Nokia(s nok) has confirmed reports that its Xpress Browser decrypts data that flows through HTTPS connections – that includes the connections set up for banking sessions, encrypted email and more. However, it insists that there’s no need for users to panic because it would never access customers’ encrypted data.
The confirmation-slash-denial comes after security researcher Gaurang Pandya, who works for Unisys Global Services in India, detailed on his personal blog how browser traffic from his Series 40 ‘Asha’ phone was getting routed via Nokia’s servers. So far, so Opera Mini: after all, the whole point of using a proxy browser such as this is to compress traffic so you can save on data and thereby cash. This is particularly handy for those on constricted data plans or pay-by-use data, as those using the low-end Series 40 handsets on which the browser is installed by default (it used to be known as the ‘Nokia Browser for Series 40’) are likely to be.
However, it was Pandya’s second post on the subject that caused some alarm. Unlike the first, which looked at general traffic, the Wednesday post specifically examined Nokia’s treatment of HTTPS traffic. It found that such traffic was indeed also getting routed via Nokia’s servers. Crucially, Pandya said that Nokia had access to this data in unencrypted form:
“From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.”
Pandya pointed out how this potentially clashes with Nokia’s privacy statement, which claims: “we do not collect any usernames or passwords or any related information on your purchase transactions, such as your credit card number during your browsing sessions”.
So, does it clash?
Nokia came back today with a statement on the matter, in which it stressed that it takes the privacy and security of its customers and their data very seriously, and reiterated the point of the Xpress Browser’s compression capabilities, namely so that “users can get faster web browsing and more value out of their data plans”.
“Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them,” the company said. “When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.
“Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”
To paraphrase: we decrypt your data, but trust us, we don’t peek. Which is, in a way, fair enough. After all, they need to decrypt the data in order to de-bulk it.
The issue here seems to be around how Nokia informs – or fails to inform – its customers of what’s going on. For example, look at Opera. The messaging around Opera Mini is pretty clear: the browser’s FAQs spell out how it routes traffic. Although you can find out about the Xpress Browser’s equivalent functionality with a bit of online searching, it’s far less explicit to the average user. And this is particularly unfortunate given that the browser is installed by default — people won’t necessarily choose it based on those data-squeezing chops.
And it looks like Nokia belatedly recognizes that fact. The statement continued:
“We aim to be completely transparent on privacy practices. As part of our policy of continuous improvement we will review the information provided in the mobile client in case this can be improved.”
The moral of the story is that those who want absolute security in their mobile browsing should probably steer clear of browsers that compress to cut down on data. Even if Nokia isn’t tapping into that data – and there is no reason to suspect that it is – the very existence of that feature will be a turn-off for the paranoid, and reasonably so. And that’s why Nokia should be up-front about such things.
UPDATE: A kind soul has reminded me that, unlike Xpress Browser and Opera Mini, two other services that also do the compression thing leave HTTPS traffic unperturbed, namely Amazon with its Silk browser and Skyfire. This is arguably how things should be done, although it does of course mean that users don’t get speedier loading and so on on HTTPS pages.
Lumia phones don’t use Xpress..they are Windows Phone so it’s Internet Explorer onboard ;)
It’s not preinstalled, but there is a beta of Xpress for Lumia: http://betalabs.nokia.com/trials/nokia-xpress-internet
Wrong. http://gaurangkp.wordpress.com is completely wrong about this. Is merely a https proxy that tunnels the Server to phone TLS.
The guy doesn’t have a clue how TLS works or PKI in general. Sensationalist garbage.
The Lumia series uses the one and only stock IE browser from microsoft.
Yes, but you can download a version of Xpress Browser for Lumia.
What’s the difference between this and what every other company that does this says, “we don’t decrypt your HTTPS traffic, even though we totally could if we wanted to”… in either case, as an end user, you just have to trust them. I’m not saying I agree with this stance, I’m just pointing out the other side of the coin. Now let’s all turn off our phones and go live in the woods.
This is hilarious. Using encryption is illegal in India, where those handsets are sold. Therefore it should be expected that no mobile device provides any type of end-point security, if it is sold and used in that country. Why did someone complain again?
It mentions this also happens on Lumina devices, so is this happening with Windows Phone 8?
