Canada Dashboard Digest

Firm Says It Decrypts HTTPS, But Doesn’t Access It


January 11, 2013

Nokia has confirmed reports by a security researcher that it decrypts HTTPS data flowing through its Xpress Browser—including banking sessions and encrypted e-mail—but the company says it does not access the decrypted information, GigaOm reports. Security Researcher Gaurang Pandya said, “From the tests that were performed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS traffic originated from their phone and hence they do have access to clear text information, which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature.” Nokia said it has “implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate.”
Full Story