June 18, 2014, 2:51 PM — An unknown person or group reportedly stole the cryptographic key used by Nokia to digitally sign applications for Symbian OS and extorted millions of euros from the company in 2007 by threatening to make the key public.
The incident is still being investigated by police in Finland as aggravated extortion, but the case remains unsolved, Finnish news site MTV reported Tuesday.
Nokia declined to comment on the MTV report and the Finnish National Bureau of Investigation did not immediately respond to questions about the case Wednesday. Microsoft, which recently acquired Nokia's Devices and Services business, did not immediately respond to a request for comment.
According to security researchers, if Nokia's digital signing key for Symbian applications ended up on the Internet it would have enabled attackers to create powerful malware for the platform with access to security sensitive functionality.
Many Nokia phones at the time of the alleged incident, including those in the popular Nseries and Eseries product families, were running Series 60 3rd Edition (S60v3), a hardened version of Symbian OS 9.1 developed by the company.
One of the biggest changes in S60v3 compared to previous versions was that it enforced mandatory code signing for applications. In addition, Nokia ran an application certification program through which developers could submit their apps for testing and signing by the company.
According to Nokia documentation, certified apps were able to access "more powerful capabilities" or "restricted Java APIs" and displayed less warning messages to users.
Attackers with access to a Nokia digital signing key could have used it to sign their own applications and evade security mechanisms, Bogdan Botezatu, a senior e-threat analyst at Bitdefender said Tuesday via email.
The key could not have easily been invalidated once it was leaked because the OS didn't check whether digital signing certificates had been revoked.
"Most OSes do not actually check Certificate Revocation Lists; nor do they implement OCSP [Online Certificate Status Protocol] for certificate validation," said Dave Jevans, CTO and founder of Marble Security via email. "They typically just rely on the certificate expiration date. So hijacking a signing cert and private key is a big deal."
"Even today, key revocation is not a simple task, let alone back in 2007 when mobile phones were just starting to get the benefits of data connectivity," Botezatu said. "As far as I remember, the validity of a signature was checked against a root certificate provided with the device. The package was deemed as trustworthy as long as the root certificate was trusted."