Is this decryption happening just for the browser’s TLS traffic or for the OS’s TLS traffic too, typically generated by apps running on the mobile OS?
RIM did the same thing, but optionally. On at least the Blackberry of several years ago, there was an option in the settings where you could choose to either do SSL on their servers, or locally.
If somebody would have killed George Bush it might have saved millions of non-American kids and people. Would it have been called like “an act done for the betterment of humanity in non-gringo lands”?
:-)
Nokia is broke. They will take money from who ever offers it for any reason. Logging all https traffic and sending it to random governments for a monthly fee is par for the course.
The original post has not technical merit as to show there is _any_ SSL interception. Read my comment about how you would actually go about investigating this.
Furthermore the author of this blog make a _very liberal_ interpretation of a statement that _allegedly_ came from nokia. Read the statement carefully and notice if they really admit to anything or merely speculate that if there were to do something like this it would be secure.
Cheers,
Nokia always be my first choice. I have one, and you know, it’s survive for 5 years.
lol, you gotta be kjidding me
http://www.Cyber-Anon.tk
I have to be honest, I don’t find this acceptable no matter what Nokia’s policies are or how scrupulously they say they follow them. The simple fact is, at some point highly personal and highly confidential information that is supposed to be encrypted so that it can only be read by two parties is being decrypted and read by a third party. That means anyone using Xpress (or any other browser that does this) has to cross their fingers and hope that not only does Nokia follow their own policies, but that everyone who works at Nokia hasn’t taken the job just to exploit and profit from this huge hole in what should otherwise be an unbreakable chain of encryption.
I wouldn’t dare trust that.
Cybertheft, identity theft, etc. have become a major profit source for global organized crime. It’s not hard to imagine someone from one of these syndicates reading about what Nokia is doing and saying to himself “If one of our guys can get himself hired at Nokia, we could get access to millions of passwords, credit card numbers, CVV numbers, social security numbers, etc.”. No matter how honest and scrupulous Nokia’s own policies are, the fact remains that they’ve set themselves up as a huge target and they’re using private, sensitive customer data as bait.
I work for a mobility firm selling security software to Fortune 500 companies and I assure you that this issue has just landed these handsets, if not all the Nokia handsets, on the Do-not-purchase list for all these companies.
Anybody involved in security technology knows this is an extremely bad practice.
I wonder where the servers they are sending this through are located, physically. In the USA, they might be required under CALEA to provide the data under certain circumstances to law enforcement.
I don’t think the Lumia line of handsets supports Xpress Browser; at least I don’t see any signs of it on mine.
Personally I agree with Nokia here. Too many websites (hello, Twitter) resort to https with no provocation and needlessly slow down my browsing. I’m quite able to pick secure passwords, thank you, I don’t need you to nanny me.
Huh? What good is a “secure password” (whatever that may be) when you transmit it over an unencrypted connection? Or even a public WLAN or an internet cafe? You could as well print your secure password on a bumper sticker.
Considering that it’s now becoming standard practice for all websites to be delivered through https as a basic security precaution, it makes sense that any system that needs to recompress webpages would do this for HTTPS too, otherwise it might as well not do it at all. It’s a shame that this wasn’t communicated better by Nokia, but it does highlight the need to be aware of the potential security implications before using new and experimental web browsers or add-ons.
And I just started liking there Lumia 920. Well I change my mind. They have sold 4.4million handsets, stock price gains. tyhmä Nokian
I don’t think this would affect the 920, as it uses a different OS / browser.
Any device a vendor sells you could easily be set up to decrypt all your HTTPS traffic. They just have to their own root CA certificate in the device’s browser.
Same kind of problem you could see if you are using UC Browser. It sends some time your https request as http.
Is that so? Haven’t really observed that. But then I uninstalled UC Browser a few days back.
Opera Mini only relays the packets from HTTPS protocol connections which is a completely legimate action, it’s not the same thing as what Nokia are doing at all.
Nokia is actively impersonating both you and your visiting HTTPS site.
Hi ralph, I’m afraid your statement about Opera Mini is not true.
Opera Mini does decrypt and transcode the information sent over HTTPS.
See the “Is there any end-to-end security…” question at http://www.opera.com/mobile/help/faq/#security .
I am afraid your understanding of the issue and the opera mini FAQ is not correct.
