General Presentation (CSE-001F )

Presentation Report

on

“SIM Cloning”

SUBMITTED TO: -
Mr. Gurbakash Phonsa

SUBMITTED BY:
NAME: - GAURAV SANADHYA

SECTION: - RB2804B44

ROLL NO: - B44

Reg NO: - 10807805

 MOBILE SIM CLONING
GAURAV SANADHYA

LOVELY PROFESSIONAL UNIVERSITY

JALANDHAR, PUNJAB

calls and the charges for those calls are billed to

I. ABSTRACT the legitimate subscriber. The service provider
network does not have a way to differentiate
Mobile communication has been readily between the legitimate phone and the
available for several years, and is major business "cloned"SIM.
today. It provides a valuable service to its users
who are willing to pay a considerable premium III.HISTORY
over a fixed line phone, to be able to walk and
talk freely. Because of its usefulness and the The early 1990s were boom times for
money involved in the business, it is subject to eavesdroppers. Any curious teenager with a
fraud. Unfortunately, the advance of security £100 Tandy Scanner could listen in to nearly
standards has not kept pace with the any analogue mobile phone call. As a result,
dissemination of mobile communication. Cabinet Ministers, company chiefs and
Some of the features of mobile communication celebrities routinely found their most intimate
make it an alluring target for criminals. It is a conversations published in the next day's
relatively new invention, so not all people are tabloids Cell phone cloning started with
quite familiar with its possibilities, in good or in Motorola "bag" phones and reached its peak in
bad. Its newness also means intense competition the mid 90's with a commonly available
among mobile phone service providers as they modification for the Motorola "brick" phones,
are attracting customers. The major threat to such as the Classic, the Ultra Classic, and the
mobile phone is from cloning. Model 8000.

II.INTRODUCTION IV. SECURITY FUNCTIONS OF THE GSM

AND CDMA TELE-NETWORK
Cell SIM cloning is copying the identity of one
mobile telephone to another mobile telephone. As background to a better understanding of the
Usually this is done for the purpose of making attacks on the GSM and CDMA network The
fraudulent telephone calls. The bills for the calls following gives a brief introduction to the
go to the legitimate subscriber. The cloner is Security functions available in GSM. The
also able to make effectively anonymous calls, following functions exist: A Access control by
which attracts another group of interested users. means of a personal smart card (subscriber
Cloning is the process of taking the programmed Identity module, SIM) and PIN (personal
information that is stored in a legitimate mobile identification number), Authentication of the
phone and illegally programming the identical users towards the network carrier and generation
information into another mobile SIM. The result of A session key in order to prevent abuse.
is that the "cloned" SIM can make and receive Encryption of communication on the radio
interface, i.e. between mobile Station and base it currently remains in the realm of serious
station, A concealing the user’s identity on the hobbyists and researchers.
radio interface, i.e. a temporary valid Identity
code (TMSI) is used for the identification of a VII. ARE CELL PHONES SECURED?
mobile user instead Of the IMSI.
Too many users treat their mobile phones as
V. HOW BIG OF A PROBLEM IS
gadgets rather than as business assets
CLONING FRAUD?
covered by corporate security policy. Did
you realize there's a lucrative black market
The Cellular Telecommunications Industry
in stolen and "cloned" Sim cards? This is
Association (CTIA) estimates that financial
possible because Sims are not network
losses in due to cloning fraud are between
specific and, though tamper-proof, their
$600 million and $900 million in the United
security is flawed. In fact, a Sim can be
States. Some subscribers of Reliance had to
cloned many times and the resulting cards
suffer because their phone was cloned.
used in numerous phones, each feeding
Mobile Cloning Is in initial stages in India
illegally off the same bill.
so preventive steps should be taken by the
But there are locking mechanisms on the
network provider and the Government.
cellular phones that require a PIN to access
the phone. This would dissuade some
VI. HOW IS CELL CLONING DONE?
attackers, foil others, but might not work
against a well financed and equipped
Cloning involved modifying or replacing the
attacker. An 8-digit PIN requires
EPROM in the phone with a new chip which
approximately 50,000,000 guesses, but there
would allow you to configure an ESN
may be ways for sophisticated attackers to
(Electronic serial number) via software.
bypass it.
You would also have to change the MIN
With the shift to GSM digital - which now
(Mobile Identification Number).When you
covers almost the entire UK mobile sector -
had successfully changed the ESN/MIN
the phone companies assure us that the bad
pair, your phone was an effective clone of
old days are over. Mobile phones, they say,
the other phone. Cloning required access to
are secure and privacy friendly.
ESN and MIN pairs. ESN/MIN pairs were
This is not entirely true. While the amateur
discovered in several ways:
scanner menace has been largely
exterminated, there is now more potential
 Sniffing the cellular. than ever before for privacy invasion.
 Trashing cellular companies or The alleged security of GSM relies on the
cellular resellers. myth that encryption - the mathematical
 Hacking cellular companies or scrambling of our conversations - makes it
cellular resellers. impossible for anyone to intercept and
 Cloning still works under the understand our words. And while this claim
AMPS/NAMPS system, but has looks good on paper, it does not stand up to
fallen in popularity as older clone scrutiny.
able phones are more difficult to find The reality is that the encryption has
and newer phones have not been deliberately been made insecure. Many
successfully reverse-engineered. encrypted calls can therefore be intercepted
and decrypted with a laptop computer.
Cloning has been successfully demonstrated
under GSM, but the process is not easy and
 VIII. WHAT ARE EMIE AND PIN?
XI. HOW TO KNOW THAT THE CELL
ESN mean Electronic Serial Number. This HAS BEEN CLONED?
number is loaded when the phone number is
manufactured. this number cannot be  Frequent wrong number phone calls
tampered or changes by the user or to your phone, or hang-ups.
subscriber. if this number is known a mobile  Difficulty in placing outgoing calls.
can be cloned easily.  Difficulty in retrieving voice mail
Personal Identification Number (PIN).every messages.
subscriber provides a Personal Identification  Incoming calls constantly receiving
Number (PIN) to its user. This is a unique busy signals or wrong numbers.
number. If PIN and ESN are know a mobile Unusual calls appearing on your
phone can be cloned in seconds using some phone bills
software like Patagonia.
XII. CAN CALLS ON CLONED PHONE BE
IX.WHAT IS PATAGONIA? TRACKED?
Patagonia is software available in the market Yes it is possible. A SIM can be cloned
which is used to clone CDMA phone. Using again and again and they can be used at
this software a cloner can take over the different places. Messages and calls can
control of a CDMA phone i.e. cloning of track sent by cloned phones. However, if the
phone. There are other Software’s available accused manages to also clone the IMEI
in the market to clone GSM phone. This number of the handset, for which software’s
software’s are easily available in the market. are available, there is no way the cell can be
A SIM can be cloned again and again and traced.
they can be used at different places.
Messages and calls sent by cloned phones
can be tracked. However, if the accused XIII. HOW TO PREVENT CELL
manages to also clone the IMEI number of CLONING?
the handset, for which software’s are
available, there is no way he can be traced. Uniquely identifies a mobile unit within a
wireless carrier's network. The MIN often
X.CAN DIGITAL PHONES BE CLONED? can be dialed from other wireless or wire
line networks. The number differs from the
Digital phones can be cloned however, the electronic serial number (ESN), which is the
mobile phones employing digital TDMA unit number assigned by a phone
and CDMA technology are equipped with a manufacturer. MINs and ESNs can be
