation that when they see “https:” they have a secure connection, whereas in this case they don’t. They can change their FAQ all they want, but the user shouldn’t have to check said FAQ looking for exceptions to a rule that shouldn’t have been broken in the first place.

    Changing the FAQ is therefore not a solution to this problem at all.

    This article sort of takes the position that anyone who was serious about security would know to check these things because (between the lines) they should know better. That’s just lame and not a valid stance IMO.

    As long as it says “https:” in the URL on the browser of the device you are using, the data should *never* be decrypted in the middle. That’s the rule. That’s the user expectation. If they are going to do this then the URL should at minimum change back to “http” and a large browser popup should explain to the user that they are no longer on a secure connection. Period.

    1. I’m sorry you see it that way. I was trying to take a nuanced view on this, with my point being that transparency is everything here. After all, Opera Mini has done this for years, with the intention of benefiting its users (and I’ve not seen many complaints about that). That said, Xpress Browser users may not be as conscious of the functionality. I like your idea about the popup.

      1. Is it really about transparency? Hell i hope regulators bring criminal charges no matter who does it.

      2. I am sorry you don’t see it that way.

      3. I’m not sure what other way there is to see it. That is the entire point of HTTPS.

        Nokia can say we should trust them, but if people were willing to trust third parties with their sensitive data, there would be no need for HTTPS in the first place.

        And how can Nokia guarantee our data is safe with them? SSL/TLS are designed so that I don’t need to trust anyone besides the party I’m communicating with (like my bank), and the certificate authority (who let me verify that it’s really them). If Nokia is capturing data, even temporarily, that makes everything I do vulnerable. (It also puts a giant “kick me” sign on Nokia’s back.)

        Besides, it doesn’t even fit the name any more: it’s called Transport Layer Security because it provides end-to-end security of the network’s Transport Layer. If Nokia is seeing decrypted packets, then it’s not Transport Layer security. They can say whatever they want on their webpage, but that doesn’t change the fact that the name is a lie.

        You can paint a kiwifruit white but that won’t make it an egg, and writing “egg” on your advertising is inexcusable — even if you write “not really an egg” somewhere on your webpage.

        The only reason you haven’t heard many complaints about Opera Mini is probably because it doesn’t have many users. Every time I’ve ever heard about Opera Mini, I have heard in the very next breath about its flawed security model. That’s a catch-22: would they have had more users, if they took security seriously?

        You probably don’t know many people who won a prize for being the millionth website visitor, either, even those those are a lie: because everybody knows it’s a lie, nobody bothers. But then you can’t turn around and say “Nobody’s complaining about those dumb banner ads” — of course not, because nobody is dumb enough to try using them.

      4. Xpress Bank is FDIC insured*

        Xpress Farms Organic** Milk

        Xpress Browser HTTPS***

        * You money is ultimately stored in an FDIC account. But deposits are temporarily stored in an uninsured account so that we can process the deposits faster.
        ** We use a patented process to filter out non-organic substances in non-organic milk, allowing our organic** milk to have non-organic prices.
        *** While HTTPS implies encrypted communication between your device and secure websites (such as your bank) such that no one in the middle can access the data, in order to reduce bandwidth and increase speed, Xpress Browser routes your HTTPS data through Nokia servers which have the keys. Nokia servers decrypt the data temporarily.

      5. There is no nuanced view on end-to-end security. You either have it, or you don’t. You can’t be a little bit pregnant, and you can’t be a little bit secure.

        If somebody starts to argue that “their servers are secure”, “they don’t look” etc – none of this matters. The fact is that HTTPS is secure, but only as long as it’s end to end.

        I use my bank’s web interface on my mobile phone all the time to transfer money. Would I want Nokia to decrypt that? Would Nokia reimburse me if their servers get hacked and hackers plunder my bank account?

    2. Agreed with Mr. Bee.

      I’m not certain the author of this article understands the gravity of a Man in the Middle Attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) where Nokia is actively impersonating both you and your bank/email etc.

      Regardless of Nokia’s end goal, this is a horribly bad idea.

      What happens if Nokia’s proxy servers get compromised with your previously secure data now in cleartext (unencrypted)?

      What happens if Nokia gets a government subpoena for the unencrypted data and is forced to store the unencrypted data for “some time”?

      Bad. Bad. Idea.

    3. 100% agreement.

      You can’t teach users “this applies to Opera Mini and Nokia devices not running Symbian or MeeGo and this applies to, practically, everything else”. My mother would not even understand 10% of the previous sentence, and she does not have to.

      Even not considering https/SSL “rules”, what Nokia does here is line tapping without an order signed by a judge, heck, even without any claim being present at all. It is actually the equivalent of me opening your mailbox with a crowbar and reading your mail. A secure connection, by all means, should ensure that any misuse can only ever happen by the sender or the recipient(s). I should never be forced to guess if the ISP, browser programmer or email provider is secure, they should just route the bits to their destination.

