Phone cloning

Last updated

Phone cloning is the copying of identity from one cellular device to another.

Contents

AMPS cloning

Analogue mobile telephones were notorious for their lack of security. [1] Casual listeners easily heard conversations as plain narrowband FM; eavesdroppers with specialized equipment readily intercepted handset Electronic Serial Numbers (ESN) and Mobile Directory Numbers (MDN or CTN, the Cellular Telephone Number) over the air. The intercepted ESN/MDN pairs would be cloned onto another handset and used in other regions for making calls. Due to widespread fraud, some carriers required a PIN before making calls or used a system of radio fingerprinting to detect the clones.

CDMA cloning

A selection of mobile phones that can be cloned Several mobile phones.png
A selection of mobile phones that can be cloned

Code-Division Multiple Access (CDMA) mobile telephone cloning involves gaining access to the device's embedded file system /nvm/num directory via specialized software or placing a modified EEPROM into the target mobile telephone, allowing the Electronic Serial Number (ESN) and/or Mobile Equipment Identifier (MEID) of the mobile phone to be changed. To obtain the MEID of your phone, simply open your phone's dialler and type *#06# to get its MEID number. [2] The ESN or MEID is typically transmitted to the cellular company's Mobile Telephone Switching Office (MTSO) in order to authenticate a device onto the mobile network. Modifying these, as well as the phone's Preferred Roaming List (PRL) and the mobile identification number, or MIN, can pave the way for fraudulent calls, as the target telephone is now a clone of the telephone from which the original ESN and MIN data were obtained.

GSM cloning

GSM cloning occurs by copying a secret key from the victim SIM card, [3] typically not requiring any internal data from the handset (the phone itself). GSM handsets do not have ESN or MIN, only an International Mobile Equipment Identity (IMEI) number. There are various methods used to obtain the IMEI. The most common method is to eavesdrop on a cellular network.

Older GSM SIM cards can be cloned by performing a cryptographic attack against the COMP128 authentication algorithm used by these older SIM cards. [4] By connecting the SIM card to a computer, the authentication procedure can be repeated many times in order to slowly leak information about the secret key. If this procedure is repeated enough times, it is possible to derive the Ki key. [5] [6] Later GSM SIMs have various mitigations built in, either by limiting the amount of authentications performed in a power on session, or by the manufacturer choosing resistant Ki keys. However if it is known that a resistant key was used, it is possible to speed up the attack by eliminating weak Ki keys from the pool of possible keys.

Effectiveness and legislation

Phone cloning is outlawed in the United States by the Wireless Telephone Protection Act of 1998, which prohibits "knowingly using, producing, trafficking in, having control or custody of, or possessing hardware or software knowing that it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization." [7]

The effectiveness of phone cloning is limited. Every mobile phone contains a radio fingerprint in its transmission signal which remains unique to that mobile despite changes to the phone's ESN, IMEI, or MIN. Thus, cellular companies are often able to catch cloned phones when there are discrepancies between the fingerprint and the ESN, IMEI, or MIN.[ citation needed ]

See also

Related Research Articles

<span class="mw-page-title-main">Advanced Mobile Phone System</span> Analog mobile phone system standard

Advanced Mobile Phone System (AMPS) was an analog mobile phone system standard originally developed by Bell Labs and later modified in a cooperative effort between Bell Labs and Motorola. It was officially introduced in the Americas on October 13, 1983, and was deployed in many other countries too, including Israel in 1986, Australia in 1987, Singapore in 1988, and Pakistan in 1990. It was the primary analog mobile phone system in North America through the 1980s and into the 2000s. As of February 18, 2008, carriers in the United States were no longer required to support AMPS and companies such as AT&T and Verizon Communications have discontinued this service permanently. AMPS was discontinued in Australia in September 2000, in India by October 2004, in Israel by January 2010, and Brazil by 2010.

<span class="mw-page-title-main">GSM</span> Cellular telephone network standard

The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation (2G) digital cellular networks used by mobile devices such as mobile phones and tablets. GSM is also a trade mark owned by the GSM Association. GSM may also refer to the Full Rate voice codec.

<span class="mw-page-title-main">SIM card</span> Integrated circuit card for a mobile device

A SIMcard is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. Technically the actual physical card is known as a universal integrated circuit card (UICC); this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" is still used to refer to the entire unit and not simply the IC.

A SIM lock, simlock, network lock, carrier lock or (master) subsidy lock is a technical restriction built into GSM and CDMA mobile phones by mobile phone manufacturers for use by service providers to restrict the use of these phones to specific countries and/or networks. This is in contrast to a phone that does not impose any SIM restrictions.

<span class="mw-page-title-main">International Mobile Equipment Identity</span> Cellphone identification code

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

Network switching subsystem (NSS) is the component of a GSM system that carries out call out and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location.

GSM services are a standard collection of applications and features available over the Global System for Mobile Communications (GSM) to mobile phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration and implemented in hardware and software by equipment manufacturers and mobile phone operators. The common standard makes it possible to use the same phones with different companies' services, or even roam into different countries. GSM is the world's most dominant mobile phone standard.

