Finland investigates Nokia smartphones sending data to China

Nokia 7 Plus user claims his phone sent ‘unencrypted data’ to Chinese server

nokia breach
(Image credit: AFP/Getty Images)

Finland’s data protection agency has launched an investigation into Nokia owner HMD Global over allegations that its mobiles sent user information to China.

A report by Norwegian broadcaster NRK claims that a data breach affecting an “unspecified number” of Nokia 7 Plus smartphones had exposed information to data centres in China, says Reuters.

NRK was alerted to the issue when a Nokia 7 Plus user contacted them to say his mobile had “often” contacted Chinese servers and sent data in an “unencrypted format” (where information is distributed online without sufficient protection), the news site reports.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE
https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Reijo Aarnio, a data protection officer at the Finnish watchdog, told Reuters that the firm would be assessing whether the software glitch involved “personal information and if there has been a legal justification for this”.

According to smartphone news site Android Authority, the server was traced to a company called the China Internet Network Information Center. NRK then contacted the company, which confirmed that it was owned by state-owned communications firm China Telecom.

Meanwhile, 9to5Google claims the leak would allow third parties to eavesdrop on unsuspecting Nokia 7 Plus users, as their geographical position, SIM card number and mobile serial number were allegedly sent to the server every time they unlocked their device.

While HMD Global has not revealed any details about the server, a spokesperson for the Finnish company confirmed to Reuters that a data breach had occurred.

“We can confirm that no personally identifiable information has been shared with any third party,” the spokesperson said. They added that there had been “an error in software packaging process in a single batch of one device model”.

HMD Global claims it had rectified the issue earlier this year via a software update, Engadget reports.

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us