Hackers blackmailed Nokia with smartphone encryption keys?

Advertisement

Smartphone manufacturers frequently go to enormous lengths to help keep our devices secure. Part of that role is regulatory, keeping unwanted apps out of centralized app stores. Other protections are technical, using software to keep one step ahead of ne’er-do-wells. One such technical protection is code signing, allowing developers to use an encryption key to let end users verify that code came from a known trusted source; this is why you can safely sideload updates to Google’s Android apps you find online, as they can be verified as coming from Google itself. But now a new story’s emerging about how some hackers nearly undid this protection for one smartphone platform, and blackmailed Nokia in the process.

We have to go back a few years for this, to the days when Symbian was still a viable platform. Reports out of Finland this week claim that six years ago Nokia paid hackers a sum of several million euros in order to prevent the group from releasing critical Symbian source code, including a private Nokia encryption key that could be used to sign code. Were that ever to get out into the wild, malicious code could be made to look indistinguishable from legitimate Nokia-sourced software.

Finnish police have confirmed that they’re investigating the case, and while Nokia hasn’t confirmed the details (perhaps due to the ongoing nature of the investigation), this talk of blackmail does align with those media reports.

A potential hack involving Symbian might not seem so important now, but remember: we’re learning about this six years after the fact. Could there be similar, more recent cases involving other smartphone platforms that have yet to become public knowledge?

Source: Reuters
Via: The Verge

Advertisement

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!