Decrypting and transcoding content with a warning to the user, is not the same as decrypting and impersonating the receiving end. It is actually technically impossible for Opera Mini to do that without installing their own CA on the device (which is not possible without root access). Please read up on the issue a bit more and get a basic understanding of it, just quoting some FAQ that you dont have a full understanding of does not make it so.
Decrypting HTTPS traffic and using the Man-In-The-Middle-Attack as a company policy is a very bad idea. Even if Nokia is NOT reading the clear text data, it can only bring bad publicity. There is a reason why some guys in the www are using HTTPS, even if it is slower. Nobody should sacrifice privacy for speed.
It’s a terrible company policy for another reason: liability. With (real) SSL/TLS, if anybody tries to harass you about your security policy, you can legitimately claim you’re using industry best practices. Every technical person on the internet, including their competitors, will rush to their defense.
But what happens when there’s a security breach at Nokia? What happens if Nokia discovers one of their employees installed their own backdoor?
Or, what happens if every Nokia employee does everything perfectly and they’re lucky enough that none of their systems is ever hit with a network attack, but still some people think they have cause to question Nokia’s security, and hit them with lawsuits or subpoenas? Nobody can rush to Nokia’s defense, because their MitM architecture means nobody knows what goes on in their servers. Even their own administrators can’t say for sure, without a complete audit.
Have you ever worked for a tech company hit with a big subpoena? If you think browsing HTTPS over a cell radio is slow, try running a company while all of your employees have to step back during a full company audit.
I would sell all my Nokia shares immediately, if I had any. This is a huge technical, public relations, and legal risk that I would want no part of.
I would never buy a phone that does this. Nokia should disable this feature immediately.
Glad I stopped using Nokia handsets years ago. Nokia got caught being naughty.
I wonder if Opera do the same for their minifying/compressing proxies?
p.s. yes, Opera mini does. but at least they were open about it:
http://www.opera.com/mobile/help/faq/#security
Opera Mini only relays the packets from HTTPS protocol connections which is a completely legimate action, it’s not the same thing as what Nokia are doing at all.
Nokia is actively impersonating both you and your visiting HTTPS site in a MIM style.
No they do not. Stop spreading misinformation.
http://www.opera.com/mobile/help/faq/#security
You seem to not have a basic understanding of the issue. For Opera Mini to be able to perform a man in the middle attack similar to Nokia, they would be required to install their own CA on the device (which Nokia does), which Opera cannot do (this requires full access to the device). The FAQ you linked to only claims Opera Mini does not support end-to-end encryption, it does not mention they are decrypting the SSL traffic and impersonating the receiving end. It is actually technically impossible for Opera Mini to do what you are claiming, so you are in fact the one spreading misinformation.
Yes, we’re opening your mail, but we’re not LOOKING at it. We’re just making sure you aren’t wasting paper and ink.
What the … is wrong with them? Who was the nutjob that thought it’s a good idea to mess with HTTPS traffic? Nobody should mess with HTTPS traffic and if they do,regulators should step in and block them.
This is really a very weak condemnation of a very serious matter.
The point is that a user on the web (on any device at all) has an expectation that when they see “https:” they have a secure connection, whereas in this case they don’t. They can change their FAQ all they want, but the user shouldn’t have to check said FAQ looking for exceptions to a rule that shouldn’t have been broken in the first place.
Changing the FAQ is therefore not a solution to this problem at all.
This article sort of takes the position that anyone who was serious about security would know to check these things because (between the lines) they should know better. That’s just lame and not a valid stance IMO.
As long as it says “https:” in the URL on the browser of the device you are using, the data should *never* be decrypted in the middle. That’s the rule. That’s the user expectation. If they are going to do this then the URL should at minimum change back to “http” and a large browser popup should explain to the user that they are no longer on a secure connection. Period.
I’m sorry you see it that way. I was trying to take a nuanced view on this, with my point being that transparency is everything here. After all, Opera Mini has done this for years, with the intention of benefiting its users (and I’ve not seen many complaints about that). That said, Xpress Browser users may not be as conscious of the functionality. I like your idea about the popup.
Is it really about transparency? Hell i hope regulators bring criminal charges no matter who does it.
I am sorry you don’t see it that way.
I’m not sure what other way there is to see it. That is the entire point of HTTPS.
