About a month ago we reported that certain Nokia 1100 handsets, one of the company’s most basic handsets that was seemingly designed for emerging markets, was hacked by criminals to steal bank account passwords and other such valuable data. The reason authorities picked up on the system was because of the sudden rise in cost of the handset among the criminal underworld. We had also mentioned that investigations were on going at the time to try and figure out how this was being done.
A small hack in the handset’s programming would allow criminals to use someone else's phone number and receive their SMS. Thus, in certain countries where banks would send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow the transfer of money to another account etc. the hacked cell phone users would gain access to accounts. The company in charge of the investigation, Ultrascan, managed to acquire a handset from the specified factory with specified firmware for testing and successfully reprogrammed the device to do exactly what the criminal would have it do.
Ultrascan obtained Nokia 1100 phones made in Bochum, Germany. Phones made around 2003 in that now-closed factory have the firmware version that can be hacked, Becker said. Nokia has sold more than 200 million of the 1100 and its successors, although it's unknown how many devices have the particular sought-after firmware.
Ultrascan was able to successfully reprogram an 1100 and intercept an mTAN, but just one time. Becker said they are undertaking further tests to see if the attack can be executed repeatedly.
"We've done it once," Becker said. "It looks like we know how to do it."
Ultrascan experts obtained the hacker software to reprogram the phone through its network of informants, said Frank Engelsman, a fraud and security specialist with the company.
That application allows a hacker to decrypt the Nokia 1100's firmware, Becker said. Then, the firmware can be modified and information such as the IMEI (International Mobile Equipment Identity) number can be changed as well as the IMSI (International Mobile Subscriber Identity) number, which allows a phone to register itself with an operator.
The modified firmware is then uploaded to the Nokia 1100. Certain models of the 1100 used erasable ROM, which allows data to be read and written to the chip, Becker said. For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial.
Nokia, which was closed on Thursday due to a holiday, could not be contacted. However, the company has said it does not believe there is a vulnerability in the 1100's software.
Becker said that may be semantically true, however, it's possible that the encryption keys used to encrypt the firmware have somehow slipped into the public domain. "We would really like to speak with Nokia," Becker said.
Ultrascan was also able to confirm that criminals are willing to pay a lot of money for the right Nokia 1100. An Ultrascan informant sold one of the devices recently in Tangiers, Morocco, for €5,500 (US$7,567), Engelsman said. Ultrascan previously confirmed data earlier this year that one Nokia 1100 sold for €25,000.
Ultrascan, which specializes in tracking criminals involved in Internet and electronic fraud, is trying to trace criminals who are using Nokia 1100s in online banking frauds.
[Source:- This and This]