Fraud investigation firm Ultrascan claims to have reprogrammed an old Nokia mobile phone and used it to intercept one-time passwords sent by SMS for bank authentication in mobile money transfers.
Ultrascan says the five-year old Nokia 1100 phone can be reprogrammed to respond to someone else's number and intercept the mTAN (mobile Transaction Authentication Number) codes used by banks in Germany and Holland to authorise account transfers.
The firm kick-started the investigation after noting skyrocketing prices on criminal underground networks for old German models of the Nokia 1100. The phone, which usually retails for EUR100, was fetching prices as high as EUR25000 on the cybercrime circuit.
To perpetrate the fraud, criminals would also need to know the victim's bank log-in and passwords as well as their mobile phone number.
Ultrascan says it was able to perform the mTAN interception ruse just once on a hacked phone, and is conducting further tests to see how robust the method is.