Professional Documents
Culture Documents
Mobile communication has been readily available for several years, and is major business
today. It provides a valuable service to its users who are willing to pay a considerable
premium over a fixed line phone, to be able to walk and talk freely. Because of its usefulness
and the money involved in the business, it is subject to fraud. Unfortunately, the advance of
security standards has not kept pace with the dissemination of mobile communication.
Some of the features of mobile communication make it an alluring target for criminals. It is a
relatively new invention, so not all people are quite familiar with its possibilities, in good or
in bad. Its newness also means intense competition among mobile phone service providers as
they are attracting customers. The major threat to mobile phone is from cloning.
Cell phone cloning is a technique wherein security data from one cell phone is transferred
into another phone. The other cell phone becomes the exact replica of the original cell phone
like a clone. As a result, while calls can be made from both phones, only the original is
billed. Though communication channels are equipped with security algorithms, yet cloners
get away with the help of loop holes in systems. So when one gets huge bills, the chances are
that the phone is being cloned.
This paper describes about the cell phone cloning with implementation in GSM and CDMA
technology phones. It gives an insight into the security mechanism in CDMA and GSM
phones along with the loop holes in the systems and discusses on the different ways of
preventing this cloning. Moreover, the future threat of this fraud is being elaborated
CONTENTS
S.NO. CHAPTER PAGE NO.
1. INTRODUCTION
2. HOW CELL PHONE WORKS?
3. WHAT IS CELL PHONE CLONING?
4. WHEN DID CELL CLONING START?
5. HOW IS CELL CLONING DONE?
6. METHODS TO DETECT CLONED PHONE ON NETWORK
7. ARE OUR CELL PHONES SECURED?
8. HOW TO KNOW THAT THE CELL HAS BEEN CLONED?
9. ROLE OF SERVICE PROVIDERS TO COMBAT CLONING
FRAUD?
10. HOW TO PREVENT CELL CLONI\NG?
11. SOME FACTS AND FIGURES
12. FUTURE THREATS
13. CONCLUSION
14. REFERENCES
15. INDEX
CHAPTER-1
INTRODUCTION
Cloning is the creation of an organism that is an exact genetic copy of another. This means
that every single bit of DNA is the same between the two!
Remember Dolly the lamb, cloned from a six-year-old ewe in 1997, by a group of
researchers at the Roslin Institute in Scotland? While the debate on the ethics of cloning
continues, human race, for the first time, are faced with a more tangible and harmful version
of cloning and this time it is your cell phone that is the target.
Millions of cell phones users, be it GSM or CDMA, run at risk of having their phones
cloned. As a cell phone user if you have been receiving exorbitantly high bills for calls that
were never placed, chances are that your cell phone could be cloned. Unfortunately, there is
no way the subscriber can detect cloning. Events like call dropping or anomalies in monthly
bills can act as tickers.
According to media reports, recently the Delhi (India) police arrested a person with 20 cell-
phones, a laptop, a SIM scanner, and a writer. The accused was running an exchange
illegally wherein he cloned CDMA based cell phones. He used software named Patagonia
for the cloning and provided cheap international calls to Indian immigrants in West Asia.
CHAPTER-2
When the cell site receives the pair signal, it determines if the requester is a legitimate
registered user by comparing the requestor's pair to a cellular subscriber list. Once the cellular
telephone's pair has been recognized, the cell site emits a control signal to permit the subscriber
to place calls at will. This process, known as Anonymous Registration, is carried out each time
the telephone is turned on or picked up by a new cell site.
ESN - The ESN (Electronic Serial Number) is the serial number of your cellular
telephone.The ESN is transmitted to the cell site and used in conjuction with the NAM to
verify that you are a legitimate user of the cellular system.
MIN - The MIN (Mobile Identification Number) is simply the phone number of the
cellular telephone.
CHAPTER-3
Cell phone cloning is copying the identity of one mobile telephone to another mobile
telephone.
Usually this is done for the purpose of making fraudulent telephone calls. The bills for the
calls go to the legitimate subscriber. The cloner is also able to make effectively
anonymous calls, which attracts another group of interested users.
Cloning is the process of taking the programmed information that is stored in a legitimate
mobile phone and illegally programming the identical information into another mobile
phone. The result is that the "cloned" phone can make and receive calls and the charges
for those calls are billed to the legitimate subscriber. The service provider network does
not have a way to differentiate between the legitimate phone and the "cloned" phone.
Cloning of mobile phones is the act of copying the subscriber information from one phone
onto the other for purposes of obtaining free calls. The other cell phone becomes the exact
replica of the original cell phone like a clone. As a result, while calls can be made from both
phones, only the original is billed.
Cloning occurs most frequently in areas of high cell phone usage -- valet parking lots,
airports, shopping malls, concert halls, sports stadiums, and high-congestion traffic areas in
metropolitan cities.
Figure 1. Cellular phone cloning
CHAPTER-4
Cloning CDMA Cell Phones - Cellular telephone thieves monitor the radio frequency
spectrum and steal the cell phone pair as it is being anonymously registered with a cell site.
The technology uses spread-spectrum techniques to share bands with multiple conversations.
Subscriber information is also encrypted and transmitted digitally. CDMA handsets are
particularly vulnerable to cloning, according to experts. First generation mobile cellular
networks allowed fraudsters to pull subscription data (such as ESN and MIN) from the
analog air interface and use this data to clone phones. A device called as DDi, Digital Data
Interface (which comes in various formats from the more expensive stand-alone box, to a
device which interfaces with your 800 MHz capable scanner and a PC) can be used to get
pairs by simply making the device mobile and sitting in a busy traffic area (freeway
overpass) and collect all the data you need. The stolen ESN and EMIN were then fed into a
new CDMA handset, whose existing program was erased with the help of downloaded
software. The buyer then programs them into new phones which will have the same number
as that of the original subscriber.
Cloning GSM Phones - GSM handsets, on the contrary, are safer, according to experts.
Every GSM phone has a 15 digit electronic serial number (referred to as the IMEI). It is not
a particularly secret bit of information and you don't need to take any care to keep it private.
The important information is the IMSI, which is stored on the removable SIM card that
carries all your subscriber information, roaming database and so on. GSM employs a fairly
sophisticated asymmetric-key cryptosystem for over-the-air transmission of subscriber
information. Cloning a SIM using information captured over-the-air is therefore difficult,
though not impossible. As long as you don't lose your SIM card, you're safe with GSM.
GSM carriers use the COMP128 authentication algorithm for the SIM, authentication center
and network which make GSM a far secure technology.
GSM networks which are considered to be impregnable can also be hacked. The process is
simple: a SIM card is inserted into a reader. After connecting it to the computer using data
cables, the card details were transferred into the PC. Then, using freely available encryption
software on the Net, the card details can be encrypted on to a blank smart card. The result: A
cloned cell phone is ready for misuse
CHAPTER – 5
CHAPTER -6
METHODS TO DETECT CLONED PHONES ON NETWORK
Several countermeasures were taken with varying success. Here are various methods to
detect cloned phones on the network:
Duplicate detection - The network sees the same phone in several places at the same
time. Reactions include shutting them all off so that the real customer will contact the
operator because he lost the service he is paying for, or tearing down connections so that the
clone users will switch to another clone but the real user will contact the operator.
Velocity trap - The mobile phone seems to be moving at impossible, or most unlikely
speeds. For example, if a call is first made in Helsinki, and five minutes later, another call is
made but this time in Tampere, there must be two phones with the same identity on the
network.
RF (Radio Frequency) - fingerprinting is originally a military technology. Even
nominally identical radio equipment has a distinguishing ``fingerprint'', so the network
software stores and compares fingerprints for all the phones that it sees. This way, it will
spot the clones with the same identity but different fingerprints.
Usage profiling. - Profiles of customers' phone usage are kept, and when discrepancies
are noticed, the customer is contacted. Credit card companies use the same method. For
example, if a customer normally makes only local network calls but is suddenly placing calls
to foreign countries for hours of airtime, it indicates a possible clone.
Call counting - Both the phone and the network keep track of calls made with the phone,
and should they differ more than the usually allowed one call, service is denied.
PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code
and then calls as usual. After the call has been completed, the user locks the phone by
entering the PIN code again. Operators may share PIN information to enable safer roaming.
Figure 3.Duplicate Detection
CHAPTER -7
ARE OUR CELL PHONES SECURED?
Too many users treat their mobile phones as gadgets rather than as business assets covered by
corporate security policy. Did you realize there's a lucrative black market in stolen and "cloned"
Sim cards? This is possible because Sims are not network specific and, though tamper-proof,
their security is flawed. In fact, a Sim can be cloned many times and the resulting cards used in
numerous phones, each feeding illegally off the same bill.
But there are locking mechanisms on the cellular phones that require a PIN to access the phone.
