sophisticated asymmetric-key cryptosystem for over-the-air transmission of subscriber information. Cloning a SIMusing information captured over-the-air is thereforedifficult, though not impossible. As long as you don't loseyour SIM card, you're safe with GSM. GSM carriers usethe COMP128 authentication algorithm for the SIM,authentication center and network which make GSM a far secure technology.GSM networks which are considered to beimpregnable can also be hacked. The process is simple: aSIM card is inserted into a reader. After connecting it tothe computer using data cables, the card details weretransferred into the PC. Then, using freely availableencryption software on the Net, the card details can beencrypted on to a blank smart card. The result: A clonedcell phone is ready for misuse.
Identifying the ESN in yourCellular Phone.
Depending on what model phone you have, the ESNwill be located on a PROM. The PROM is programmedat the factory, and installed usually with the security fuse blown to prevent tampering. The code on the PROMmight possibly be obtained by unsoldering it from thecellular phone, putting it in a PROM reader, and thenobtaining a memory map of the chip.The PROM is going to have from sixteen totwenty-eight leads coming from it. It is a bipolar PROM.The majority of phones will accept the NationalSemiconductor 32x8 PROM, which will hold the ESNand cannot be reprogrammed. If the ESN is known
the phone, it is possible to trace the memory map byinstalling the PROM into a reader, and obtaining the fusemap from the PROM by triggering the "READMASTER" switch of the PROM programmer. Inaddition, most PROM programming systems includeverify and compare switch to allow you to compare the programming of one PROM with another.As said earlier, the ESN is uniformly black withsixteen to twenty-eight leads emanating from itsrectangular body, or square shaped body. If it is the dual-in-line package chip, (usually found in transportable andinstalled phones), it is rectangular. If it is the plasticleaded chip carrier (PLCC), it will be square and have amuch smaller appearance. Functionally, they are thesame chip, but the PLCC is used with hand held cellular phones because of the need for reduced size circuitry.
De-solder the ESN chip.
Solder in a zero insertion force (ZIF)replacement, so that replacement chip can be changedeasily.
After the ZIF socket has been successfullysoldered in, reinsert the ESN and attempt to make a phone call (Be sure the NAM is programmedcorrectly). If it doesn't, check the leads on the ZIF toinsure that you have soldered them correctly.
After that, insert your ESN into your PROMreader and make sure it provides some sort of reading. You should use the search mode to look for the manufacturer’s serial number to identify theaddress on the PROM where to reprogram the ESN.
Cellular Phone SecurityMeasures.
Cellular operators in many countries have deployedvarious technologies to tackle this menace. Some of themare as follows:
Duplicate Detection Method
wherethe network sees the same phone in several places atthe same time. Reactions include shutting them alloff, so that the real customer will contact the operator because he has lost the service he is paying for.
is another test to check thesituation, whereby the mobile phone seems to bemoving at impossible or most unlikely speeds. For example, if a call is first made in Delhi, and fiveminutes later, another call is made but this time inChennai, there must be two phones with the sameidentity on the network.
Some operators also use
, originally a military technology.Even identical radio equipment has a distinguishing`fingerprint', so the network software stores andcompares fingerprints for all the phones that it sees.This way, it will spot the clones with the sameidentity, but different fingerprints.
is another way wherein profilesof customers' phone usage are kept, and whendiscrepancies are noticed, the customer is contacted.For example, if a customer normally makes onlylocal network calls but is suddenly placing calls toforeign countries for hours of airtime, it indicates a possible clone. On the other hand, the consumers cancheck regularly the unbilled amount details. Userswith ILD facility need to be more careful asfraudsters attempt to make as many international callsas possible within a short time due to fear of gettingcaught. Since ILD rates are higher than other calls,