In case you weren't already convinced of a certain model of Nokia 1100's hackability by the
exponential surge in its aftermarket value, fraud investigation firm Ultrascan has successfully recreated a virtual bank heist by reprogramming one of the devices to receive another phone number's text messages. Using this trick, shady characters in fancy suits can get your mobile transaction authentication number -- provided you live in a country like Germany or Holland that use mTANs -- and use it to get into your bank account and transfer funds. They'd also need your account name and password, mind you, but obtaining that data isn't nearly as complex when there's plenty of people clicking on the wrong emails and signing into fake website with all those deets and the associated digits. It all sounds a bit like the stuff of crime novels, doesn't it? And before you go running to eBay with that 1100 you stashed away in a drawer years ago, please note that it only works if the candybar was produced at a very specific plant in Bochum, Germany.
posted May 22nd 2009 3:01AM
couldn't they reverse engineer it, and sell new handsets?
I think it's only a question of time when the chinese will do it.
FISRT...
FAIL
At least spell it right.
Keep your hands to yourself FISTR.
I wonder if these people retreat back to Encyclopedia Dramatica or the chans and brag about how many "hot story" firsts they get.
HOLY, the one i have is made in bochum germany!!!!!!!!
Yeah, and a meteorite just fell from the sky directly overhead at the precise moment that a bolt of lightning struck at my exact location, causing the lightning to incinerate the meteorite, and the meteorite to block the lightning, thus allowing me to simultaneously survive both a meteorite and a lightning strike. Puh-leease!
When can we see a Resturant City picture heading? When a hackable electronic scale that can siphon more flour?
"They'd also need your account name and password, mind you"
You know, I've invented a device that lets me rob people's houses without any fear of recrimination. They just have to leave their front door open, turn the alarms off, and not have any big dogs.
Surely the key part here is having the account name and password, and not the intercepted text?
But that's just it with people and internet, they leave the key under the mat or the door unlocked.
Did you ever hear how many computers are trojaned? As I recall it was a staggering number in the area of +25%, and that's in western countries, and even on computers where they use basic precautions.
There's over 200 million 1100 out there(most sold consumer electronics device in the world) so there should be 1100s to choose.
Nokia 1100 are sold everywhere in Europe for about 5 euros each, used...
Eeeeeh? [Becker, the attacker, said] "For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial"
NO, it is no trivial. Then this is not an attack to the Nokia 1100, is an attack to the GSM system
So, whats the point of 1100 then you already cloned sim? put it in any mobile phone and you're done. Also, yuo should be able buy some gsm capable chips and make yuor own mobile, i think
It really is quite trivial, a couple of hours of listening will get you the A3 and A8 keys, and you can use these to clone the SIM, since you can fake your authentication onto the network.
I presume the Nokia1100 simply allows that listening with relative ease...
Surely Nokia has a record of the IMEI numbers of all the affected phones, so could issue a product recall and after a grace period deactivate them remotely? Isn't that the point of the IMEI number?
imei is changeable.
i think.
Since there are about 200 million 1100's around and there is a certain amount produced in Germany its likely still quite a few are in use. Of course you could say.. lets recall but how many do actually get brought in? Those who missed the recall will then eventually get screwed over if you would shut them down.
I'm surprised that this now floats up all of a sudden and that there are no Russian/Chinese criminals trying to take advantage of this technology by simply duplicating it. It's rather old so it shouldn't be to hard I guess.
Not quite so easy.
1) The potential for abuse of a recall is very high. Once the serial numbers are known or a public recall is announced the criminals could post $500 rewards for the phone, much higher than Nokia would be willing to pay to swap the phones
2) This will only remove the legitimate phones from circulation and will do nothing to stop the ones already in the hands of the bad guys.
... Whoa, whoa, whoa, hold up.
All they're saying is this Nokia can have the IMEI and IMSI changed, and they'd still have to go through the process of cloning the SIM, which involves finding the Ki, which is damn near impossible on newer SIM cards without the automatic SIM disable kicking in, permanently disabling the SIM.
... There are other phones that can have IMEI/IMSI cloning done. This isn't anything new (especially in the realm of CDMA cloning).
I have a nokia 1100 made in germany.Serious deal..Please contact cjcmartinho@gmail.com with de best price..The phone is in portugalI
I have a nokia 1100 made in Bochum, Germany, in great condition RH-18 type from 2003. Phone is already unlocked for use with any SIM. e-mail me with offer; beetsmyth@yahoo.com
i have too,saint2120_uk@yahoo.com