This would dissuade some attackers, foil others, but might not work against a well financed and
equipped attacker. An 8-digit PIN requires approximately 50,000,000 guesses, but there may be
ways for sophisticated attackers to bypass it.
With the shift to GSM digital - which now covers almost the entire UK mobile sector - the
phone companies assure us that the bad old days are over. Mobile phones, they say, are secure
and privacy friendly.
This is not entirely true. While the amateur scanner menace has been largely exterminated, there
is now more potential than ever before for privacy invasion.
The alleged security of GSM relies on the myth that encryption - the mathematical scrambling of
our conversations - makes it impossible for anyone to intercept and understand our words. And
while this claim looks good on paper, it does not stand up to scrutiny.
The reality is that the encryption has deliberately been made insecure. Many encrypted calls can
therefore be intercepted and decrypted with a laptop computer.
CHAPTER -8
• Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls
appearing on your phone bills
CHAPTER -9
CHAPTER -10
HOW TO PREVENT CELL CLONING?
Uniquely identifies a mobile unit within a wireless carrier's network. The MIN often can be
dialed from other wireless or wire line networks. The number differs from the electronic serial
number (ESN), which is the unit number assigned by a phone manufacturer. MINs and ESNs
can be checked electronically to help prevent fraud.
.Mobiles should never be trusted for communicating/storing confidential information.
Always set a Pin that's required before the phone can be used.
Check that all mobile devices are covered by a corporate security policy.
Ensure one person is responsible for keeping tabs on who has what equipment and that they
update the central register. How do service providers handle reports of cloned phones?
Legitimate subscribers who have their phones cloned will receive bills with charges for calls
they didn't make. Sometimes these charges amount to several thousands of dollars in addition to
the legitimate charges.
Typically, the service provider will assume the cost of those additional fraudulent calls.
However, to keep the cloned phone from continuing to receive service, the service provider will
terminate the legitimate phone subscription. The subscriber is then required to activate a new
subscription with a different phone number requiring reprogramming of the phone, along with
the additional headaches that go along with phone number changes.
CHAPTER -11
• Southwestern Bell claims wireless fraud costs the industry $650 million each year in
the US. Some federal agents in the US have called phone cloning an especially
`popular' crime because it is hard to trace. In one case, more than 1,500 telephone
calls were placed in a single day by cellular phone thieves using the number of a
single unsuspecting owner.
• A Home Office report in 2002 revealed that in London around 3,000 mobile phones
were stolen in one month alone which were used for cell phone cloning.
• Authorities, in the case, estimated the loss at $3,000 to $4,000 for each number used
in cell phone cloning.
Resolving subscriber fraud can be a long and difficult process for the victim. It may take
time to discover that subscriber fraud has occurred and an even longer time to prove that you did
not incur the debts. As described in this article there are many ways to abuse telecommunication
system, and to prevent abuse from occurring it is absolutely necessary to check out the weakness
and vulnerability of existing telecom systems. If it is planned to invest in new telecom
equipment, a security plan should be made and the system tested before being implemented. It is
therefore mandatory to keep in mind that a technique which is described as safe today can be the
most unsecured technique in the future.
CHAPTER - 13
CONCLUSION
Presently the cellular phone industry relies on common law (fraud and theft) and in-house
counter measures to address cellular phone fraud.
Is in initial stages in India so preventive steps should be taken by the network provider and the
Government the enactment of legislation to prosecute crimes related to cellular phones is not
viewed as a priority, however. It is essential that intended mobile crime legislation be
comprehensive enough to incorporate cellular phone fraud, in particular "cloning fraud" as a
specific crime.
Existing cellular systems have a number of potential weaknesses that were considered. It is
crucial that businesses and staff take mobile phone security seriously.
Awareness and a few sensible precautions as part of the overall enterprise security policy
will deter all but the most sophisticated criminal. It is also mandatory to keep in mind that a
technique which is described as safe today can be the most unsecured technique in the future.
Therefore it is absolutely important to check the function of a security system once a year and if
necessary update or replace it. Finally, cell-phones have to go a long way in security before they
can be used in critical applications like m-commerce.
References -
Websites:
http://www.cdmasoftware.com/eng.html
http://www.victorgsm.com/products/msl/
http://www.unlocker.ru/cdma_soft.php
http://www.cxotoday.com
http://infotech.indiatimes.coM
http://wiretap.spies.com
http://www.hackinthebox.org/
http://www.google.com
http://www.wikipedia.com