Hackers have been offering up to €25,000 (US$32,413) in undergrounds forums for Nokia 1100 phones made in the company's former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.
Nokia said on Tuesday it is not aware that resale prices for a phone that retailed for less than €100 when it debuted in 2003 have risen so high. Further, Nokia maintains the phone's software isn't flawed.
"We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.
The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud.
In countries such as Germany, banks send an mTAN (mobile Transaction Authentication Number) to a person's mobile phone that must be entered into a Web-based form in order to, for example, transfer money into another account. A TAN can only be used once, a security feature known as a one-time passcode.
Criminals have proven adept at obtaining peoples' user names and logins for online bank accounts, either through tricking people into visiting look-alike bank Web sites, through clever e-mail messages or simply hacking PCs.
European banks typically issue customers a list of TANs, but phishers tricked people into revealing those. Deutsche Postbank used to accept any TAN from the list to complete a transaction. Then the bank moved to requesting specific TANs from the list. After continuing fraud, it in 2005 decided to expanded the use of mTANs.
"The mTAN is valid only for the requested transfer and only for a short period," according to the bank's Web site. "It thus has no value for a fraudster."
That is, unless the hacker could also receive the mTAN, which Nokia 1100 hack allegedly allows.
Nokia said it doesn't know of an 1100 software problem that would allow call spoofing. The company said that a phone's SIM (Subscriber Identity Module) card -- which holds the device's phone number -- has security mechanisms that are separate from the phone itself.
Nokia said it is aware of commercial services that claim to provide caller identification or phone-number spoofing services, but in those cases the service provider acts as a proxy between the caller and the recipient, Nokia said.
But it is possible to have multiple phones running on a service provider's network that use the same phone number, said Sean Sullivan, a security advisor with the security vendor F-Secure in Finland. Usually, the last phone that used the network will be the one that receives inbound messages, he said.
"So if this particular Nokia 1100 can be modified to spoof the victims phone number, it should be possible to become the primary handset -- at least long enough to receive the TAN," Smith said.
Technical details on how the 1100 is being modified are still unknown, said Frank Engelsman of Ultrascan. However, a woman in Finland contacted his company on Monday after seeing a news story and offered to send her Bochum-made Nokia 1100. When it arrives, the phone will be examined and tested to see if the TAN interception can be replicated, Engelsman said.
Meanwhile, a Dutch technology site, portablegear.nl, wrote that it placed a fake advertisement for the particular Nokia 1100 on an online marketplace. People offered as much as €500, offering to immediately come pick up the device.
Nokia produced more than 200 million devices in the 1100 model family. The company said it doesn't disclosure figures such as how many 1100s were made in Bochum.
An old candy-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.
Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS (Short Message Service) messages, said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan.
The Nokia 1100 hack is powerful since it undermines a key technology relied on by banks to secure transactions done over the Internet.
Banks in countries such as Germany and Holland send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow, for example, the transfer of money to another account.
Since the Nokia 1100 can be reprogrammed to respond to someone else's number, it means cybercriminals can also obtain the mTAN by SMS. Cybercriminals must already have a person's login and password for a banking site, but that's easy since millions of computers worldwide contain malicious software that can record keystrokes.
Ultrascan obtained Nokia 1100 phones made in Bochum, Germany. Phones made around 2003 in that now-closed factory have the firmware version that can be hacked, Becker said. Nokia has sold more than 200 million of the 1100 and its successors, although it's unknown how many devices have the particular sought-after firmware.
Ultrascan was able to successfully reprogram an 1100 and intercept an mTAN, but just one time. Becker said they are undertaking further tests to see if the attack can be executed repeatedly.
"We've done it once," Becker said. "It looks like we know how to do it."
Ultrascan experts obtained the hacker software to reprogram the phone through its network of informants, said Frank Engelsman, a fraud and security specialist with the company.
That application allows a hacker to decrypt the Nokia 1100's firmware, Becker said. Then, the firmware can be modified and information such as the IMEI (International Mobile Equipment Identity) number can be changed as well as the IMSI (International Mobile Subscriber Identity) number, which allows a phone to register itself with an operator.
The modified firmware is then uploaded to the Nokia 1100. Certain models of the 1100 used erasable ROM, which allows data to be read and written to the chip, Becker said. For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial.
Nokia, which was closed on Thursday due to a holiday, could not be contacted. However, the company has said it does not believe there is a vulnerability in the 1100's software.
Becker said that may be semantically true, however, it's possible that the encryption keys used to encrypt the firmware have somehow slipped into the public domain. "We would really like to speak with Nokia," Becker said.