feature known as "Authentication." Some checked electronically to help prevent fraud.
newer model analog phones also have this
feature. Authentication allows the mobile  Mobiles should never be trusted for
service provider network to determine the communicating/storing confidential
legitimacy of a mobile phone. Phones information.
determined to be "clones" can be instantly  Always set a Pin that's required
denied access to service before any calls are before the phone can be used.
made or received.
  Check that all mobile devices are and compared with the network's results. If
covered by a corporate security they match, the phone is not a "clone."
policy.
 Ensure one person is responsible for
keeping tabs on who has what XV. ROLE OF SERVICE PROVIDER TO
equipment and that they update the COMBAT CLONING FRAUD?
central register. How do service
providers handle reports of cloned They are using many methods such as RF
phones? Fingerprinting, subscriber behavior
 Legitimate subscribers who have profiling, and Authentication. RF
their phones cloned will receive bills Fingerprinting is a method to uniquely
with charges for calls they didn't identify mobile phones based on certain
make. Sometimes these charges unique radio frequency transmission
amount to several thousands of characteristics that are essentially
dollars in addition to the legitimate "fingerprints" of the radio being used.
charges. Subscriber behavior profiling is used to
predict possible fraudulent use of mobile
Typically, the service provider will assume service based on the types of calls
the cost of those additional fraudulent calls. previously made by the subscriber.
However, to keep the cloned phone from Calls that are not typical of the subscriber's
continuing to receive service, the service past usage are flagged as potentially
provider will terminate the legitimate phone fraudulent and appropriate actions can be
subscription. The subscriber is then required taken.
to activate a new subscription with a Authentication has advantages over these
different phone number requiring technologies in that it is the only industry
reprogramming of the phone, along with the standardized procedure that is transparent to
additional headaches that go along with the user, a technology that can effectively
phone number changes. combat roamer fraud, and is a prevention
system as opposed to a detection system.
VX. WHAT EXACTLY IS
AUTHENTICATION?
XVI. WHAT CAN BE DONE?
Authentication is a mathematical process by
which identical calculations are performed With technically sophisticated thieves,
in both the network and the mobile phone. customers are relatively helpless against
These calculations use secret information cellular phone fraud. Usually they became
(known as a "key") preprogrammed into aware of the fraud only once receiving their
both the mobile phone and the network phone bill.
before service is activated. Cloners typically Service providers have adopted certain
have no access to this secret information measures to prevent cellular fraud. These
(i.e., the key), and therefore cannot obtain include encryption, blocking, blacklisting,
the same results to the calculations. user verification and traffic analysis:
A legitimate mobile phone will produce the Encryption is regarded as the most effective
same calculated result as the network. The way to prevent cellular fraud as it prevents
mobile phone's result is sent to the network eavesdropping on cellular calls and makes it
nearly impossible for thieves to steal
Electronic Serial Number (ESN) and
Personal Identification Number (PIN) pairs.  Frequent wrong number phone calls
Blocking is used by service providers to to your phone, or hang-ups.
protect themselves from high risk callers.  Difficulty in placing outgoing calls.
For example, international calls can be made  Difficulty in retrieving voice mail
only with prior approval. In some countries messages.
only users with major credit cards and good  Incoming calls constantly receiving
credit ratings are allowed to make long busy signals or wrong numbers.
distance calls.  Unusual calls appearing on your
phone bills.
 Blacklisting of stolen phones is
another mechanism to prevent XVII. CAN WE USE BOTH CARDS AT
unauthorized use. An Equipment Identity THE SAME TIME, SO THAT WE CAN
Register (EIR) enables network operators HAVE TWO PHONES AT DIFFERENT
to disable stolen cellular phones on LOCATIONS?
networks around the world.
 User verification using Personal No, we can ONLY have one card active
Identification Number (PIN) codes is one otherwise our Network provider would notice 2
method for customer protection against copies of the same Number and might deactivate
cellular phone fraud. our account. We should also consider, that some
Tests conducted have proved that United logical conclusions are made by the Network
States found that having a PIN code Providers like this: We can't be in NewDelhi and
reduced fraud by more than 80%. few minutes later activate our Clone Card in
Mumbai. The Network Provider knows the Time
 Traffic analysis detects cellular fraud that would be needed to travel from one place to
by using artificial intelligence software to the other one.
detect suspicious calling patterns, such as
a sudden increase in the length of calls or XVIII.CONCLUSION
a sudden increase in the number of
international calls. Presently the cellular phone industry relies
on common law (fraud and theft) and in-
The software also determines whether it is house counter measures to address cellular
physically possible for the subscriber to be phone fraud. Mobile Cloning
making a call from a current location, based Is in initial stages in India so preventive
on the location and time of the previous call. steps should be taken by the network
Currently, South Africa two service provider and the Government the enactment
providers, MTN and Vodacom, use traffic of legislation to prosecute crimes related to
analysis with the International Mobile cellular phones is not viewed as a priority,
Equipment Identity (IMEI) a 15 digit however. It is essential that intended mobile
number which acts as a unique identifier and crime legislation be comprehensive enough
is usually printed on the back of the phone to incorporate cellular phone fraud, in
underneath the battery to trace stolen particular "cloning fraud" as a specific
phones. crime.
Other warning signs that subscribers should
watch out for to detect fraudulent activity
include: