Submitted via IRC for FatPhil
Finland Feds Investigate Nokia Phones Sending Data To China
Finland's chief of data protection said on Thursday that he would investigate Nokia owner HMD over claims that its mobile phones have been sending data to Chinese state-owned servers.
The investigation follows an report by Norwegian public broadcaster NRK which claims that owners of Nokia 7 Plus phones may have sent sensitive information to a server in China for several months.
NRK conducted an investigation after being tipped off by a man named Henrik Austad, who monitored the traffic on his Nokia 7 - discovering that it was sending unencrypted information to a Chinese server "vnet.cn" while switched on. The data reportedly included his location, SIM card number and the phone's serial number.
The information consists of identifiable data on both the telephone and the telephone number to which it is attached, and which base station it is associated with. This enables the recipient of the package, and anyone with access to the traffic stream along the way, to follow the phone's real-time movements. -NRK
[...]When NRK tried to track down the ownership information for the URL to which the information was being sent, they hit a dead end.
(Emphasis in original.)
(Score: 4, Funny) by Runaway1956 on Saturday March 23 2019, @08:54AM
If the 5 eyes make you disappear, China can make you reappear!
(Score: 2) by hendrikboom on Saturday March 23 2019, @10:18AM (6 children)
Love to know whether it was the phone's software itself or some user-installed app that's sending the data.
(Score: 3, Interesting) by canopic jug on Saturday March 23 2019, @10:47AM (5 children)
I would expect that it is the main software. The click-through extortion on a different model, the HMD 3310, basically says they monitor everything all the time. There's a URL for the warning for that model somewhere at HMD-Global's web site, but good luck finding it.
Money is not free speech. Elections should not be auctions.
(Score: 5, Informative) by Anonymous Coward on Saturday March 23 2019, @12:36PM (4 children)
It is right there in the qualcomm software on github [githubusercontent.com].
They say it was a mistake that it was sent to China. Not that the data was collected, which they say is standard procedure for all phones according to some excuse about warranty. I think the rest of the manufacturers are eyeballing HMD, "Why would you tell them that! They trust us. Dumbfucks.".
(Score: 0) by Anonymous Coward on Saturday March 23 2019, @12:38PM (3 children)
..and as far as I understand it is a one time data transmission when a new phone is activated.
(Score: 2) by aiwarrior on Saturday March 23 2019, @01:14PM (2 children)
The question is thus: Is Apple safer, or we are safer in ignorance?
(Score: 3, Insightful) by Nerdfest on Saturday March 23 2019, @11:25PM (1 child)
Apple phones generally keep you safer from everyone except Apple. This includes it being safer from *you*.
(Score: 3, Funny) by aiwarrior on Sunday March 24 2019, @12:51PM
Well then Apple is better. The risk is more contained if still a compromise. Is this what you mean?
(Score: 5, Informative) by Anonymous Coward on Saturday March 23 2019, @11:29AM
https://arstechnica.com/gadgets/2019/03/hmd-admits-the-nokia-7-plus-was-sending-personal-data-to-china/ [arstechnica.com]
(Score: 2) by hendrikboom on Saturday March 23 2019, @01:42PM
Isn't this more or less the fata the phone has to sen to headquarters all the time so that the phone company can route incoming calls to it?
Or is the information sent more detailed than that?
Sending it to China is obviously a mistake. Unless he's actually using a Chinese phone number in Finland.
(Score: 3, Informative) by RamiK on Saturday March 23 2019, @02:19PM
Everything you do on a typical smartphone is sent to Google and the ODMs. And the NSA has direct access to the servers storing and processing it: https://gigaom.com/2013/07/09/snowden-maintains-the-nsa-has-direct-access-to-company-servers-which-means-someone-is-lying/ [gigaom.com]
compiling...
