A few weeks ago, information emerged from the Dutch police, who uncovered a gang of hackers who bought up for tens of thousands of dollars old models of the Nokia 1100 phone, produced at the long-closed factory in Bochum in 2003. It was reported that in these models there is some undocumented function that allows you to get some secret banking information from official messages from an online banking service.
As a result of the study, specialists discovered new technical details.
In rare phones, a special version of the firmware was installed, which was relatively easy to reprogram in order to receive SMS sent to any numbers. As you know, some banks in Germany and the Netherlands send one-time mTAN (mobile Transaction Authentication Number) passwords via SMS, which are necessary for accessing the account and conducting bank transactions. To use someone else's mTAN, the hacker must already know the username and password for the online banking service. But they are much easier to find out than getting someone else's SMS.
Specialists from Ultrascan purchased a copy of the vulnerable Nokia 1100 model and report that they were able to successfully intercept someone else's mTAN with it. To change the firmware, they found a program through their hacker channels that disassembles the Nokia 1100 firmware on a regular PC and allows you to change the IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers. The changed firmware is copied back to the phone's ROM memory, which can be overwritten in this model. After that, the victim's SIM card is cloned (this is a technically trivial task) — and the phone is ready to work under someone else's number.
Nokia has not yet officially commented on this information. But earlier, she made a statement that she did not believe in the existence of a vulnerability in the Nokia 1100 firmware.
====
true story... Mobile phone for intercepting other people's SMS messages.
• The other day, I came across some interesting statistics about the best-selling mobile phones in history. The first place in these statistics is occupied by Nokia 1100, and the total number of sales of this phone exceeded 250 million. And then I remembered a funny story that happened back in 2009...
• During the investigation of a mail fraud case in the Netherlands, the police encountered a very interesting fact – an unknown buyer gave 25 thousand euros for a Nokia 1100 phone. This budget model was released at the end of 2003 and was intended for emerging markets, and the price of the phone was less than 100 euros.
• In an attempt to find out why hackers are willing to pay so much money for a cheap and seemingly inconspicuous device, the police turned to the company Ultrascan Advanced Global Investigations. Ultrascan experts found that hackers are not attracted to all Nokia 1100 devices, but only those made at the Nokia factory in Bochum (Germany).
• This series of devices was recognized as defective due to problems in outdated software created back in 2002. Due to this very "defect", hackers learned to intercept other people's SMS messages, in particular, one-time codes for bank transactions — mTAN (mobile Transaction Authentication Number), which European banks sent to their customers via SMS.
* Thus, it turns out that hackers only had to connect this phone (without any flashing) to a sniffer like WireShark and the deal is in the bag — you can intercept SMS, and then transfer money to your account.
* It is interesting to note that at the time of the incident (2009), Nokia sold more than 200 million copies of the Nokia 1100 and models based on it worldwide, but the number of vulnerable devices remains unknown...
As a result of the study, specialists discovered new technical details.
In rare phones, a special version of the firmware was installed, which was relatively easy to reprogram in order to receive SMS sent to any numbers. As you know, some banks in Germany and the Netherlands send one-time mTAN (mobile Transaction Authentication Number) passwords via SMS, which are necessary for accessing the account and conducting bank transactions. To use someone else's mTAN, the hacker must already know the username and password for the online banking service. But they are much easier to find out than getting someone else's SMS.
Specialists from Ultrascan purchased a copy of the vulnerable Nokia 1100 model and report that they were able to successfully intercept someone else's mTAN with it. To change the firmware, they found a program through their hacker channels that disassembles the Nokia 1100 firmware on a regular PC and allows you to change the IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers. The changed firmware is copied back to the phone's ROM memory, which can be overwritten in this model. After that, the victim's SIM card is cloned (this is a technically trivial task) — and the phone is ready to work under someone else's number.
Nokia has not yet officially commented on this information. But earlier, she made a statement that she did not believe in the existence of a vulnerability in the Nokia 1100 firmware.
====
true story... Mobile phone for intercepting other people's SMS messages.
• The other day, I came across some interesting statistics about the best-selling mobile phones in history. The first place in these statistics is occupied by Nokia 1100, and the total number of sales of this phone exceeded 250 million. And then I remembered a funny story that happened back in 2009...
• During the investigation of a mail fraud case in the Netherlands, the police encountered a very interesting fact – an unknown buyer gave 25 thousand euros for a Nokia 1100 phone. This budget model was released at the end of 2003 and was intended for emerging markets, and the price of the phone was less than 100 euros.
• In an attempt to find out why hackers are willing to pay so much money for a cheap and seemingly inconspicuous device, the police turned to the company Ultrascan Advanced Global Investigations. Ultrascan experts found that hackers are not attracted to all Nokia 1100 devices, but only those made at the Nokia factory in Bochum (Germany).
• This series of devices was recognized as defective due to problems in outdated software created back in 2002. Due to this very "defect", hackers learned to intercept other people's SMS messages, in particular, one-time codes for bank transactions — mTAN (mobile Transaction Authentication Number), which European banks sent to their customers via SMS.
* Thus, it turns out that hackers only had to connect this phone (without any flashing) to a sniffer like WireShark and the deal is in the bag — you can intercept SMS, and then transfer money to your account.
* It is interesting to note that at the time of the incident (2009), Nokia sold more than 200 million copies of the Nokia 1100 and models based on it worldwide, but the number of vulnerable devices remains unknown...
