[cryptography] yet another certificate MITM attack
jaltman at secure-endpoints.com
Thu Jan 10 17:21:44 EST 2013
When you look at what the Nokia Browser does in the non-TLS case you see
that the Nokia Browser like the Kindle Browser and Opera Mobile use a
dedicated proxy server to avoid DNS latency and permit
cached/compressed/reformatted web pages to be transmitted to the mobile
device. This is
performed by the Nokia Browser including the desired target URL as a
private http header.
What I believe is occurring for https connections is that Nokia Browser
is establishing a TLS connection to the Nokia Proxy and continuing to
send the target URL as a private http header. What is unclear is how
the Nokia Browser interacts with the proxy under this situation. Is the
Proxy providing a tunnel for the client or is it acting as a MITM?
This does not appear to me to be a certificate being misused.
On 1/10/2013 4:53 PM, ianG wrote:
> Just on that theme of multiple attacks from different vectors leading to
> questions at the systemic level, another certificate failure just got
> posted on slashdot:
> "On Wednesday, security professional Gaurang Pandya outlined how Nokia
> is hijacking Internet browsing traffic on some of its phones. As a
> result, the company technically has access to all your Internet content,
> including sensitive data that is sent over secure connections (HTTPS),
> such as banking credentials and pretty much any other usernames and
> passwords you use to login to services on the Internet. Last month,
> Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a
> proxy, instead of directly hitting the requested server. The connections
> are either redirected to Nokia/Ovi proxy servers if the Nokia browser is
> used, and to Opera proxy servers if the Opera Mini browser is used (both
> apps use the same User-Agent)."
> Which Nokia apparently admits:
> "When temporary decryption of HTTPS connections is required on our proxy
> servers, to transform and deliver users’ content, it is done in a secure
> Pictures above seem to indicate VeriSign as the CA, but whether that
> means they know about the MITMing is not clear.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: OpenPGP digital signature
More information about the cryptography