Investigators Replicate Nokia 1100 Banking Hack

Ian Lamont writes "Investigators have duplicated an online banking hack using a 2003-era Nokia mobile phone. Authorities had been aware for some time that European gangs were interested in buying the phone, and were finally able to confirm why: It can be used to access victims' bank accounts using "special software written by hackers." The hack apparently works by letting criminals reprogram the phones to use someone else's phone number and receive their SMS messages, including mTANs (mobile transaction authentication numbers) from European banks. However, the only phones that work are 1100 handsets (pictures) made in a certain factory. Nokia had claimed last month it had no idea why criminals were paying thousands of euros to buy the old handsets."

Re:Interesting

[e4g4]

I'm guessing it won't take long for these phones to be outlawed in the EU though.

Yeah, legal prohibition is an excellent way to prevent people from using something. It works so fantastically well for drugs, guns and pirated music/movies.

Re:So who will be fired

[jimicus]

A number of people in IT seem to believe that the only acceptable form of security - particularly as it relates to anything remotely important - is one which is not susceptible to any sort of attack, real or theoretical, until some time after the heat death of the universe.

Banks don't. They know full well that there will always be a certain amount of fraud no matter what you do.

Every change you want to make to the bank's system costs - in man hours to develop, test and deploy the fix and also in terms of the risk of something going wrong when you come to deploy, Most of these costs can be boiled down to cold hard cash. If making the necessary changes will cost more than the amount of fraud it's expected to prevent, don't be surprised to see nothing change.

Rest assured that these people count cash all day long, they can certainly work out exactly how much such changes will cost.