Nokia Firmware Blunder Sent Some User Data To China

Nokia Firmware Blunder Sent Some User Data To China (zdnet.com) 32

Posted by msmash on Thursday March 21, 2019 @02:50PM from the privacy-woes dept.

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. From a report: In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. HMD Global said that only a single batch of Nokia 7 Plus devices were impacted and included this package. The data collection was exposed today in an investigation published by Norwegian broadcaster NRK, which learned of it from a user's tip. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number.

Nokia Firmware Blunder Sent Some User Data To China

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 32 Comments Log In/Create an Account

Comments Filter:

Unlock the phone (Score:3)

by DrYak ( 748999 ) writes: on Thursday March 21, 2019 @03:03PM (#58311496) Homepage

One more argument to not trust whatever is pre-installed on your smartphone, but unlock the bootloader and flash a firmware that *YOU personally* trust.
Be it some opensource Android derivative [lineageos.org],
or some completely different full-blown GNU/Linux [sailfishos.org] based solution.
( ^- just citing my personal favorite. You could also think about Ubuntu Touch from UBPorts, the system that Purism is building specifically for their Librem 5 phone, etc.)

- - Where is the firmware? (Score:3)
    
    by DrYak ( 748999 ) writes:
    
    The whole point of my post is the ability to put yourself a firmware that you trust.
    How can I get an iOS (or any other firmware, for that matters) to flash myself on an iPhone ?
    You can't.
    You're back to trusting whatever was pre-flashed at the factory.
    From the point of view of "you have no control on what is running on your phone", iPhone are at least as bad as shit from Xiaomi or Huawei or even TFA's HMD, and actually even worse in practice (you can't unlock the bootloader and put your own firmware there).
Oh no (Score:2)

by fortythirteen ( 5606969 ) writes:

What a "blunder"
ethics (Score:5, Insightful)

by Anonymous Coward writes: on Thursday March 21, 2019 @03:18PM (#58311598)

A coding mistake was not the cause. The cause was lack of ethics. With decent ethics that "activation package" would, in order of preference:
- not have existed.
- not have been available in the repository for this firmware.
- be disabled/inactive by default.
- inform the user explicitly of what it is doing.
4 missed opportunities to be at least somewhat ethical. That is not a mistake, that is negligence, at least.

- Mod Up (Score:3, Interesting)
  
  by SuperKendall ( 25149 ) writes:
  
  I came here to say the same thing, but you laid it the multiple levels of ethics failure perfectly.
  It's crazy to me that any level of a company thinks stuff like this is acceptable.
  - Re: (Score:1)
    
    by Anonymous Coward writes:
    
    This exposes the data collection requirements for phone manufacturers by the Chinese government more than anything else.
    Why else would they install something like that? Surely no ad network could have been paying enough for the company to include that.
- - Re: (Score:3)
    
    by Luckyo ( 1726890 ) writes:
    
    Do you realise that Nokia you're citing is a different company from HMD which is licensing the Nokia brand for its phones?
- Re: (Score:3)
  
  by Luckyo ( 1726890 ) writes:
  
  This "activation package" exists for essentially every smartphone running the two primary phone OSs in existence. It's also present in a slightly different form on win10. It's typically called "telemetry".
  The coding mistake was likely in that HMD makes a lot of phones for Chinese market, which means that data is sent to local Chinese companies doing the data processing rather than US ones. So it's likely that someone was copy-pasting code for one of the updates, and accidentally pasted too many lines of cod
I'm safe! (Score:2)

by grumpy-cowboy ( 4342983 ) writes:

I have a Google Pixel. ;)
- - Re: (Score:2)
    
    by Shikaku ( 1129753 ) writes:
    
    https://download.lineageos.org... [lineageos.org] if he did use this and not install any of the GApps he is actually, but I'm not the OP so I don't know.
Ha ha (Score:2)

by JustAnotherOldGuy ( 4145623 ) writes:

Yeah, right- it was a 'blunder'.
From the until-we-get-caught dept. (Score:2)

by theCat ( 36907 ) writes:

Or maybe it was the chinese-outsourcing dept.
Or maybe the easier-to-say-sorry-than-ask-permission dept.
Only Huawei is evil (Score:1)

by Anonymous Coward writes:

Signed NSA

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Nokia Firmware Blunder Sent Some User Data To China (zdnet.com) 32

Nokia Firmware Blunder Sent Some User Data To China More Login

Nokia Firmware Blunder Sent Some User Data To China

Unlock the phone (Score:3)

Where is the firmware? (Score:3)

Oh no (Score:2)

ethics (Score:5, Insightful)

Mod Up (Score:3, Interesting)

Re: (Score:1)

Re: (Score:3)

Re: (Score:3)

I'm safe! (Score:2)

Re: (Score:2)

Ha ha (Score:2)

From the until-we-get-caught dept. (Score:2)

Only Huawei is evil (Score:1)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot