Professional Documents
Culture Documents
Mobile Phone Cloning
Mobile Phone Cloning
ABSTRACT
Mobile communication has been readily available for several years and is ma!or business today" #t provides a valuable service to its users $ho are $illing to pay a considerable premium over a fi%ed line phone to be able to $al& and tal& freely" 'ecause of its usefulness and the money involved in the business it is sub!ect to fraud" (nfortunately the advance of security standards has not &ept pace $ith the dissemination of mobile communication" Some of the features of mobile communication ma&e it an alluring target for criminals" #t is a relatively ne$ invention so not all people are )uite familiar $ith its possibilities in good or in bad" #ts ne$ness also means intense competition among mobile phone service providers as they are attracting customers" *he ma!or threat to mobile phone is from cloning" Cell phone cloning is a techni)ue $herein security data from one cell phone is transferred into another phone" *he other cell phone becomes the e%act replica of the original cell phone li&e a clone" +s a result $hile calls can be made from both phones only the original is billed" *hough communication channels are e)uipped $ith security algorithms yet cloners get a$ay $ith the help of loop holes in systems" So $hen one gets huge bills the chances are that the phone is being cloned" *his paper describes about the cell phone cloning $ith implementation in ,SM and C-M+ technology phones" #t gives an insight into the security mechanism in C-M+ and ,SM phones along $ith the loop holes in the systems and discusses on the different $ays of preventing this cloning" Moreover the future threat of this fraud is being elaborated"
CONTENTS
1" #/*R0-(C*#0/ 2" 102 C.33 P10/. 20R4S5 3" 21+* #S C.33 P10/. C30/#/,5 6" 21./ -#- C.33 C30/#/, S*+R*5 7" 102 #S C.33 C30/#/, -0/.5 8" M.*10-S *0 -.*.C* C30/.- P10/. 0/ /.*20R4 9" +R. 0(R C.33 P10/.S S.C(R.-5 :" 102 *0 4/02 *1+* *1. C.33 1+S '../ C30/.-5 ;" R03. 0< S.R=#C. PR0=#-.RS *0 C0M'+* C30/#/, <R+(-5 10" 102 *0 PR.=./* C.33 C30/#>/,5 11" S0M. <+C*S +/- <#,(R.S 12" <(*(R. *1R.+*S 13" C0/C3(S#0/ 16" R.<.R./C.S
INTRODUCTION
Cloning is the creation of an organism that is an e%act genetic copy of another" *his means that every single bit of -/+ is the same bet$een the t$o? Remember -olly the lamb cloned from a si%-year-old e$e in 1;;9 by a group of researchers at the Roslin #nstitute in Scotland5 2hile the debate on the ethics of cloning continues human race for the first time are faced $ith a more tangible and harmful version of cloning and this time it is your cell phone that is the target" Millions of cell phones users be it ,SM or C-M+ run at ris& of having their phones cloned" +s a cell phone user if you have been receiving e%orbitantly high bills for calls that $ere never placed chances are that your cell phone could be cloned" (nfortunately there is no $ay the subscriber can detect cloning" .vents li&e call dropping or anomalies in monthly bills can act as tic&ers" +ccording to media reports recently the -elhi @#ndiaA police arrested a person $ith 20 cellphones a laptop a S#M scanner and a $riter" *he accused $as running an e%change illegally $herein he cloned C-M+ based cell phones" 1e used soft$are named Patagonia for the cloning and provided cheap international calls to #ndian immigrants in 2est +sia"
*he early 1;;0s $ere boom times for eavesdroppers" +ny curious teenager $ith a G100 *andy Scanner could listen in to nearly any analogue mobile phone call" +s a result Cabinet Ministers company chiefs and celebrities routinely found their most intimate conversations published in the ne%t dayEs tabloids Cell phone cloning started $ith Motorola FbagF phones and reached its pea& in the mid ;0Es $ith a commonly available modification for the Motorola Fbric&F phones such as the Classic the (ltra Classic and the Model :000" GS$ % ,lobal System for Mobile Communications" + digital cellular phone technology based on *-M+ ,SM phones use a Subscriber #dentity Module @S#MA card that contains user account information" +ny ,SM phone becomes immediately programmed after plugging in the S#M card thus allo$ing ,SM phones to be easily rented or borro$ed" 0perators $ho provide ,SM service are +irtel 1utch etc" CD$A - Code -ivision Multiple +ccess" + method for transmitting simultaneous signals over a shared portion of the spectrum" *here is no Subscriber #dentity Module @S#MA card unli&e in ,SM" 0perators $ho provides C-M+ service in #ndia are Reliance and *ata #ndicom" 'oth ,SM and C-M+ handsets are prone to cloning" *echnically it is easier to clone a C-M+ handset over a ,SM one though cloning a ,SM cell phone is not
impossible" *here are also #nternet sites that provide information on ho$ one could
Cl!"i"g CD$A Cell P !"e& - Cellular telephone thieves monitor the radio fre)uency spectrum and steal the cell phone pair as it is being anonymously registered $ith a cell site" *he technology uses spread-spectrum techni)ues to share bands $ith multiple conversations" Subscriber information is also encrypted and transmitted digitally" C-M+ handsets are particularly vulnerable to cloning according to e%perts" <irst generation mobile cellular net$or&s allo$ed fraudsters to pull subscription data @such as .S/ and M#/A from the analog air interface and use this data to clone phones" + device called as --i -igital -ata #nterface @$hich comes in various formats from the more e%pensive stand-alone bo% to a device $hich interfaces $ith your :00 M1B capable scanner and a PCA can be used to get pairs by simply ma&ing the device mobile and sitting in a busy traffic area @free$ay overpassA and collect all the data you need" *he stolen .S/ and .M#/ $ere then fed into a ne$ C-M+ handset $hose e%isting program $as erased $ith the help of do$nloaded soft$are" *he buyer then programs them into ne$ phones $hich $ill have the same number as that of the original subscriber" Cl!"i"g GS$ P !"e& - ,SM handsets on the contrary are safer according to e%perts" .very ,SM phone has a 17 digit electronic serial number @referred to as the #M.#A" #t is not a particularly secret bit of information and you donEt need to ta&e any care to &eep it private" *he important information is the #MS# $hich is stored on the removable S#M card that carries all your subscriber information roaming database and so on" ,SM employs a fairly sophisticated asymmetric-&ey cryptosystem for over-the-air transmission of subscriber information" Cloning a S#M using information captured over-the-air is therefore difficult though not impossible" +s long as you donEt lose your S#M card youEre safe $ith ,SM" ,SM carriers use the C0MP12: authentication algorithm for the S#M authentication center and net$or& $hich ma&e ,SM a far secure technology"
,SM net$or&s $hich are considered to be impregnable can also be hac&ed" *he process is simpleH a S#M card is inserted into a reader" +fter connecting it to the computer using data cables the card details $ere transferred into the PC" *hen using freely available encryption soft$are on the /et the card details can be encrypted on to a blan& smart card" *he resultH + cloned cell phone is ready for misuse IS FI'ED TELEPHONE NETWORK SAFER THAN $OBILE PHONE? *he ans$er is yes" #n spite of this the security functions $hich prevent eavesdropping and unauthoriBed user are emphasiBed by the mobile phone companies" *he e%isting mobile communication net$or&s are not safer than the fi%ed *elephone net$or&s" *hey only offer protection against the ne$ forms of abuse" SECURIT( FUNCTIONS OF THE GS$ AND CD$A % +s bac&ground to a better understanding of the attac&s on the ,SM and C-M+ net$or& the follo$ing gives a brief introduction to the Security functions available in ,SM" *he follo$ing functions e%istH +ccess control by means of a personal smart card @called subscriber #dentity module S#MA and P#/ @personal identification numberA +uthentication of the users to$ards the net$or& carrier and generation of a session &ey in order to prevent abuse" .ncryption of communication on the radio interface i"e" bet$een mobile Station and base station concealing the usersD identity on the radio interface i"e" a temporary valid #dentity code @*MS#A is used for the identification of a mobile user instead 0f the #MS#"
Cloning has been successfully demonstrated under ,SM but the process is not easy and it currently remains in the realm of serious hobbyists and researchers" 2hen placing a call the phone transmits both the .S/ and the M#/ to the net$or&" *hese $ere ho$ever sent in the clear so anyone $ith a suitable scanner could receive them" *he eavesdropped codes $ould then be programmed into another phone effectively cloning the original subscription" +ny calls made on this cloned phone $ould be charged on the original customer" See figure2"
WHAT IS PATAGONIA?
