Investigators Replicate Nokia 1100 Banking Hack

Ian Lamont writes "Investigators have duplicated an online banking hack using a 2003-era Nokia mobile phone. Authorities had been aware for some time that European gangs were interested in buying the phone, and were finally able to confirm why: It can be used to access victims' bank accounts using "special software written by hackers." The hack apparently works by letting criminals reprogram the phones to use someone else's phone number and receive their SMS messages, including mTANs (mobile transaction authentication numbers) from European banks. However, the only phones that work are 1100 handsets (pictures) made in a certain factory. Nokia had claimed last month it had no idea why criminals were paying thousands of euros to buy the old handsets."

It may be illegal..

It may be illegal, but the hackers deserve some credit for being able to figure this out.

Re:It may be illegal..

[K.+S.+Kyosuke]

If I am not mistaken, you already can buy and run something like that.

Hardware hack?

"The modified firmware is then uploaded to the Nokia 1100. Certain models of the 1100 used erasable ROM, which allows data to be read and written to the chip, Becker said."

If that's the case, how hard would it be to desolder a non-flashable ROM and replace it with one that is? It would certainly be more hassle than buying a phone already built that way, but with the right tools and enough effort, why wouldn't any phone be susceptible to this type of attack?

They're just reprogramming the IMEI and IMSI...

[admiralfrijole]

from tfa: That application allows a hacker to decrypt the Nokia 1100's firmware, Becker said. Then, the firmware can be modified and information such as the IMEI (International Mobile Equipment Identity) number can be changed as well as the IMSI (International Mobile Subscriber Identity) number, which allows a phone to register itself with an operator.

Uh... this ability is hardly unique to this device, I have a feeling there's something else they're not telling us.

Re:They're just reprogramming the IMEI and IMSI...

[Viraptor]

Agreed - the explanation seems weird. I'm not sure about Nokia patching scene, but most of the Siemens *45, *55, *65 phones could be completely reprogrammed and were well understood. SL45 was one of the best examples - it's annotated assembler firmware was so nice to work with that people simply wrote binary patches in assembler, or used C compiler + binary patched some jump addresses. There were complete design notes circulating on P2P networks. I'm not sure what can be so specific to Nokia 1100 that they don't want to reprogram any other device.

Even better - if they're good enough to reprogram Nokia to interact directly with SIM and GSM module, why won't they just buy GSM modules themselves and clone some random SIM cards? It's not like GSM transmitters are some controlled goods available only to Nokia et al. If you can afford 100 of them, they should be quite easy to obtain.

So yeah - it seems there's something more going on here. Or they're just some script kiddies who bought a "hacking technique" from someone more advanced and now they can only replicate the issue on that one device.

what is needed for this to work...???

[broomer]

1. physical access to SIM-card to get the IMSI
2. info on bank account / phone number
3. hacking in PC/internet connection to determine if/when the code is used.
4. raise no suspicion when a code is sent and not received by the original recipient, and recipient is not able to call/being called or send/receive text because the original phone will be blocked until it is paired again with the GSM-system (power cycled)
5. you need to have a bank that does have this system. (mine does not)

so not as viable as it looks.