(Score: 4, Interesting) by Snospar on Saturday March 23 2019, @02:56PM (1 child)
It will be interesting to see how this plays out in the telecoms sector. The recent allegations that Huawei network equipment is either susceptible to remote access or control, or that it is also sending information covertly back to China have caused many operators to pause in their rollout of Huawei equipment. These same operators will no doubt have Nokia equipment in their estate and would now be wise to turn the same scrutiny on them.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 3, Insightful) by ilsa on Monday March 25 2019, @12:56PM
I would say it's more than that. With US' accusations against Huawei and now this, it really does seem like any telecom equipment from China should be considered suspect.
(Score: 0) by Anonymous Coward on Saturday March 23 2019, @03:31PM (6 children)
I have a fairly up-market powerbank that I occasionally use for my e-book. When you first plug it in the e-book simply switches the little icon to say it is charging on USB. After about 20 minutes, it suddenly starts popping up "connect to computer / cancel " windows.
If you select cancel it pops up again a few seconds later and will keep doing so until unplugged.
If you select connect it instantly kills the ebook dead requiring a full reboot.
If you unplug the powerbank and wait about 30 seconds then plug it in again it will work for about 20 minutes then start trying to connect again.
What are the chances it is trying to install a trojan on a smartphone?
(Score: 1, Informative) by Anonymous Coward on Saturday March 23 2019, @07:43PM (3 children)
It is possible that you have an infected powerbank, but my first guess would be that it includes logic to negotiate for some form of quick charging and the e-book reader is getting confused and trying to go into mass storage mode or similar, thinking you have plugged it into a PC.
(Score: 1, Interesting) by Anonymous Coward on Sunday March 24 2019, @01:16AM (2 children)
It was the timing that really makes me suspicious. I would expect power negotiation to take place immediately. It waits for about 20 minutes before it tries to establish a data connection.
If you plug it into a computer and accept the connection it goes into mass storage mode. It doesn't do that with the powerbank, it crashes hard.
(Score: 2) by maxwell demon on Sunday March 24 2019, @07:58AM (1 child)
The hard crash may me the reader waiting for an answer from the "mass storage device" which never arrives because, well, the power bank isn't a mass storage device.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Tuesday March 26 2019, @03:44PM
Bloody pronouns.
If you plug the ebook into a computer the dialogue pops up immediately on the ebook screen. Select connect, the ebook goes into mass storage mode and the computer sees it as a flash drive. Select cancel, and the ebook keeps operating with a little icon that says it's charging. Either way the dialogue never comes back until you unplug/plug in again. (It's a Kobo by the way)
If you plug the ebook into a USB charger or other powerbanks the ebook doesn't pop up the dialogue at all, it just starts charging while still operating normally. With this one powerbank though, after about 15 to 20 minutes the connect dialogue pops up. Selecting cancel dismisses it, but between one and 5 seconds later it comes back, repeatedly. It's really persistent. You have to unplug and leave it for a while, and then you can plug it in and charge for another 15 to 20 minutes.
(Score: 3, Funny) by jasassin on Saturday March 23 2019, @10:20PM
Try a usb condom. Cable with no data pins. Less than 3 bucks on eBay (more than a month to ship from china).
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by Freeman on Monday March 25 2019, @03:44PM
I have a cheapo card reader that does the same thing (At least I think it's the card reader with the problem). I figure it's more of a piece of junk that's dying. Then again, maybe I'm not paranoid enough.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by inertnet on Saturday March 23 2019, @04:07PM (1 child)
Does anyone know of a good Android (preferably f-droid) app for investigating your own phone? Couldn't find what app was used in any of TFA's.
(Score: 2) by epitaxial on Sunday March 24 2019, @07:04AM
A root shell.
(Score: 2) by Freeman on Monday March 25 2019, @03:40PM
Call me paranoid, if you want. China sure seems to be sucking up whatever data they can and possibly inserting back doors into hardware manufactured by companies based in China. While Google, Microsoft, Apple, Cisco, etc. are probably all guilty of very similar things or more so. The fact of the matter is that the legal restraints and freedoms in the United States are much better than in China. I was seriously thinking about getting a Nokia as my next phone, because I figured Finland would be better about these sorts of things. Apparently, I was wrong. Then again, more likely it's a systemic issue and all you can do is choose the lesser of the evils. For a Chinese citizen, they likely won't get much of a choice.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"