SIM cloning

Phone cloning is the copying of identity from one cellular device to another.

AMPS cloning

Analogue mobile telephones were notorious for their lack of security. Casual listeners easily heard conversations as plain narrowband FM; eavesdroppers with specialized equipment readily intercepted handset Electronic Serial Numbers (ESN) and Mobile Directory Numbers (MDN or CTN, the Cellular Telephone Number) over the air. The intercepted ESN/MDN pairs would be cloned onto another handset and used in other regions for making calls. Due to widespread fraud, some carriers required a PIN before making calls or used a system of radio fingerprinting to detect the clones.

CDMA cloning

Code-Division Multiple Access (CDMA) mobile telephone cloning involves gaining access to the device's embedded file system /nvm/num directory via specialized software or placing a modified EEPROM into the target mobile telephone, allowing the Electronic Serial Number (ESN) and/or Mobile Equipment Identifier (MEID) of the mobile phone to be changed. To obtain the MEID of your phone, simply open your phone's dialler and type *#06# to get its MEID number. The ESN or MEID is typically transmitted to the cellular company's Mobile Telephone Switching Office (MTSO) in order to authenticate a device onto the mobile network. Modifying these, as well as the phone's Preferred Roaming List (PRL) and the mobile identification number, or MIN, can pave the way for fraudulent calls, as the target telephone is now a clone of the telephone from which the original ESN and MIN data were obtained.

GSM cloning

GSM cloning occurs by copying a secret key from the victim SIM card, typically not requiring any internal data from the handset (the phone itself). GSM handsets do not have ESN or MIN, only an International Mobile Equipment Identity (IMEI) number. There are various methods used to obtain the IMEI. The most common methods are to hack into the cellular company, or to eavesdrop on the cellular network.

A GSM SIM card is copied by removing the SIM card and placing a device between the handset and the SIM card and allowing it to operate for a few minutes and extracting the K_i, or secret code. This is normally done with handsets that have the option of an "extended battery" by placing the normal size battery in the handset and the K_i in the now vacant extra space. This is done by allowing the device to log the interaction between the mobile telephone switching office and the handset.

Effectiveness and legislation

Phone cloning is outlawed in the United States by the Wireless Telephone Protection Act of 1998, which prohibits "knowingly using, producing, trafficking in, having control or custody of, or possessing hardware or software knowing that it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization."

The effectiveness of phone cloning is limited. Every mobile phone contains a radio fingerprint in its transmission signal which remains unique to that mobile despite changes to the phone's ESN, IMEI, or MIN. Thus, cellular companies are often able to catch cloned phones when there are discrepancies between the fingerprint and the ESN, IMEI, or MIN.

See also

* Dual SIM
* International Mobile Equipment Identity
* Subscriber identity module

References

{{Reflist

Fraud
Mobile technology