Nokia 8 phones may have sent sensitive information to a server in China

@schox Let's continue discussion in this thread ;)…

Nokia 8 phones may have sent sensitive information to a server in China

potemkin potemkin
✭✭✭  / 
@schox Let's continue discussion in this thread ;)


- I discovered similar activity nine months ago. The phone was not a Nokia 7 Plus, but a cheap Nokia 2. I suppose the software is similarly loaded across models
NRKbeta are fortunate to have access to a number of talented developer colleagues in NRK, and on Thursday, March 21, we investigated two Nokia models, one Nokia 3 and one Nokia 5. Both of these models had an application called autoregistration installed.

The application sends an encrypted message to the domain aps.c2dms.com
...
The message goes to aps.c2dms.com, a domain owned by Shanghai Best Oray Information S&T.
Shanghai's Best Oray Information S&T Co., Ltd. is owned by the ownership register . (Oray) listed as the holder of the domain. This company is listed as a ransom virus spreader by Ransomware Tracker , a web site that tracks which domains and IP addresses contribute to the spread of malware.
Tagged:

Comments

  • marsic marsic
    ✭✭✭✭  /  edited March 2019
    Uhm...  :|:s:#
    I'm curious whether they've also tested the 8. Is anyone here savvy enough/capable of tracing such traffic from our model?
  • potemkin potemkin
    ✭✭✭  / 
    The fact that the same system app is installed on Nokia 8 (and as it seems on all Nokia phones) is cause of concern. I don't think there is a chance that the same app is installed on all Nokia phones but somehow was only sending data from Nokia 2 and Nokia 7 Plus to server in China. Let's not be naive. App was sending data from ALL Nokia phones to China.
  • MrBelter MrBelter
    ✭✭✭✭  / 
    Is this the same thing or something else?

    com.evenwell.autoregistration.overlay.base.s600w

  • potemkin potemkin
    ✭✭✭  /  edited March 2019
    mrbelter said:
    Is this the same thing or something else?

    com.evenwell.autoregistration.overlay.base.s600w

    I'm pretty sure it's the same thing.
  • user1508938037450 user1508938037450
    ✭✭✭  / 
    I hope, that Google is interessted in on this Informations. That could be the end of Android on "Nokia"-Smartphones. 
  • So, I will leave my Nokia mobile use. I'm very very regret while hearing the data sharing news >:) 
  • potemkin potemkin
    ✭✭✭  / 
    Just read about this on GSM Arena. HMD claiming it's just a mistake with software package of single batch of Nokia 7 Plus.
    I saw one comment I find hilarious:
    Pfft, it's just only the Nokia 7 Plus. I'm glad I got the Nokia 8 years ago and still kicking. Guys, just buy flagships.

  • user1508938037450 user1508938037450
    ✭✭✭  /  edited March 2019
    This "spy-app" is installed on Nokia 3 and Nokia 5, too and was found there, too. It isn't also only a Nokia 7 Plus - problem. This information was from yesterday. But, the app on 3 and 5 was "not active". But, she could be activated without problems from "outside" (?). GREAT. 😳😒
  • madbilly madbilly
    ✭✭✭✭  /  edited March 2019
    marsic said:
    Uhm...  :|:s:#
    I'm curious whether they've also tested the 8. Is anyone here savvy enough/capable of tracing such traffic from our model?
    It would take me a while to remember exactly how but the method I would use would be use WireShark on my home Wifi (not telecoms networks, that's illegal) and see if I can spot something being sent to that domain.

    Another method could be to install Lumen Privacy Monitor: https://haystack.mobi/
    But since that's not open source I don't know if I trust it so I haven't had it on my 8 yet (though did have it on my 1+ before and it is enlightening!).

    I'm just seeing if Activity Launcher will tell me anything and I'll report back in a few minutes.

    Update: Activity Launcher didn't show it. This app is an alternative to QuickShortcutMaker which I'm not prepared to install because I'm not sure if I trust it. Someone on the Nokiamob discussions on this topic suggested that QuickShortcutMaker showed these Chinese domains in the Evenwell apps.
  • marsic marsic
    ✭✭✭✭  /  edited March 2019
    @madbilly awesome, just remember that they said the data sending occurs when unlocking the phone/screen. Perhaps you should replicate it in your tests.

