loader gif

Nokia firmware blunder sent some user data to China

Nokia firmware blunder sent some user data to China (Breaches and Incidents)

HMD Global, the Finnish company that sublicensed the Nokia smartphone brand from Microsoft, is under investigation in Finland for collecting and sending some phone owners' information to a server located in China. In a statement to Finnish newspaper Helsingin Sanomat, the company blamed the data collection on a coding mistake during which an "activation package" was accidentally included in some phones' firmware. According to NRK, affected Nokia phones collected user data every time the devices were turned on, unlocked, or the screen was revived from a sleep state. Collected data included the phone's GPS coordinates, network information, phone serial number, and SIM card number. The data was sent to a server in China, located on the network of China Telecom. Based on NRK's investigation of the phone's firmware, the code responsible for the data collection was written circa 2014 and resided in a subfolder named "China Telecom," suggesting it was most likely intended to be deployed on phones sold only in China, to comply with local data collection laws.

loader gif