• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Nokia admits to implementing a Man-In-The-Middle flaw in HTTPS

 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Nokia has admitted that it routinely decrypts user's HTTPS traffic, but says it is only doing it so it can compress it to improve speed. That doesn't convince security researcher Gaurang Pandya, who accuses the company of spying on customers."


From the article, Nokia says: "'Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner. ... Nokia has implemented appropriate organisational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.'"

http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking


So the question is: do you trust Nokia?
And the follow up is who else is putting a MITM in your HTTPS session?

I don't know enough about Nokia to make a judgement on their trustworthiness, but this is not a one-time question. Perhaps today, they don't use the data, and don't spy on customers. But who knows what a rogue employee will do at some later date.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Opera's mobile browsers perform various transformations on web pages between their servers and the mobile browser, as does Amazon's Kindle - who knows how big the leap would be from what they're doing now to something like this, if it is a leap at all.
 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm pretty sure that once you start transforming the HTML pages, you have already done the MITM work. Otherwise, you would not be able to see what the HTML is doing so you can transform it. But I've never seen any detailed technical descriptions of what, exactly, they do.
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Based on everything I have read over the years about RSA, SSL/TLS and HTTPS I'm pretty sure that as algorithms they are secure but it has long been recognized that any pure software implementation of any encryption algorithm cannot be secure. In the case of RSA, assuming a sensible key size, once data has been encrypted using the public key it is pretty much impossible to decrypt it without having the private key. Nokia cannot have access to all the worlds RSA private keys so any true SSL/TLS man-in-the-middle attack has to be done using the symmetric key negotiated between the client and the server. One assumes that Nokia wrote their own SSL/TLS software so it would be trivial for them to get access to the negotiated key! The problem I have with the reports I have read is understanding how Nokia can use a proxy for Man-In-The-Middle. As far as I can see this would require either that the proxy has access to the negotiated key or that communication between the client and the proxy is not using the the server's public key but the public key of the proxy.

If Nokia have total control of the software running on their phones then this security hole will always be possible. I can't see that in the short term very small tamper proof HSMs are going to be fitted to phones but even if they are the portion of the channel between the user and the HSM is unencrypted! When one is dealing with a server one has to trust the server and for the most part one does (whether or not one should is a different matter) but one must also be able to trust all elements of the communication channel between the client and the server and if one can't then there cannot be any security.

I use an old Nokia phone but I use it to make phone calls and not for financial or other sensitive transactions.

 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Richard Tookey wrote: Nokia cannot have access to all the worlds RSA private keys so any true SSL/TLS man-in-the-middle attack has to be done using the symmetric key negotiated between the client and the server. ... The problem I have with the reports I have read is understanding how Nokia can use a proxy for Man-In-The-Middle.

If Nokia have total control of the software running on their phones then this security hole will always be possible.....When one is dealing with a server one has to trust the server and for the most part one does (whether or not one should is a different matter) but one must also be able to trust all elements of the communication channel between the client and the server and if one can't then there cannot be any security.



You are not understanding the problem. All Nokia has to do is a very small hack so that when you think you are going to https://amazon.com it sends you instead to https://amazongproxy.nokia.com. It can do this without changing the URL in the tool bar. Then the proxy can decrypt the connection from the phone to itself, and start a secondary connection to the real https://amazon.com

All communication from your smartphone to the hidden proxy is normal SSL. All communication from the proxy server to amazon's SSL server is normal. But everything going to it, or from it, goes through the proxy in the clear.

You are right, the system is built on trust, trust that you are really going to https://amazon.com without a man in the middle. That is what you are trusting, but Nokia is directly and deliberately violating that trust. They are hiding the interaction with their own proxy.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic