Slashdot Mirror

← Back to Stories (view on slashdot.org)

Investigators Replicate Nokia 1100 Banking Hack

Posted by timothy on from the could-be-an-ebay-scam-rumor dept.

Ian Lamont writes "Investigators have duplicated an online banking hack using a 2003-era Nokia mobile phone. Authorities had been aware for some time that European gangs were interested in buying the phone, and were finally able to confirm why: It can be used to access victims' bank accounts using "special software written by hackers." The hack apparently works by letting criminals reprogram the phones to use someone else's phone number and receive their SMS messages, including mTANs (mobile transaction authentication numbers) from European banks. However, the only phones that work are 1100 handsets (pictures) made in a certain factory. Nokia had claimed last month it had no idea why criminals were paying thousands of euros to buy the old handsets."

8 of 181 comments (clear)

  1. It may be illegal.. by Anonymous Coward · · Score: 4, Interesting

    It may be illegal, but the hackers deserve some credit for being able to figure this out.

    1. Re:It may be illegal.. by OeLeWaPpErKe · · Score: 3, Interesting

      Even now clearly the over-the-air gsm protocol allows for this hack. Perhaps 1100 phones will be in short supply, but clearly the protocol itself is vulnerable.

      If they found the 1100 flaw, how hard could it be to duplicate the flaw in a something like a 800 Mhz tuner + fpga ?

    2. Re:It may be illegal.. by K.+S.+Kyosuke · · Score: 4, Interesting

      If I am not mistaken, you already can buy and run something like that.

      --
      Ezekiel 23:20
  2. Hardware hack? by Anonymous Coward · · Score: 5, Interesting

    "The modified firmware is then uploaded to the Nokia 1100. Certain models of the 1100 used erasable ROM, which allows data to be read and written to the chip, Becker said."

    If that's the case, how hard would it be to desolder a non-flashable ROM and replace it with one that is? It would certainly be more hassle than buying a phone already built that way, but with the right tools and enough effort, why wouldn't any phone be susceptible to this type of attack?

  3. They're just reprogramming the IMEI and IMSI... by admiralfrijole · · Score: 4, Interesting

    from tfa: That application allows a hacker to decrypt the Nokia 1100's firmware, Becker said. Then, the firmware can be modified and information such as the IMEI (International Mobile Equipment Identity) number can be changed as well as the IMSI (International Mobile Subscriber Identity) number, which allows a phone to register itself with an operator.

    Uh... this ability is hardly unique to this device, I have a feeling there's something else they're not telling us.

    --
    e to the pi i plus one equals zero
    1. Re:They're just reprogramming the IMEI and IMSI... by Viraptor · · Score: 5, Interesting

      Agreed - the explanation seems weird. I'm not sure about Nokia patching scene, but most of the Siemens *45, *55, *65 phones could be completely reprogrammed and were well understood. SL45 was one of the best examples - it's annotated assembler firmware was so nice to work with that people simply wrote binary patches in assembler, or used C compiler + binary patched some jump addresses. There were complete design notes circulating on P2P networks. I'm not sure what can be so specific to Nokia 1100 that they don't want to reprogram any other device.

      Even better - if they're good enough to reprogram Nokia to interact directly with SIM and GSM module, why won't they just buy GSM modules themselves and clone some random SIM cards? It's not like GSM transmitters are some controlled goods available only to Nokia et al. If you can afford 100 of them, they should be quite easy to obtain.

      So yeah - it seems there's something more going on here. Or they're just some script kiddies who bought a "hacking technique" from someone more advanced and now they can only replicate the issue on that one device.

  4. what is needed for this to work...??? by broomer · · Score: 5, Interesting

    1. physical access to SIM-card to get the IMSI
    2. info on bank account / phone number
    3. hacking in PC/internet connection to determine if/when the code is used.
    4. raise no suspicion when a code is sent and not received by the original recipient, and recipient is not able to call/being called or send/receive text because the original phone will be blocked until it is paired again with the GSM-system (power cycled)
    5. you need to have a bank that does have this system. (mine does not)

    so not as viable as it looks.

  5. Re:Interesting by ppanon · · Score: 3, Interesting

    According to the other posts earlier in this thread, the critical thing about this phone is that the firmware is a flashable ROM that can be easily reprogrammed. So the critical thing is that you can easily get this phone to lie, about the phone account used, and about anything else that would be transmitted over the standard GSM protocols. So the GP is correct: locking out the phone type - assuming it was possible, wouldn't do any good because the phone could be reprogrammed to impersonate something else.

    It is extremely unlikely that the existing cell tower/receiver infrastructure could be used to determine that a phone is an 1100 impersonating some other model (or even upgraded to do so). It would be better to spend the development costs on revamping GSM to use a secure handshake protocol with large asymmetric key sizes and non-removable private keys, and securing OOB control channels with AES. Good luck getting police forces and spook agencies to roll over for that one though.

    --
    Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire