Old Nokia 1100 mobiles sold for 25.000 euros, firmware exploit for e-banking fraud

The news is a bit old by now, yet it still hasn’t gotten the proper attention by the mainstream media. Of course, for security experts, it’s no news at all. Everybody knows that cellular networks today are far from secure when it come to proper user/device authentication and firmware protection against tampering.

This incident proves two facts. First, the security in an ICT system is as string as its weakest link. And second, the public is totally unaware and uninformed about how security affects everyday life now, it’s not something that only freaks and scientists think about.

In short, the situation is this: The company (Nokia in this case) has used weak keys and/or encryption to its proprietary firmware on, very deprecated by now, Nokia 1100 mobile phones, or the keys have somehow leaked to the “public”. As a result, someone could read, decrypt, modify, re-encrypt and re-embed the firmware into the device’s EEROM. As all mobiles can be reprogrammed to recognize any phone ID in the network they’re connected (similarly to re-configuring a MAC address in an Ethernet card), a malicious user can reprogram such a mobile to “listen” to data packets sent to another person’s mobile.

In this case, it’s not just eavesdropping. If that person uses mobile banking services, he’s at great risk. Typically, banks use TAN codes (transaction authentication number) from a one-time pad or a similar random number generator device, commonly referred to as TAN generator. In case of mobile banking, the bank simply sends such a code called “mTAN” to its client’s mobile via a SMS (text) message that the user can enter in order to complete a transaction. In theory, this works perfect, unless someone else gets that mTAN message too and uses it first to do a large money transfer to an off-shore account…

The discovery was made by Ultrascan-AGI last April (2008), a securty analysis consulting company, when it detected that the eBay prices of that particular mobile phone when from 100 euros to 1.000, then to 7.500, then to 10000, reaching 25.000 euros in late April 2008. The firmware hacking was tested and confirmed, but Nokia never admitted any key leaks for the firmware.

More on this subject:


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s