Radio fingerprinting is a process that identifies a cellular phone or any other radio transmitter by the "fingerprint" that characterizes its signal transmission and is hard to imitate. An electronic fingerprint makes it possible to identify a wireless device by its radio transmission characteristics. Radio fingerprinting is commonly used by cellular operators to prevent cloning of cell phones — a cloned device will have the same numeric equipment identity but a different radio fingerprint.

The mobile identification number (MIN) or mobile subscription identification number (MSIN) refers to the 10-digit unique number that a wireless carrier uses to identify a mobile phone, which is the last part of the international mobile subscriber identity (IMSI). The MIN is a number that uniquely identifies a mobile phone working under TIA standards for cellular and PCS technologies. MIN usage became prevalent for mobile number portability to switch providers. It can also be called the MSID or IMSI_S.

<span class="mw-page-title-main">Mobile phone tracking</span> Identifying the location of a mobile phone

Mobile phone tracking is a process for identifying the location of a mobile phone, whether stationary or moving. Localization may be affected by a number of technologies, such as the multilateration of radio signals between (several) cell towers of the network and the phone or by simply using GNSS. To locate a mobile phone using multilateration of mobile radio signals, the phone must emit at least the idle signal to contact nearby antenna towers and does not require an active call. The Global System for Mobile Communications (GSM) is based on the phone's signal strength to nearby antenna masts.

An international mobile subscriber identity-catcher, or IMSI-catcher, is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. Essentially a "fake" mobile tower acting between the target mobile phone and the service provider's real towers, it is considered a man-in-the-middle (MITM) attack. The 3G wireless standard offers some risk mitigation due to mutual authentication required from both the handset and the network. However, sophisticated attacks may be able to downgrade 3G and LTE to non-LTE network services which do not require mutual authentication.

The Reporting Body Identifier is the first two digits of a Global System for Mobile Communications (GSM) Type Allocation Code, and indicates the GSMA-approved organization that registered a given mobile device, and allocated the model a unique code.

Electronic serial numbers (ESNs) were created by the U.S. Federal Communications Commission (FCC) to uniquely identify mobile devices, from the days of AMPS in the United States starting in the early 1980s. The administrative role was taken over by the Telecommunications Industry Association in 1997 and is still maintained by them. ESNs are currently mainly used with CDMA phones, compared to International Mobile Equipment Identity (IMEI) numbers used by all GSM phones.

A mobile equipment identifier (MEID) is a globally unique number identifying a physical piece of CDMA2000 mobile station equipment. The number format is defined by the 3GPP2 report S.R0048 but in practical terms, it can be seen as an IMEI but with hexadecimal digits.

A Central Equipment Identity Register (CEIR) is a database of mobile equipment identifiers. Such an identifier is assigned to each SIM slot of the mobile device.

Dual-mode mobiles refer to mobile phones that are compatible with more than one form of data transmission or network.

<span class="mw-page-title-main">Mobile phone</span> Portable device to make telephone calls using a radio link

A mobile phone is a portable telephone that can make and receive calls over a radio frequency link while the user is moving within a telephone service area, as opposed to a fixed-location phone. The radio frequency link establishes a connection to the switching systems of a mobile phone operator, which provides access to the public switched telephone network (PSTN). Modern mobile telephone services use a cellular network architecture, and therefore mobile telephones are called cellphones in North America. In addition to telephony, digital mobile phones support a variety of other services, such as text messaging, multimedia messaging, email, Internet access, short-range wireless communications, satellite access, business applications, payments, multimedia playback and streaming, digital photography, and video games. Mobile phones offering only basic capabilities are known as feature phones ; mobile phones that offer greatly advanced computing capabilities are referred to as smartphones.

<span class="mw-page-title-main">Stingray phone tracker</span> Cellular phone surveillance device

The StingRay is an IMSI-catcher, a cellular phone surveillance device, manufactured by Harris Corporation. Initially developed for the military and intelligence community, the StingRay and similar Harris devices are in widespread use by local and state law enforcement agencies across Canada, the United States, and in the United Kingdom. Stingray has also become a generic name to describe these kinds of devices.

References

  1. "GSM Cloning". www.isaac.cs.berkeley.edu.
  2. Bader, Daniel (March 21, 2017). "How to make sure your phone works on a prepaid alternative carrier". iMore. Retrieved October 24, 2017.
  3. Gor, Mosam (2016-05-20). "What is Cell Phone Cloning - Everything You Need to Know". MovZio. Retrieved 2019-04-05.
  4. Preuβ Mattsson, John (Jun 29, 2021). "The evolution of cryptography in mobile networks and how to secure them in the future". Ericsson. Archived from the original on 21 December 2022. Retrieved 26 July 2023.
  5. Cycle, Janus (2023-01-13). "The Truth About SIM Card Cloning". YouTube. Retrieved 2023-07-23.
  6. Brumley, Billy (18 Nov 2004). "A3/A8 & COMP128" (PDF). Archived (PDF) from the original on 6 June 2023. Retrieved 26 Jul 2023.
  7. "S.493 - 105th Congress (1997-1998): Wireless Telephone Protection Act". 24 April 1998.