Some Nokia smartphones include a backdoor that sends data to servers in China

According to experts in ethical hacking training from the International Institute of Cyber Security, it is possible that some Nokia branded smartphones, models 7 Plus, will send some user data to servers established in China.

The company HMD Global, established in Finland, which pays for the right to produce and market phones with the Nokia brand, recently confirmed the existence of a software error in a lot of phones, adding that the failures have already been corrected.

Some local media reports mention that the personal data of some users of compromised smartphones, although the company has denied every accusation.

A Nokia 7 Plus smartphone user contacted a public broadcasting company in Norway, stating that he was able to track the data that came out of his smartphone. According to the user, the appliance sent unencrypted data packets to a server in China after switching on the smartphone, activating the screen or blocking the phone.

The person in charge of the defense of the privacy in Finland mentioned that, according to the information provided by a group of experts in ethical hacking training, the personal information of the users could have been sent to Chinese servers. These data would have been sent to servers operated by the Chinese state company Telekom, one of the most important telecommunications providers in China.

According to the ethical hacking training instructors, the data sent to the Chinese servers include:

  • Device location data
  • Nearest telephone tower
  • Phone number
  • SIM card number
  • Device IMEI key

According to experts, a combination of all this data could allow a malicious user to track a user in real time, as well as other malicious activities.

HMD Global claims that the problem only impacted on the lot of Nokia 7 Plus devices mentioned above. The company later added that due to an error, the compromised phones sent activation data to a server in China, but they do not know if the personal details of the users have been involved.