A batch of Nokia phones were inadvertently communicating with a Chinese server

On Thursday, major news firm of Norway, NRK reported about an issue where several units of the Nokia 7 Plus were inadvertently sending personal information to a Chinese server. These units were sold in the Norwegian market but quickly raised grave concern when the communication between the handset and Chinese server were discovered.

The report found that personal information about the device, including GPS coordinates, SIM card number, and the devices serial number were being transferred to the server, unencrypted. This was happening whenever the phone was switched on, screen fired up, or the phone was unlocked. This behavior is typical of smartphones intended for the Chinese market.

Nokia 7 Plus

The domain name of the server is vnet.cn which is the CNNIC or China Internet Network Information Center. The owner of the domain is China’s state-owned China Telecom.

More than likely what happened was that a piece of software that was intended for Chinese variants of the Nokia 7 Plus slipped through the cracks and ended up being installed on a single batch of Nokia 7 Plus’ headed for the Norwegian market. HMD Global pushed a firmware update that removed the China-specific application for the Norwegian market.

The incident caused Finland’s data regulator to launch an investigation against HMD Global regarding the incident, as it directly violated the GDPR guidelines for user data that the European Union launched last year. The violation is on the grounds that SIM card number, base stations, and serial number of a device are all considered personal information.

We’ve seen this kind of thing happen in the past with OnePlus’ Oxygen OS and clipboard data that was allegedly being sent to Chinese servers. Although the information wasn’t actually sent, the code discovered was residual code from Hydrogen OS – Chinese variant of OnePlus’ UI – it was discovered by an amateur developer.

Source | Translated

Let’s block ads! (Why?)

Published by Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).