Nokia 1100 handsets manufactured in Germany are in high demand from criminal networks due to a software flaw that can apparently be exploited to intercept the one-time passwords used to authorize online bank transactions.
Police contacted Ultrascan Advanced Global Investigations six months ago, reporting that a Nokia 1100, originally sold for €100, had been sold for €5,000 – and asked what was leading to the high demand. 10 days ago, investigators saw one of the exploitable handsets fetch €25,000.
Since launching in late 2003, over 200 million of the handsets were sold – but don’t get excited if you’ve got one lying around the house. Only handsets manufactured in a particular factory in Bochum, Germany contain the vulnerable Nokia software.
According to Frank Engelsman from Ultrascan, criminals have thousands of usernames and passwords for online banking accounts in countries including Germany and Holland. These countries also require a transaction authentication number (TAN) to complete any online transactions. The TAN codes were initially distributed to customers on paper, many codes at a time, however successful phishing attacks led to the codes being issued one at a time via SMS messages.
An Ultrascan informant claims the vulnerable 1100 handsets can be reprogrammed to spoof a phone number, and intercept the SMS containing the TAN. Ultrascan has yet to obtain the particular model of phone to verify the attack.