HMD Releases Statement Regarding Alleged Data Breach In Nokia Devices
As previously reported, some Nokia 7 Plus devices in Norway were found inadvertently transferring information to Chinese servers. Needless to say, concerns rose around the incident, with a lot of people unknowingly accusing the Chinese hackers of attempting to steal private data from the users. On March 23, 2019, HMD Global put forth an official statement regarding the same, which cleared some doubts surrounding the issue.
Cause Of The “Alleged Data Breach”
As per the Foxconn subsidiary, FIH mobile (the Finnish company which manufactures Nokia devices in China), the device suspected of sending data i.e. the Nokia 7 Plus did not transfer any user data to the Chinese servers. Instead, the shared information included the activation data from the device. The reason why this happened was quite clear. It was just a manufacturing error that led to this “data breach” incident.
The Finnish company had mistakenly installed the Chinese device activation client on the Nokia smartphones which were intended to retail outside China. Consequently, the activation data was being sent to vnet.cn, a Chinese server located in the China Internet Network Information Center, or CNNIC. The domain is owned by the state-run Chinese Telecom operator.
HMD Global also stated that the issue was taken care of in the month of February since most Nokia 7 Plus smartphones had been updated with the bug fix. Users can check if the fix is installed in their devices by going to Settings>System>About Phone>Build Number. The build number should be “00WW_3_39B_SP03” or “00WW_3_22C_SP05“. If the build number does not match, users may need to update their device. This can be done by going to Settings> System> Advanced>System Update>Check for Update.
Reason Behind Data Privacy
Lastly, HMD Global said that the global variants of the Nokia devices have their data stored in Singapore, which abides by very strict privacy laws (as shown in the aforementioned infographic released by the company) However, Chinese Cyber Security Laws state that the data originating in China will stay in China, so the company’s Chinese units will only send data to the Chinese servers. Moreover, the company also cleared up the doubt that Nokia devices are sharing user data with third-party servers, stating that this speculation is completely incorrect.