[liberationtech] Nokia's MITM on HTTPS traffic
Collin Anderson
collin at averysmallbird.com
Thu Jan 10 06:48:26 PST 2013
The words "Nokia" and "MITM" are bound to attract attention. There is a
substantive difference between this and CarrierIQ situation; the matter in
question is a common, although older, trend that is certainly not limited
to the browsers in question. Pages are rendered by a third party for a
number of reasons: 1.) the device is underpowered and probably cannot
support all the scripts and images of modern webpages, 2.) this enables
Flash and other third party plugins not available for the platform, 3.)
saves data costs, 4.) this acts as a web proxy, allowing the device to
access content filtered in the country. Perhaps the failure is explaining
the privacy implications to the user, but other than that, this is not news.
On Thu, Jan 10, 2013 at 6:13 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> h/t to Lauren Weinstein via his "nnsquad" mailing list.
>
> Writeup:
>
>
> http://thenextweb.com/insider/2013/01/09/nokia-seems-to-be-hijacking-traffic-on-some-of-its-phones-grabbing-your-https-data-unencrypted/
>
> Original:
>
> https://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
>
> Question: does there exist a coordinated/organized/systematic effort
> to test all extant phones for this and similar problems? Because as
> this and CarrierIQ demonstrate, we certainly can't trust the vendors
> or the telcos.
>
> ---rsk
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130110/f7c3cf6c/attachment.html>
More information about the liberationtech
mailing list