Nokia 1100 - Firmware Encryption Keys Hacked

Recently, security groups have been receiving increased reports of hackers successfully intercepting SMS messages and subsequently gaining access to banking details of individuals.

This shocking revelation came to light just recently, when the security group “Ultrascan” managed to acquire not just the full working details of this exploit, but also all the hardware required.

This attack relies on the Nokia 1100 telephone, which was one of the few Nokia phones in which the firmware encryption keys have reached public domain and thus it has successfully been decrypted, reverse engineered and modified.

Hackers have managed to effectively clone a mobile phone by hacking this firmware and then by using it to eavesdrop on SMS messages, were able to intercept secure banking information and breach online security.

When used in conjunction with key loggers and other snooping tools hackers are effectively bypassing the once thought rugged security methods of European online banking.

This vulnerability essentially involves rewriting the firmware of a cell phone, and then using it as a secret receiver to eavesdrop SMS messages.

GSM security has been vulnerable to attack for a while now and the old GSM proprietary encryption algorithms have already been breached on multiple occasions.

For the average hacker, obtaining the devices is out of the question, but organized gangs of criminals who are already in the process of cloning SIM cards and conducting online fraud already are actively seeking these cellular devices.

These devices are now appearing on the black market for sale to criminals who are looking to use them to conduct cyber fraud in online banking.
Given the latest vulnerability with SMS messages, then perhaps banks and consumers need to start thinking about using some sort of encryption for all GSM communications, not just GSM voice data.

Wireless networks have popped up in every town, every city and almost every corporation. Our government relies on thousands of networks nation-wide due to their flexibility and ease of installation.

However, wireless networks are also a way for potential attackers to gain access to whole clusters of computers that are constantly transmitting sensitive data. All it takes is for an attacker to acquire a network key and they effectively have all that is required to destroy corporations and steal identities.

In general, the importance of wireless access key security is grossly under-estimated. Many home users have installed networks for their own convenience, only to find out that they have been cracked in seconds due to the much-flawed WEP security protocol.

This has allowed hackers to eavesdrop on all information that is being sent over the network from a nearby physical location in relative safety. This has allowed many “war-drivers” to effectively invade whole neighborhoods of wireless networks and take copies of potentially dangerous information.

In a corporate world, wireless networks are ordinarily secured to an extent where access is restricted to authorized computers only. This has done a great deal in limiting drive-by attackers from penetrating the network, but there is a great deal of negligence when it comes to ensuring that wireless network range is limited to specifically targeted areas. As a result, attackers can target even corporate wireless networks and in some cases, even the apparently strong security can be breached.

Wireless network encryption is only part of the issue as it is not a case of inadequate technology, but over-reliance on a single point of defense – i.e. wireless network keys. Any experienced security analyst will be the first one to advocate the use of multiple points of defense, from firewalls to intrusion detection systems and of course by using third party encryption products, such as the freely available Gold Lock Desktop.