Patagonia is soft$are available in the mar&et $hich is used to clone C-M+ phone" (sing this soft$are a cloner can ta&e over the control of a C-M+ phone i"e" cloning of phone" *here are other Soft$areDs available in the mar&et to clone ,SM phone"
10
*his soft$areDs are easily available in the mar&et" + S#M can be cloned again and again and they can be used at different places" Messages and calls sent by cloned phones can be trac&ed" 1o$ever if the accused manages to also clone the #M.# number of the handset for $hich soft$areDs are available there is no $ay he can be traced"
RF 1Ra,i! Fre2ue"#/3 - fingerprinting is originally a military technology" .ven nominally identical radio e)uipment has a distinguishing KKfingerprintEE so the net$or& soft$are stores and compares fingerprints for all the phones that it sees" *his $ay it $ill spot the clones $ith the same identity but different fingerprints" U&age pr!*ili"g. - Profiles of customersE phone usage are &ept and $hen discrepancies are noticed the customer is contacted" Credit card companies use the same method" <or e%ample if a customer normally ma&es only local net$or& calls but is suddenly placing calls to foreign countries for hours of airtime it indicates a possible clone" Call #!u")i"g - 'oth the phone and the net$or& &eep trac& of calls made $ith the phone and should they differ more than the usually allo$ed one call service is denied" PIN #!,e& 0 Prior to placing a call the caller unloc&s the phone by entering a P#/ code and then calls as usual" +fter the call has been completed the user loc&s the phone by entering the P#/ code again" 0perators may share P#/ information to enable safer roaming"
12
13
2ith the shift to ,SM digital - $hich no$ covers almost the entire (4 mobile sector - the phone companies assure us that the bad old days are over" Mobile phones they say are secure and privacy friendly" *his is not entirely true" 2hile the amateur scanner menace has been largely e%terminated there is no$ more potential than ever before for privacy invasion" *he alleged security of ,SM relies on the myth that encryption - the mathematical scrambling of our conversations - ma&es it impossible for anyone to intercept and understand our $ords" +nd $hile this claim loo&s good on paper it does not stand up to scrutiny" *he reality is that the encryption has deliberately been made insecure" Many encrypted calls can therefore be intercepted and decrypted $ith a laptop computer"
16
+uthentication has advantages over these technologies in that it is the only industry standardiBed procedure that is transparent to the user a technology that can effectively combat roamer fraud and is a prevention system as opposed to a detection system"
.nsure one person is responsible for &eeping tabs on $ho has $hat e)uipment and that they update the central register" 1o$ do service providers handle reports of cloned phones5 3egitimate subscribers $ho have their phones cloned $ill receive bills $ith charges for calls they didnEt ma&e" Sometimes these charges amount to several thousands of dollars in addition to the legitimate charges" *ypically the service provider $ill assume the cost of those additional fraudulent calls" 1o$ever to &eep the cloned phone from continuing to receive service the service provider $ill terminate the legitimate phone subscription" *he subscriber is then re)uired to activate a ne$ subscription $ith a different phone number re)uiring reprogramming of the phone along $ith the additional headaches that go along $ith phone number changes"
19
+uthorities in the case estimated the loss at L3 000 to L6 000 for each number used in cell phone cloning" +ccording to a school of thought the *elecom Regulatory +uthority of #ndia @*R+#A should issue a directive $hich holds the operators responsible for duplications of mobile phones"
Mualcomm $hich develops C-M+ technology globally says each instance of mobile hac&ing is different and therefore there is very little an operator can do to prevent hac&ing" F#tEs li&e a virus hitting the computer" *he soft$are $hich is used to hac& into the net$or& is different so operators can only &eep upgrading their security fire$all as and $hen the hac&ers stri&e F says a Mualcomm e%ecutive"
FUTURE THREATS
Resolving subscriber fraud can be a long and difficult process for the victim" #t may ta&e time to discover that subscriber fraud has occurred and an even longer time to prove that you did not incur the debts" +s described in this article there are many $ays to abuse telecommunication system and to prevent abuse from occurring it is absolutely necessary to chec& out the $ea&ness and vulnerability of e%isting telecom systems" -ept"of .lectronics .ngg" *irur 1: S"S"M" Polytechnic College
#f it is planned to invest in ne$ telecom e)uipment a security plan should be made and the system tested before being implemented" #t is therefore mandatory to &eep in mind that a techni)ue $hich is described as safe today can be the most unsecured techni)ue in the future"
CONCLUSION
Presently the cellular phone industry relies on common la$ @fraud and theftA and in-house counter measures to address cellular phone fraud" #s in initial stages in #ndia so preventive steps should be ta&en by the net$or& provider and the ,overnment the enactment of legislation to prosecute crimes related to cellular phones is not vie$ed as a priority ho$ever" #t is essential that intended -ept"of .lectronics .ngg" *irur 1; S"S"M" Polytechnic College
.%isting cellular systems have a number of potential $ea&nesses that $ere considered" #t is crucial that businesses and staff ta&e mobile phone security seriously" +$areness and a fe$ sensible precautions as part of the overall enterprise security policy $ill deter all but the most sophisticated criminal" #t is also mandatory to &eep in mind that a techni)ue $hich is described as safe today can be the most unsecured techni)ue in the future" *herefore it is absolutely important to chec& the function of a security system once a year and if necessary update or replace it" <inally cell-phones have to go a long $ay in security before they can be used in critical applications li&e m-commerce"
REFERENCES
httpHJJ$$$"cdmasoft$are"comJeng httpHJJ$$$"victorgsm"comJproduct httpHJJ$$$"unloc&er"ruJcdmaNsoft" 20 S"S"M" Polytechnic College
21