Ultrascan was also able to confirm that criminals are willing to pay a lot of money for the right Nokia 1100. An Ultrascan informant sold one of the devices recently in Tangiers, Morocco, for €5,500 (US$7,567), Engelsman said. Ultrascan previously confirmed data earlier this year that one Nokia 1100 sold for €25,000.
Ultrascan, which specializes in tracking criminals involved in Internet and electronic fraud, is trying to trace criminals who are using Nokia 1100s in online banking frauds.
"We keep trying to infiltrate these groups," Engelsman said. via
If you happen to have an old Nokia 1100 that was made in a certain factory in Germany lying around the house, you may be able to say “Show me the money!” Well, if you wanted to sell to hackers that is.
It seems that there are claims the phone can be hacked to allow illegal online banking transfers, which is making the amount some folks are willing to spend for one quite high. Up to a little over $32,000 in some underground forums. Yeah….you read that right. All for a phone that ran about a hundred when it was first introduced on the market in 2003.
Nokia says they don’t know why the 1100 is selling for so much now, and maintains their phone isn’t flawed. In an emailed statement, the company said that “We have not identified any phone software problem that would allow alleged use cases.”
The reason it seems to be in such hot demand is that it allegedly can be reprogrammed to use another person’s phone number. “Big deal,” you might say. Actually, this is kind of a big deal.
This allows the phone to also receive text messages, which then leads to online banking transactions and fraud. This can happen because in some countries, the banks send mTAN (mobile Transaction Authentication Number) to a customer’s mobile phone. This mTAN has to be plugged into a Web-based form to do transations like….transfer money to another account. The number, which is kind of like a special passcode, can only be used one time.
And the nefarious have become quite good at getting their virtual hands on usernames and logins for online bank accounts. They can do it by email phishing or by simply hacking into computers.
Previously, European banks had issued a list of TANs, and some banks used any TAN from that list to complete a transaction. Big shocker when phishers began getting those numbers off of people. Then banks asked for specific TANs (still from the list). Fraud continued. In 2005 they brought about the mTANs which only work for a specific requested transaction and for a short period of time. Because of these restrictions, the bank website is saying the mTAN is useless to a hacker. “The mTAN is valid only for the requested transfer and only for a short period. It thus has no value for a fraudster.”
Unless, of course, that hacker could also get a hold of the mTAN. Which the Nokia 1100 hack is alleged to permit. But, Nokia still insists it knows nothing of an 1100 software problem that would allow call spoofing. Their response is that the phone’s SIM card has security measures separate from the actual phone.
The company said that they are aware of commercial services that say they can provide caller ID or phone-number spoofing services, but say in those cases the providers acts as a proxy between the recipient and the caller.
However, Sean Sullivan, security advisor with security vendor F-secure says differently. He claims it is in fact possible for multiple phones to be running on a provider’s network using the same phone number. He says that the last phone using the network will be the phone that receives the inbound messages.
“So if this particular Nokia 1100 can be modified to spoof the victims phone number, it should be possible to become the primary handset—at least long enough to receive the TAN,” Smith said.
It isn’t clear how the technical modifications are being made at this point. But, just recently a woman in Finland offered to sell her Bochum-made Nokia to Frank Engelsman of Ultrascan, who’s company will examine and test it to see if “the TAN interception can be replicated”.
In the meantime, portablegear.nl, wrote how they put up a fake ad selling the Nokia 1100 on an online marketplace. The had plenty of takers offering to come and pick it up immediately. Although the offer price wasn’t near what it is said to go for on the underground market, they had offers for over $700.
Over 200 million phones were produced in the 1100 family. And the funny part? I actually am one of the people with this phone stuffed in an old junk drawer. But Nokia isn’t talking on how many of those were made in Bochum.
Investigators demonstrate Nokia 1100's criminal potential
In case you weren't already convinced of a certain model of Nokia 1100's hackability by the exponential surge in its aftermarket value, fraud investigation firm Ultrascan has successfully recreated a virtual bank heist by reprogramming one of the devices to receive another phone number's text messages. Using this trick, shady characters in fancy suits can get your mobile transaction authentication number -- provided you live in a country like Germany or Holland that use mTANs -- and use it to get into your bank account and transfer funds. They'd also need your account name and password, mind you, but obtaining that data isn't nearly as complex when there's plenty of people clicking on the wrong emails and signing into fake website with all those deets and the associated digits. It all sounds a bit like the stuff of crime novels, doesn't it? And before you go running to eBay with that 1100 you stashed away in a drawer years ago, please note that it only works if the candybar was produced at a very specific plant in Bochum, Germany.