Who would have thought that a handset as basic as Nokia 1100 would be used for banking fraud? Turns out that some 1100s come with a software flaw that, with the aid of some reprogramming will have the handset intercepting one-time passwords used in bank transactions.


Hackers have already started buying up to $32,328 worth of these devices and it seems that only the units pertaining to a German manufacturing batch can be reprogrammed and used for bank fraud. Nokia produced over 200 million such handsets since 2003, when the phone was launched, so finding the proper units for the hack seems like a tough task.

The one-time passwords are known as transaction authentication numbers (TAN) and are usually sent to online banking users via SMS. It all started 6 months ago, when a 1100 was sold for 5000 EUR and just a couple of days ago it was re-sold for 25,000 EUR. The exploit is yet to be tested…

[via slashgear]