This week reports surfaced about criminals who were willing to pay over $30,000 for old, discontinued Nokia handsets that were apparently hackable. Today, Nokia denies any knowledge of a vulnerability in the 1100 handset that would allow it to intercept one-time passwords needed to complete an online banking transaction.
According to PCWorld, police contacted a security company called Ultrascan Advanced Global Investigations looking for any ideas as to why this particular handset was be in such high demand. At the time, 1100s manufactured in a factory based in Bochum, Germany were going for roughly €5,000. Engelsman said (citing an informant) that phones produced in the Bochum factory run on Nokia software from 2002 that is apparently vulnerable to tampering.
On Monday, PCWorld reported, citing Frank Engelsman of Ultrascan Advanced Global Investigations that about a week and a half ago, someone paid €25,000 (US$32,413) for one of the phones. Today PCWorld has more information as to why these phones are so valuable.
The report goes on to explain that online banking in some countries (e.g. Germany) allows customers to transfer money into other accounts using a code called an mTAN. This mobile Transaction Authentication Numbers is sent to the user’s phone and can then be entered into the online form. As a security feature, each code is unique and only applies to a single transaction. If fraudsters can fix a phone to receive text messages from another number, they can intercept these passcodes.
Nokia says it knows of no glitches in its software that would allow criminals to carry out any of the above. "We have not identified any phone software problem that would allow alleged use cases," the company said in an e-mailed statement.
I used one of these phones for a while (a washing machine incident had me between handsets) and paid around under a hundred quid for it. It made phone calls and sent text messages.* It’s hard to imagine it doing anything else.
Check out the full report for all the details. Does anyone have one of these phones at the moment? If so, mini question of the day: Are you willing to sell it to criminals for $30,000?
*It also had one of those nifty built-in flashlights and Snake II, but I don’t know is that really relevant. Just thought I’d put it out there in the interest of full disclosure.