Experts ask for “hacker” Nokia 1100
A couple of weeks ago, the media slipped information from the Dutch police, which uncovered a gang of hackers who were buying up the old Nokia 1100 phones for tens of thousands of dollars, produced at the long-closed plant in Bochum in 2003. As reported, in these models there is some undocumented function that allows you to get some secret banking information from service messages from the online banking service. To be honest, it was like a “duck” and very little believed that this was really possible.
But now the information is confirmed. "Hacker" phones got to the study specialists, as a result of which opened new technical details .
The rare phones installed a special version of the firmware, which was relatively easy to reprogram to receive SMS sent to any numbers. As you know, through SMS, some banks in Germany and the Netherlands send one-time passwords mTAN (mobile Transaction Authentication Number), which are required to access the account and conduct banking transactions. To use someone else's mTAN, the hacker must already know the username and password for the online banking service. But it is much easier to find them than to receive someone else's SMS.
')
Specialists from Ultrascan purchased a copy of the buggy model Nokia 1100 and report that they were able to successfully intercept someone else's mTAN with it. To change the firmware, they found a program through their hacker channels that disassembles the Nokia 1100 firmware on an ordinary PC, which allows changing the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMEI) numbers. The modified firmware is copied back to the phone's ROM memory, which in this model allows overwriting. After that, the victim's SIM card is cloned (this is a technically trivial task) - and the phone is ready to work under someone else's number.
Nokia has not yet officially commented on this information. But before that, she made a statement that she did not believe in the existence of a vulnerability in the Nokia 1100 firmware.
But now the information is confirmed. "Hacker" phones got to the study specialists, as a result of which opened new technical details .
The rare phones installed a special version of the firmware, which was relatively easy to reprogram to receive SMS sent to any numbers. As you know, through SMS, some banks in Germany and the Netherlands send one-time passwords mTAN (mobile Transaction Authentication Number), which are required to access the account and conduct banking transactions. To use someone else's mTAN, the hacker must already know the username and password for the online banking service. But it is much easier to find them than to receive someone else's SMS.
')
Specialists from Ultrascan purchased a copy of the buggy model Nokia 1100 and report that they were able to successfully intercept someone else's mTAN with it. To change the firmware, they found a program through their hacker channels that disassembles the Nokia 1100 firmware on an ordinary PC, which allows changing the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMEI) numbers. The modified firmware is copied back to the phone's ROM memory, which in this model allows overwriting. After that, the victim's SIM card is cloned (this is a technically trivial task) - and the phone is ready to work under someone else's number.
Nokia has not yet officially commented on this information. But before that, she made a statement that she did not believe in the existence of a vulnerability in the Nokia 1100 firmware.
Source: https://habr.com/ru/post/60227/
All Articles