Keep on Rockin' in
the Freeworld

Bene...parliamo del nokia 1100,uno dei miei cellulari preferiti.Nello
specifico parliamo del Nokia 1100 prodotto in Germania...
Navigando tra internet ho scoperto che vale un bel po' di soldi...
Leggendo varie fonti ho scoperto che molto probabilmente questo Nokia
presenti un bug che consentirebbe la riprogrammazione dei cellulari in
modo da poter utilizzare un numero diverso rispetto a quello della sim
card e già attivo, senza cambiare sim ovviamente. Alcuni istituti di
credito inviano, tramite sms, ed in seguito ad attacchi di phishing ,
password temporanee a ulteriore protezione dei dati personali
registrati online dai clienti. In questo modo sarebbe possibile
clonare il numero di un qualsiasi cliente e ricevere le credenziali
per l'accesso al conto online.

(in ambito informatico il phishing ("spillaggio (di dati sensibili)",
in italiano) è una attività illegale che sfrutta una tecnica di
ingegneria sociale, ed è utilizzata per ottenere l'accesso a
informazioni personali o riservate con la finalità del furto di
identità mediante l'utilizzo delle comunicazioni elettroniche,
soprattutto messaggi di posta elettronica fasulli o messaggi
istantanei, ma anche contatti telefonici. Grazie a messaggi che
imitano grafico e logo dei siti istituzionali, l'utente è ingannato e
portato a rivelare dati personali, come numero di conto corrente,
numero di carta di credito, codici di identificazione, ecc.)

Ultrascan AGI, an association specializing in international organized
crime investigations, reports that cybercriminal gangs are looking to
acquire discontinued Nokia 1100 phones (Nokia 1100 was a highly
successful low-cost phone model released by the giant mobile
manufacturer back in 2003), which were manufactured in Bochum,
Germany, for as much as $35,000. Informants say that a vulnerability
in the phone's underlying software allows fraudsters to use other
people's numbers.

Designed for developing markets and available for under $100, Nokia
1100 became the world's best-selling consumer electronics product in
2006, exceeding the 200-million-unit mark.

Ultrascan was alerted by police officials monitoring the black market
of unusual transactions involving such phones. "Six months ago out of
the ordinary offers started to float the Internet fora and auction
sites, prices started to rise above Nokia's official price of around
100 euro," the investigators explain. "In January, this year offers
ranged from trading against iPods or cash 300 euro. In the past two
months prices ranged between 7.500 and 10.000 euro, but this week a
Nokia 1100 was sold for 25.000 euro [$35,000]," they announce.

So, how does a very cheap phone end up being sold for $35,000?
Apparently, it is not so much about the phone itself, but rather about
where it was made, more precisely in a now-closed Nokia factory near
Bochum, in Germany. According to an Ultrascan informant, cybercriminal
rings operating out of Morocco, Russia and Romania are able to hack
the phones produced there and hijack Transaction Authentication
Numbers (TANs) send by banks in some countries via SMS.

Nokia officials note that the company is not aware of any
vulnerability in the phone's software that would facilitate this, but
the investigators strongly feel that they are on the right track. "We
have received 3 German Nokia 1100 for testing. We have outsourced the
testing of the phone, to be examined and tested to see if the TAN
interception can be replicated," Ultrascan announced today.

If the information proves to be accurate, it would justify the high
prices that fraudsters are willing to pay for the phones. TANs are one-
time-use security codes generated by banks in countries such as
Germany or Holland in order to confirm online transactions. Customers
receive such random numbers via SMS and then have to input them in a
web form in order to prove that the transaction requests came from them.

This makes life very difficult for cybercriminals, even if they are
sitting on a pile of valid banking details for people located in
countries where TAN is a common practice. Therefore, the ability to
hijack someone's phone number long enough to receive the secure
confirmation code after initiating an illegal transaction would make
for a vital advantage. Meanwhile, Ultrascan is expecting the results
from experts testing its sample phones by the end of the month.