Coffeehouse Post

Single Post Permalink

View Thread: Man-in-the-Middle attack
  • User profile image

    , cheong wrote

    I think updates from Windows Marketplace can be trusted because Microsoft will have staffs to check, but how about the softwares preinstalled on the phone? Does Microsoft have measures to prevent these things be added?

    Btw, if they're possible to hijack HTTPS traffic, I've think perhaps updates from Windows MarketPlace can be manipulated to bypass guard by Microsoft (but replacing contents for update through their proxy to another modified version), am I right?

    1. The software pre-installed on your phone is pre-installed by Nokia anyway, so if Nokia were able to MitM to install stuff on your phone is no enhancement of their current privilege

    2. Windows Updates (including core phone OS updates) are all digitally signed back to Microsoft. Even if someone MitMs SSL traffic between you and Microsoft and swaps out the update for a malicious one it will fail the digital signature check and be rejected by the handset.


    The main worry is that someone who was able to hack into the Nokia proxy would be able to see your GMail/Hotmail/Banking passwords and credit card numbers.