Richard Tookey wrote: Nokia cannot have access to all the worlds RSA private keys so any true SSL/TLS man-in-the-middle attack has to be done using the symmetric key negotiated between the client and the server. ... The problem I have with the reports I have read is understanding how Nokia can use a proxy for Man-In-The-Middle.
If Nokia have total control of the software running on their phones then this security hole will always be possible.....When one is dealing with a server one has to trust the server and for the most part one does (whether or not one should is a different matter) but one must also be able to trust all elements of the communication channel between the client and the server and if one can't then there cannot be any security.
You are not understanding the problem. All Nokia has to do is a very small hack so that when you think you are going to
https://amazon.com it sends you instead to
https://amazongproxy.nokia.com. It can do this without changing the URL in the tool bar. Then the proxy can decrypt the connection from the phone to itself, and start a secondary connection to the real
https://amazon.com
All communication from your smartphone to the hidden proxy is normal SSL. All communication from the proxy server to amazon's SSL server is normal. But everything going to it, or from it, goes through the proxy in the clear.
You are right, the system is built on trust, trust that you are really going to
https://amazon.com without a man in the middle. That is what you are trusting, but Nokia is directly and deliberately violating that trust. They are hiding the interaction with their own proxy.