Nokia can say we should trust them, but if people were willing to trust third parties with their sensitive data, there would be no need for HTTPS in the first place.
And how can Nokia guarantee our data is safe with them? SSL/TLS are designed so that I don’t need to trust anyone besides the party I’m communicating with (like my bank), and the certificate authority (who let me verify that it’s really them). If Nokia is capturing data, even temporarily, that makes everything I do vulnerable. (It also puts a giant “kick me” sign on Nokia’s back.)
Besides, it doesn’t even fit the name any more: it’s called Transport Layer Security because it provides end-to-end security of the network’s Transport Layer. If Nokia is seeing decrypted packets, then it’s not Transport Layer security. They can say whatever they want on their webpage, but that doesn’t change the fact that the name is a lie.
You can paint a kiwifruit white but that won’t make it an egg, and writing “egg” on your advertising is inexcusable — even if you write “not really an egg” somewhere on your webpage.
The only reason you haven’t heard many complaints about Opera Mini is probably because it doesn’t have many users. Every time I’ve ever heard about Opera Mini, I have heard in the very next breath about its flawed security model. That’s a catch-22: would they have had more users, if they took security seriously?
You probably don’t know many people who won a prize for being the millionth website visitor, either, even those those are a lie: because everybody knows it’s a lie, nobody bothers. But then you can’t turn around and say “Nobody’s complaining about those dumb banner ads” — of course not, because nobody is dumb enough to try using them.
Xpress Bank is FDIC insured*
Xpress Farms Organic** Milk
Xpress Browser HTTPS***
* You money is ultimately stored in an FDIC account. But deposits are temporarily stored in an uninsured account so that we can process the deposits faster.
** We use a patented process to filter out non-organic substances in non-organic milk, allowing our organic** milk to have non-organic prices.
*** While HTTPS implies encrypted communication between your device and secure websites (such as your bank) such that no one in the middle can access the data, in order to reduce bandwidth and increase speed, Xpress Browser routes your HTTPS data through Nokia servers which have the keys. Nokia servers decrypt the data temporarily.
There is no nuanced view on end-to-end security. You either have it, or you don’t. You can’t be a little bit pregnant, and you can’t be a little bit secure.
If somebody starts to argue that “their servers are secure”, “they don’t look” etc – none of this matters. The fact is that HTTPS is secure, but only as long as it’s end to end.
I use my bank’s web interface on my mobile phone all the time to transfer money. Would I want Nokia to decrypt that? Would Nokia reimburse me if their servers get hacked and hackers plunder my bank account?
Agreed with Mr. Bee.
I’m not certain the author of this article understands the gravity of a Man in the Middle Attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) where Nokia is actively impersonating both you and your bank/email etc.
Regardless of Nokia’s end goal, this is a horribly bad idea.
What happens if Nokia’s proxy servers get compromised with your previously secure data now in cleartext (unencrypted)?
What happens if Nokia gets a government subpoena for the unencrypted data and is forced to store the unencrypted data for “some time”?
Bad. Bad. Idea.
100% agreement.
You can’t teach users “this applies to Opera Mini and Nokia devices not running Symbian or MeeGo and this applies to, practically, everything else”. My mother would not even understand 10% of the previous sentence, and she does not have to.
Even not considering https/SSL “rules”, what Nokia does here is line tapping without an order signed by a judge, heck, even without any claim being present at all. It is actually the equivalent of me opening your mailbox with a crowbar and reading your mail. A secure connection, by all means, should ensure that any misuse can only ever happen by the sender or the recipient(s). I should never be forced to guess if the ISP, browser programmer or email provider is secure, they should just route the bits to their destination.
With today’s mobile bandwidth there is no need to screw security to save a few bits. And certainly not by means of assuming a user’s approval.
I like your mailbox metaphor, but I would say that what they’re doing is “equivalent of me opening your mailbox with a crowbar”, then opening the envelopes just so that I can fold your letters in a more compact way and telling you to trust me that I won’t read any of it.
I agree. It seems that the Nokia browser is asserting the user has a secure connection to the user’s bank (for e.g.) when in fact it is Nokia’s server that has the secure connection to the bank. The user merely has a secure connection to Nokia’ server. Clear misrepresentation to my mind, and not something that can be fixed with an FAQ or a popup.