Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Nokia: We Don't Know Why Criminals Want Our Old Phones (pcworld.com)
27 points by echair on April 22, 2009 | hide | past | favorite | 9 comments


Nokia says they're not aware of any software vulnerability, and I believe them. But if some essential information is transmitted in clear and can be read out or blocked via a small hack to the phone's PCB, then it would be a hardware vulnerability, no? People like hard-modding old digital synthesizers, and a phone is just another kind of DSP device.


Seems quite odd - I see them for sale all over the place for < $15 .. They might not be made in Bochum.

I would've thought this kind of spoofing involves sim cards rather than hardware.


Spoofing my own Danish SIM card was how I first got the iPhone to work with a Danish carrier in later summer 2007. That was one of the first method used around the world to get the iPhone to work outside of the US. Before the software hacks (anySIM).

I needed to brute force the original SIM card to get a certain number needed to forge the new SIM card. Luckily the SIM card I needed the key from was old. Modern SIM cards can not be hacked that easily. I heard that the phone companies know that number and in some cases would tell that number to the customer owning the SIM card.


But that was only because you had physical access to the original SIM, no? You couldn't mount this attack "over the air" against a stranger.


The only reason you would need the physical original SIM card is to get the numbers you need to make the SIM clone. (IIRC)

I think that the phone companies have all the keys you need. Of course they don't just give them out to anyone who asks.


Seems like hacking the phone is the trivial part compared to the SIM authentication scheme. What am I missing?


Perhaps the phone is old enough that it doesn't use SIM technology? I had a phone just last year that didn't (or at least, that's what they told me when I asked my next provider after that why I couldn't transition it to their network.)


I'm pretty sure all GSM phones use SIM cards. Perhaps your old phone was a Verizon or PCS phone.

Those don't use SIM cards, but they aren't GSM and generally aren't used outside North America.


I have one of these in a drawer--it's a bog-standard GSM phone that takes SIM cards.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: