Mobile communication has been readily available for several years, and is major business today. It provides a valuable service to its users who are willing to pay a considerable premium over a fixed line phone, to be able to walk and talk freely. Because of its usefulness and the money involved in the business, it is subject to fraud. Unfortunately, the advance of security standards has not kept pace with the dissemination of mobile communication. Some of the features of mobile communication make it an alluring target for criminals. It is a relatively new invention, so not all people are quite familiar with its possibilities, in good or in bad. Its newness also means intense competition among mobile phone service providers as they are attracting customers. The major threat to mobile phone is from cloning. Cell phone cloning is a technique wherein security data from one cell phone is transferred into another phone. The other cell phone becomes the exact replica of the original cell phone like a clone. As a result, while calls can be made from both phones, only the original is billed. Though communication channels are equipped with security algorithms, yet cloners get away with the help of loop holes in systems. So when one gets huge bills, the chances are that the phone is being cloned. This paper describes about the cell phone cloning with implementation in GSM and CDMA technology phones. It gives an insight into the security mechanism in CDMA and GSM phones along with the loop holes in the systems and discusses on the different ways of preventing this cloning. Moreover, the future threat of this fraud is being elaborated

By Anand Kumar Manohar


1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. INTRODUCTION



be it GSM or CDMA. Unfortunately. recently the Delhi (India) police arrested a person with 20 cellphones. According to media reports. a laptop.CHAPTER-1 INTRODUCTION Cloning is the creation of an organism that is an exact genetic copy of another. there is no way the subscriber can detect cloning. This means that every single bit of DNA is the same between the two! Remember Dolly the lamb. human race. The accused was running an exchange illegally wherein he cloned CDMA based cell phones. . run at risk of having their phones cloned. and a writer. chances are that your cell phone could be cloned. Events like call dropping or anomalies in monthly bills can act as tickers. a SIM scanner. are faced with a more tangible and harmful version of cloning and this time it is your cell phone that is the target. by a group of researchers at the Roslin Institute in Scotland? While the debate on the ethics of cloning continues. As a cell phone user if you have been receiving exorbitantly high bills for calls that were never placed. cloned from a six-year-old ewe in 1997. for the first time. He used software named Patagonia for the cloning and provided cheap international calls to Indian immigrants in West Asia. Millions of cell phones users.

is carried out each time the telephone is turned on or picked up by a new cell site. it determines if the requester is a legitimate registered user by comparing the requestor's pair to a cellular subscriber list. Mobile Identification Number (MIN). MIN . MIN and ESN is collectively known as the ‘Pair’ which is used for the cell phone identification.The ESN (Electronic Serial Number) is the serial number of your cellular telephone. known as Anonymous Registration. ESN . When a cellular phone makes a call. Once the cellular telephone's pair has been recognized. This burst is the short buzz you hear after you press the SEND button and before the tower catches the data.CHAPTER-2 HOW CELL PHONE WORKS? Cell phones send radio frequency transmissions through the air on two distinct channels. it normally transmits its Electronic Security Number (ESN).The MIN (Mobile Identification Number) is simply the phone number of the cellular telephone. the cell site emits a control signal to permit the subscriber to place calls at will. This process. These four things are the components the cellular provider uses to ensure that the phone is programmed to be billed and that it also has the identity of both the customer and the phone. . When the cell site receives the pair signal. one for voice communications and the other for control signals.The ESN is transmitted to the cell site and used in conjuction with the NAM to verify that you are a legitimate user of the cellular system. its Station Class Mark (SCM) and the number called in a short burst of data.

Cloning of mobile phones is the act of copying the subscriber information from one phone onto the other for purposes of obtaining free calls. shopping malls. and high-congestion traffic areas in metropolitan cities. As a result. while calls can be made from both phones. The cloner is also able to make effectively anonymous calls.valet parking lots. concert halls.CHAPTER-3 WHAT IS CELL PHONE CLONING? Cell phone cloning is copying the identity of one mobile telephone to another mobile telephone. which attracts another group of interested users. Cloning occurs most frequently in areas of high cell phone usage -. Usually this is done for the purpose of making fraudulent telephone calls. . The bills for the calls go to the legitimate subscriber. The service provider network does not have a way to differentiate between the legitimate phone and the "cloned" phone. Cloning is the process of taking the programmed information that is stored in a legitimate mobile phone and illegally programming the identical information into another mobile phone. airports. The result is that the "cloned" phone can make and receive calls and the charges for those calls are billed to the legitimate subscriber. only the original is billed. The other cell phone becomes the exact replica of the original cell phone like a clone. sports stadiums.


Figure 1. Cellular phone cloning CHAPTER-4 .

are safer. As a result. to a device which interfaces with your 800 MHz capable scanner and a PC) can be used to get pairs by simply making the device mobile and sitting in a busy traffic area (freeway overpass) and collect all the data you need. GSM CDMA .GSM handsets. Cloning GSM Phones . Technically.Operators who provides CDMA service in India are Reliance and Tata Indicom. . Any curious teenager with a £100 Tandy Scanner could listen in to nearly any analogue mobile phone call.Operators who provide GSM service are Airtel.Hutch etc. company chiefs and celebrities routinely found their most intimate conversations published in the next day's tabloids Cell phone cloning started with Motorola "bag" phones and reached its peak in the mid 90's with a commonly available modification for the Motorola "brick" phones. There is no Subscriber Identity Module (SIM) card unlike in GSM. It is not a particularly secret bit of information and you don't need to take any care to keep it private. Every GSM phone has a 15 digit electronic serial number (referred to as the IMEI). such as the Classic. The technology uses spread-spectrum techniques to share bands with multiple conversations. Both GSM and CDMA handsets are prone to cloning. the Ultra Classic.Cellular telephone thieves monitor the radio frequency spectrum and steal the cell phone pair as it is being anonymously registered with a cell site. A device called as DDi. Subscriber information is also encrypted and transmitted digitally. on the contrary. Any GSM phone becomes immediately programmed after plugging in the SIM card.Code Division Multiple Access. Digital Data Interface (which comes in various formats from the more expensive stand-alone box. Cabinet Ministers. according to experts. The buyer then programs them into new phones which will have the same number as that of the original subscriber.WHEN DID CELL CLONING START? The early 1990s were boom times for eavesdroppers. according to experts. thus allowing GSM phones to be easily rented or borrowed. whose existing program was erased with the help of downloaded software. The stolen ESN and EMIN were then fed into a new CDMA handset. though cloning a GSM cell phone is not impossible. Cloning CDMA Cell Phones . – Global System for Mobile Communications. A method for transmitting simultaneous signals over a shared portion of the spectrum. CDMA handsets are particularly vulnerable to cloning. it is easier to clone a CDMA handset over a GSM one. First generation mobile cellular networks allowed fraudsters to pull subscription data (such as ESN and MIN) from the analog air interface and use this data to clone phones. and the Model 8000. A digital cellular phone technology based on TDMA GSM phones use a Subscriber Identity Module (SIM) card that contains user account information. There are also Internet sites that provide information on how one could go about hacking into cellphones.

i.e. The following functions exist: Access control by means of a personal smart card (called subscriber Identity module. Encryption of communication on the radio interface. GSM networks which are considered to be impregnable can also be hacked. CHAPTER – 5 . SIM) and PIN (personal identification number). The process is simple: a SIM card is inserted into a reader.e. Authentication of the users towards the network carrier and generation of a session key in order to prevent abuse.The important information is the IMSI. They only offer protection against the new forms of abuse. Then. The result: A cloned cell phone is ready for misuse IS FIXED TELEPHONE NETWORK SAFER THAN MOBILE PHONE? The answer is yes. the card details can be encrypted on to a blank smart card. The existing mobile communication networks are not safer than the fixed Telephone networks. SECURITY FUNCTIONS OF THE GSM AND CDMA -As background to a better understanding of the attacks on the GSM and CDMA network the following gives a brief introduction to the Security functions available in GSM. i. concealing the users’ identity on the radio interface. roaming database and so on. between mobile Station and base station. the security functions which prevent eavesdropping and unauthorized user are emphasized by the mobile phone companies. GSM employs a fairly sophisticated asymmetric-key cryptosystem for over-the-air transmission of subscriber information. though not impossible. GSM carriers use the COMP128 authentication algorithm for the SIM. authentication center and network which make GSM a far secure technology. In spite of this. using freely available encryption software on the Net. the card details were transferred into the PC. a temporary valid Identity code (TMSI) is used for the identification of a mobile user instead Of the IMSI. As long as you don't lose your SIM card. After connecting it to the computer using data cables. you're safe with GSM. Cloning a SIM using information captured over-the-air is therefore difficult. which is stored on the removable SIM card that carries all your subscriber information.

Trashing cellular companies or cellular resellers 3. This software’s are easily available in the market. but the process is not easy and it currently remains in the realm of serious hobbyists and researchers. but has fallen in popularity as older clone able phones are more difficult to find and newer phones have not been successfully reverse-engineered. effectively cloning the original subscription. Messages and calls sent by cloned phones can be tracked. Any calls made on this cloned phone would be charged on the original customer. A SIM can be cloned again and again and they can be used at different places. if the accused manages to also clone the IMEI number of the handset. your phone was an effective clone of the other phone. Using this software a cloner can take over the control of a CDMA phone i. There are other Software’s available in the market to clone GSM phone. however. Cloning has been successfully demonstrated under GSM. ESN/MIN pairs were discovered in several ways: 1. When placing a call. WHAT IS PATAGONIA? Patagonia is software available in the market which is used to clone CDMA phone. sent in the clear. The eavesdropped codes would then be programmed into another phone. However.e. . You would also have to change the MIN (Mobile Identification Number). so anyone with a suitable scanner could receive them. Sniffing the cellular 2. the phone transmits both the ESN and the MIN to the network. These were. there is no way he can be traced.HOW IS CELL CLONING DONE? Cloning involved modifying or replacing the EPROM in the phone with a new chip which would allow you to configure an ESN (Electronic serial number) via software. When you had successfully changed the ESN/MIN pair. Cloning required access to ESN and MIN pairs. See figure2. cloning of phone. Hacking cellular companies or cellular resellers Cloning still works under the AMPS/NAMPS system. for which software’s are available.

CHAPTER -6 .Figure 2. Cellular cloning.

.Prior to placing a call. the caller unlocks the phone by entering a PIN code and then calls as usual. and when discrepancies are noticed. Credit card companies use the same method. if a call is first made in Helsinki.Profiles of customers' phone usage are kept. there must be two phones with the same identity on the network.fingerprinting is originally a military technology. it will spot the clones with the same identity but different fingerprints. Call counting . For example.METHODS TO DETECT CLONED PHONES ON NETWORK Several countermeasures were taken with varying success. another call is made but this time in Tampere. Here are various methods to detect cloned phones on the network: Duplicate detection . Reactions include shutting them all off so that the real customer will contact the operator because he lost the service he is paying for. . it indicates a possible clone. and five minutes later. and should they differ more than the usually allowed one call.The network sees the same phone in several places at the same time. For example. so the network software stores and compares fingerprints for all the phones that it sees. This way. Usage profiling. PIN codes . RF (Radio Frequency) . the user locks the phone by entering the PIN code again.Both the phone and the network keep track of calls made with the phone. service is denied. Operators may share PIN information to enable safer roaming. if a customer normally makes only local network calls but is suddenly placing calls to foreign countries for hours of airtime. the customer is contacted. Velocity trap .The mobile phone seems to be moving at impossible. or most unlikely speeds. or tearing down connections so that the clone users will switch to another clone but the real user will contact the operator. Even nominally identical radio equipment has a distinguishing ``fingerprint''. After the call has been completed.

Duplicate Detection CHAPTER -7 .Figure 3.

they say. it does not stand up to scrutiny. Did you realize there's a lucrative black market in stolen and "cloned" Sim cards? This is possible because Sims are not network specific and. Mobile phones. But there are locking mechanisms on the cellular phones that require a PIN to access the phone. The alleged security of GSM relies on the myth that encryption . An 8-digit PIN requires approximately 50.the phone companies assure us that the bad old days are over. but there may be ways for sophisticated attackers to bypass it. foil others. there is now more potential than ever before for privacy invasion.makes it impossible for anyone to intercept and understand our words. This is not entirely true.the mathematical scrambling of our conversations . CHAPTER -8 . With the shift to GSM digital . a Sim can be cloned many times and the resulting cards used in numerous phones. And while this claim looks good on paper. though tamper-proof. This would dissuade some attackers.000 guesses. While the amateur scanner menace has been largely exterminated. but might not work against a well financed and equipped attacker. In fact. are secure and privacy friendly.000.which now covers almost the entire UK mobile sector .ARE OUR CELL PHONES SECURED? Too many users treat their mobile phones as gadgets rather than as business assets covered by corporate security policy. each feeding illegally off the same bill. Many encrypted calls can therefore be intercepted and decrypted with a laptop computer. The reality is that the encryption has deliberately been made insecure. their security is flawed.

Difficulty in retrieving voice mail messages. Unusual calls appearing on your phone bills CHAPTER -9 . or hang-ups.HOW TO KNOW THAT THE CELL HAS BEEN CLONED?  Frequent wrong number phone calls to your phone. Incoming calls constantly receiving busy signals or wrong numbers.    Difficulty in placing outgoing calls.

Authentication has advantages over these technologies in that it is the only industry standardized procedure that is transparent to the user. Subscriber behavior profiling is used to predict possible fraudulent use of mobile service based on the types of calls previously made by the subscriber. Calls that are not typical of the subscriber's past usage are flagged as potentially fraudulent and appropriate actions can be taken. and is a prevention system as opposed to a detection system. and Authentication.ROLE OF SERVICE PROVIDER TO COMBAT CLONING FRAUD? They are using many methods such as RF Fingerprinting. RF Fingerprinting is a method to uniquely identify mobile phones based on certain unique radio frequency transmission characteristics that are essentially "fingerprints" of the radio being used. a technology that can effectively combat roamer fraud. subscriber behavior profiling. CHAPTER -10 HOW TO PREVENT CELL CLONING? .

The number differs from the electronic serial number (ESN). The subscriber is then required to activate a new subscription with a different phone number requiring reprogramming of the phone. MINs and ESNs can be checked electronically to help prevent fraud. .Mobiles should never be trusted for communicating/storing confidential information.Uniquely identifies a mobile unit within a wireless carrier's network. CHAPTER -11 SOME FACTS AND FIGURES . The MIN often can be dialed from other wireless or wire line networks. to keep the cloned phone from continuing to receive service. Always set a Pin that's required before the phone can be used. Sometimes these charges amount to several thousands of dollars in addition to the legitimate charges. However. Ensure one person is responsible for keeping tabs on who has what equipment and that they update the central register. Typically. the service provider will assume the cost of those additional fraudulent calls. which is the unit number assigned by a phone manufacturer. along with the additional headaches that go along with phone number changes. Check that all mobile devices are covered by a corporate security policy. How do service providers handle reports of cloned phones? Legitimate subscribers who have their phones cloned will receive bills with charges for calls they didn't make. the service provider will terminate the legitimate phone subscription.

" says a Qualcomm executive. Southwestern Bell claims wireless fraud costs the industry $650 million each year in the US. "It's like a virus hitting the computer. Qualcomm.000 mobile phones were stolen in one month alone which were used for cell phone cloning. A Home Office report in 2002 revealed that in London around 3. which develops CDMA technology globally. According to a school of thought.000 for each number used in cell phone cloning. says each instance of mobile hacking is different and therefore there is very little an operator can do to prevent hacking. estimated the loss at $3. Authorities. In one case.000 to $4. more than 1.     CHAPTER . the Telecom Regulatory Authority of India (TRAI) should issue a directive. which holds the operators responsible for duplications of mobile phones.12 FUTURE THREATS . in the case. The software which is used to hack into the network is different. so operators can only keep upgrading their security firewall as and when the hackers strike.500 telephone calls were placed in a single day by cellular phone thieves using the number of a single unsuspecting owner. Some federal agents in the US have called phone cloning an especially `popular' crime because it is hard to trace.

Resolving subscriber fraud can be a long and difficult process for the victim. If it is planned to invest in new telecom equipment. CHAPTER . It may take time to discover that subscriber fraud has occurred and an even longer time to prove that you did not incur the debts. As described in this article there are many ways to abuse telecommunication system.13 . It is therefore mandatory to keep in mind that a technique which is described as safe today can be the most unsecured technique in the future. a security plan should be made and the system tested before being implemented. and to prevent abuse from occurring it is absolutely necessary to check out the weakness and vulnerability of existing telecom systems.

Is in initial stages in India so preventive steps should be taken by the network provider and the Government the enactment of legislation to prosecute crimes related to cellular phones is not viewed as a priority. Awareness and a few sensible precautions as part of the overall enterprise security policy will deter all but the most sophisticated criminal. References - . cell-phones have to go a long way in security before they can be used in critical applications like m-commerce. in particular "cloning fraud" as a specific crime.CONCLUSION Presently the cellular phone industry relies on common law (fraud and theft) and in-house counter measures to address cellular phone fraud. It is crucial that businesses and staff take mobile phone security seriously. It is also mandatory to keep in mind that a technique which is described as safe today can be the most unsecured technique in the future. It is essential that intended mobile crime legislation be comprehensive enough to incorporate cellular phone fraud. however. Finally. Therefore it is absolutely important to check the function of a security system once a year and if necessary update or replace it. Existing cellular systems have a number of potential weaknesses that were considered.

spies.indiatimes.coM http://wiretap.hackinthebox.google.victorgsm.unlocker.php http://www.Websites: http://www.cxotoday.org/ http://www.com .cdmasoftware.html http://www.com http://www.ru/cdma_soft.com http://infotech.com/eng.com/products/msl/ http://www.wikipedia.com http://www.

Sign up to vote on this title
UsefulNot useful