Nokia Security

Contact Nokia Customer Care for support

To find support for your Nokia product, please use the easy self-help tools or contact us by chat, email or phone. We can help you in more than 60 languages.

Visit support pages

Nokia product security and privacy

Nokia wants to help consumers keep their devices and information secure and further develop the security and reliability of Nokia devices and services. We recognize and appreciate the important role that security researchers, developers and users have in keeping our customers secure.

Nokia respects your privacy. You can read more at any time by visiting www.nokia.com/privacy.

Vulnerability Research

Nokia recognizes and supports responsible vulnerability research and reporting. All Nokia run services, applications and products are in scope of the program excluding Nokia corporate infrastructure. While we encourage responsible vulnerability research, attempt to exploit a vulnerability with malicious intent is an unlawful action and is subject to legal prosecution by law enforcement agencies. Vulnerability research should not impact normal service activity. Extraction of data beyond minimum required to demonstrate a vulnerability (e.g. database version and one table structure), or testing of DoS (Denial of Service) scenarios are prohibited and will be considered as malicious activity. Performing research activities should not involve automated tools and utilities. Vulnerabilities found by automated tools are excluded from any reward and recognition program. All tests should be executed on researchers own accounts if applicable without involvement of other service users. Only vulnerabilities that have a real attack vector are considered under any reward and recognition program. These include, but are not limited to, overflows leading to code execution, injection type vulnerabilities, cross site scripting vulnerabilities, authentication bypass, etc.

Responsible Disclosure

Vulnerability reports should include detailed technical description of the vulnerability and steps required to reproduce erroneous behavior in plain text. Screenshots (jpeg/png) and traffic dumps (tpcdump compatible pcap) are accepted as additional information. Vulnerability reports should not include links to external resources or malicious code designed to compromise data of a person verifying vulnerability. If you are making multiple reports, it will help us if you consolidate them into a single message per day.

Public Disclosure

As part of coordinated disclosure, public disclosure is allowed 90 days after Nokia acknowledges acceptance of the report or after the bug is fixed and verified by the reporter. Exception to this 90-day rule is issues where the fixing of the vulnerability is not by any means possible for Nokia or where Nokia and the researcher agree on longer response time. Public disclosure may include only the technical information regarding vulnerability. Any additional information that is not required for understanding the vulnerability should be excluded out of public disclosure.

Vulnerability Reporting

To report security vulnerabilities or other security and privacy issues relating to Nokia run services, applications or products, please contact security-alert@nokia.com.

Reward & Recognition

Nokia will recognize and reward researchers based on the vulnerability criticality and vulnerable service priority. A Nokia internal committee will review and determine what type of recognition is given to the researcher when applicable. Our most common recognition is our Hall of Fame.

Nokia press contact points

Corporate Communication
Nokia Media Relations
Tel: +358 7180 34900
Email: press.services@nokia.com

Keilalahdentie 2-4 FIN-02150 ESPOO
P.O. Box 226 FIN-00045 NOKIA
GROUP FINLAND

You can contact Press Services
Mon-Fri between 8.30 a.m. and 4.30 p.m. (CET+1).