    Where do I access activity launcher from? Is it a pre-installed system app?
  • madbilly madbilly
    ✭✭✭✭  /  edited March 2019
    marsic said:
    @madbilly awesome, just remember that they said the data sending occurs when unlocking the phone/screen. Perhaps you should replicate it in your tests.

    Where do I access activity launcher from? Is it a pre-installed system app?
    Hi @marsic, I don't do any of the Wireshark investigation tonight, I don't have time. But there are plenty of tutorials online if you want to try yourself.

    See my edited post above for info Activity Launcher.
  • madbilly madbilly
    ✭✭✭✭  / 
    I have installed lumen but I don't think it's monitoring system apps. I tried locking and unlocking but nothing showed up.
  • MrBelter MrBelter
    ✭✭✭✭  / 
    https://www.nokia.com/phones/en_int/privacy-info 

    Looks like we're in the clear with the Nokia 8 (sorry if it's been posted already)
  • marsic marsic
    ✭✭✭✭  / 
    I won't trust a single word from them anymore. :/
  • DibyaXP DibyaXP
    ✭✭✭  / 
    Nothing to be shocked . **** over Foxconn who are inhuman wreck can do anything . Previously they infected many Micromax phones with ad ups spyware over OTA . Foxconn uses childrens as labour and they make some worst quality jacks socket on the Earth.
  • Mick1965 Mick1965
    ✭✭✭  / 
    I've just checked my router (it's lists all sites being accessed for all devices )and there are no entries for either my 8 or the two 5's to aps.c2dms.com .
    I only checked from when the WiFi came on this morning till now  (2 1/2 hrs or so)

    How often is this meant to happen?
  • marsic marsic
    ✭✭✭✭  / 
    @Mick1965 allegedly it sends the data whenever the phone/screen got unlocked, to a Chinese server at vnet.cn . That's what they said at least about the Nokia 7 model, I don't remember exactly about the other models.
  • potemkin potemkin
    ✭✭✭  / 
    Should I believe what HMD says about this? According to HMD my phone is on February patch but according to my phone it's on January patch.
  • MrBelter MrBelter
    ✭✭✭✭  / 
    I think on this one HMD dare not put a foot wrong given the massive fines they would get slapped with so I'd be inclined to trust them on their word.

    I think the bigger problem is what HMD don't know about, it wouldn't surprise me if someone found something else and HMD genuinely didn't know anything about it.
  • user1508938037450 user1508938037450
    ✭✭✭  / 
    It is HMD'S "OFFICIAL" Statement. And, what shall they do/ say. We will see, if we can it believe. We will hear the checking results. 😎
  • Mick1965 Mick1965
    ✭✭✭  / 
    marsic said:
    @Mick1965 allegedly it sends the data whenever the phone/screen got unlocked, to a Chinese server at vnet.cn . That's what they said at least about the Nokia 7 model, I don't remember exactly about the other models.
     Thanks.
    I have just checked the logs again, for that address. Still nothing.
    So hopefully like they say others are not affected.
  • user1508938037450 user1508938037450
    ✭✭✭  / 
    "Our" Nokia 8 was in the reports not the "theme". In the moment they speak only about the 7 Plus. If it is true in reality, that this System-App was installed on Nokia 3 and Nokia 5, too, has HMD a Problem to declare it. In the moment it gives not Informations, that all Nokia-Smartphones send Informations to the "chinese Surver". 😉
  • MrBelter MrBelter
    ✭✭✭✭  / 
    Lets be honest if you monitored all the traffic from your phone you would be horrified, just about everything you install is sending data about you to someone.
  • Lendl Payabyab Lendl Payabyab
    ✭✭  / 
    i stopped all evenwell processes and apps. it made my battery life a lot better. im using nokia 8 ta-1004
  • marsic marsic
    ✭✭✭✭  /  edited March 2019
    @Lendl Payabyab have you noticed any negative effects of stopping all of those services? Any sign of sluggishness or delayed response to commands, etc? I'm pretty tempted to try this..
  • marsic marsic
    ✭✭✭✭  / 
    About that image from their article, can someone tell me how that kind of data can be used to "enhance user satisfaction" and "improve product experience"? Anyway, both are subjects that they've been catastrophic at, as of lately.
Sign In or Register to comment.