      With today’s mobile bandwidth there is no need to screw security to save a few bits. And certainly not by means of assuming a user’s approval.

      1. I like your mailbox metaphor, but I would say that what they’re doing is “equivalent of me opening your mailbox with a crowbar”, then opening the envelopes just so that I can fold your letters in a more compact way and telling you to trust me that I won’t read any of it.

    4. I agree. It seems that the Nokia browser is asserting the user has a secure connection to the user’s bank (for e.g.) when in fact it is Nokia’s server that has the secure connection to the bank. The user merely has a secure connection to Nokia’ server. Clear misrepresentation to my mind, and not something that can be fixed with an FAQ or a popup.

  2. What the … is wrong with them? Who was the nutjob that thought it’s a good idea to mess with HTTPS traffic? Nobody should mess with HTTPS traffic and if they do,regulators should step in and block them.

  3. Yes, we’re opening your mail, but we’re not LOOKING at it. We’re just making sure you aren’t wasting paper and ink.

  4. I wonder if Opera do the same for their minifying/compressing proxies?

    1. p.s. yes, Opera mini does. but at least they were open about it:
      http://www.opera.com/mobile/help/faq/#security

    2. Opera Mini only relays the packets from HTTPS protocol connections which is a completely legimate action, it’s not the same thing as what Nokia are doing at all.

      Nokia is actively impersonating both you and your visiting HTTPS site in a MIM style.

      1. No they do not. Stop spreading misinformation.

        http://www.opera.com/mobile/help/faq/#security

      2. You seem to not have a basic understanding of the issue. For Opera Mini to be able to perform a man in the middle attack similar to Nokia, they would be required to install their own CA on the device (which Nokia does), which Opera cannot do (this requires full access to the device). The FAQ you linked to only claims Opera Mini does not support end-to-end encryption, it does not mention they are decrypting the SSL traffic and impersonating the receiving end. It is actually technically impossible for Opera Mini to do what you are claiming, so you are in fact the one spreading misinformation.

  5. Glad I stopped using Nokia handsets years ago. Nokia got caught being naughty.

  6. I would never buy a phone that does this. Nokia should disable this feature immediately.

  7. Decrypting HTTPS traffic and using the Man-In-The-Middle-Attack as a company policy is a very bad idea. Even if Nokia is NOT reading the clear text data, it can only bring bad publicity. There is a reason why some guys in the www are using HTTPS, even if it is slower. Nobody should sacrifice privacy for speed.

    1. It’s a terrible company policy for another reason: liability. With (real) SSL/TLS, if anybody tries to harass you about your security policy, you can legitimately claim you’re using industry best practices. Every technical person on the internet, including their competitors, will rush to their defense.

      But what happens when there’s a security breach at Nokia? What happens if Nokia discovers one of their employees installed their own backdoor?

      Or, what happens if every Nokia employee does everything perfectly and they’re lucky enough that none of their systems is ever hit with a network attack, but still some people think they have cause to question Nokia’s security, and hit them with lawsuits or subpoenas? Nobody can rush to Nokia’s defense, because their MitM architecture means nobody knows what goes on in their servers. Even their own administrators can’t say for sure, without a complete audit.

      Have you ever worked for a tech company hit with a big subpoena? If you think browsing HTTPS over a cell radio is slow, try running a company while all of your employees have to step back during a full company audit.

      I would sell all my Nokia shares immediately, if I had any. This is a huge technical, public relations, and legal risk that I would want no part of.

  8. Opera Mini only relays the packets from HTTPS protocol connections which is a completely legimate action, it’s not the same thing as what Nokia are doing at all.

    Nokia is actively impersonating both you and your visiting HTTPS site.

    1. Hi ralph, I’m afraid your statement about Opera Mini is not true.

      Opera Mini does decrypt and transcode the information sent over HTTPS.

      See the “Is there any end-to-end security…” question at http://www.opera.com/mobile/help/faq/#security .

      1. I am afraid your understanding of the issue and the opera mini FAQ is not correct.
        Decrypting and transcoding content with a warning to the user, is not the same as decrypting and impersonating the receiving end. It is actually technically impossible for Opera Mini to do that without installing their own CA on the device (which is not possible without root access). Please read up on the issue a bit more and get a basic understanding of it, just quoting some FAQ that you dont have a full understanding of does not make it so.

  9. Dwarika Dhish Mishra Thursday, January 10, 2013

    Same kind of problem you could see if you are using UC Browser. It sends some time your https request as http.

    1. Is that so? Haven’t really observed that. But then I uninstalled UC Browser a few days back.

  10. Any device a vendor sells you could easily be set up to decrypt all your HTTPS traffic. They just have to their own root CA certificate in the device’s browser.

Comments have been disabled for this post