Professional Documents
Culture Documents
Mobile Phone Cloning Report
Mobile Phone Cloning Report
INTRODUCTION
Mobile communication has been readily available for several years, and is
major business today. It provides a valuable service to its users who are willing to
pay a considerable premium over a fixed line phone, to be able to walk and talk
freely. Because of its usefulness and the money involved in the business, it is subject
to fraud. Unfortunately, the advance of security standards has not kept pace with the
dissemination of mobile communication.
Some of the features of mobile communication make it an alluring target for
criminals. It is a relatively new invention, so not all people are quite familiar with its
possibilities, in good or in bad. Its newness also means intense competition among
mobile phone service providers as they are attracting customers. The major threat to
mobile phone is from cloning.
What is Cloning :
Remember Dolly the lamb, cloned from a six-year-old ewe in 1997, by a group of
researchers at the Roslin Institute in Scotland. While the debate on the ethics of
cloning continues, human race, for the first time, are faced with a more tangible and
harmful version of cloning and this time it is your cell phone that is the target.
Millions of cell phones users, be it GSM or CDMA, run at risk of having their phones
cloned. As a cell phone user if you have been receiving exorbitantly high bills for
calls that were never placed, chances are that your cell phone could be cloned.
Phone cloning is the transfer of identity between one mobile telephone and
another. Phone cloning is outlawed in the United Kingdom by the Wireless
Telephone Protection Act of 1998. Usually this is done for the purpose of making
fraud lent telephone calls. The bills for the calls go to the legitimate subscriber. The
early 1990’s were boom times for eavesdroppers. Any curious teenager with a £ 100
Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result,
Cabinet Ministers, company chiefs and celebrities routinely found their most intimate
conversations published in the next day's tabloids. Cell phone cloning started with
Motorola bag phones and reached its peak in the mid 90's with a commonly
available modification for the Motorola brick phones, such as the Classic, the Ultra
Classic, and the Model 8000.
The Economic Crimes Policy Team was chartered to advance the
Commission’s work in several areas, including the development of options for
implementing the directives contained in the Wireless Telephone Protection Act.
Specifically, this act amended 18 U.S.C. $ 1029 (Fraud and related activity in
connection with access devices) with regard to the cloning of cellular telephones.
Cell phone cloning is a technique wherein security data from one cell phone is
transferred into another phone. The other cell phone becomes the exact replica of the
original cell phone like a clone. As a result, while calls can be made from both
phones, only the original is billed. Though communication channels are equipped
with security algorithms, yet cloners get away with the help of loop holes in systems.
So when one gets huge bills, the chances are that the phone is being cloned.
ESN/MIN pair can be cloned in a number of ways without the knowledge of the
carrier or subscriber through the use of electronic scanning devices.
After the ESN/MIN pair is captured, the cloner reprograms or alters the
microchip of any wireless phone to create a clone of the wireless phone from which
the ESN/MIN pair was stolen. The entire programming process takes ten-15 minutes
per phone. After this process is completed, both phones (the legitimate and the clone)
are billed to the original, legitimate account.
The cellular telephone industry does not charge legitimate, victimized
customers for fraudulent calls rather the companies absorb the losses themselves. In
addition to losses due to fraudulent billing, the cellular companies incur losses due to
the fees paid for connections and long-distance.
LITERATURE SURVEY
History:
The early 1990s were boom times for eavesdroppers. Any curious teenager
with a £100 Tandy Scanner could listen in to nearly any analogue mobile phone call.
As a result, Cabinet Ministers, company chiefs and celebrities routinely found their
most intimate conversations published in the next day's tabloids. Mobile phone
cloning started with Motorola bag phones and reached its peak in the mid 90’s with a
commonly available modification for the Motorola brick phones , such as the Classic,
the Ultra Classic, and the Model 8000.
On April 13, 1998, the Smartcard Developer Association and the ISAAC
security research group announced a flaw in the authentication codes found in digital
GSM cell phones. This allows an attacker with physical access to a target phone to
make an exact duplicate (a “clone'') and to make fraudulent calls billed to the target
user's account.
Press coverage: The Los Angeles Times [local copy]; The New York Times;
The Associated Press; The Wall Street Journal; USA Today; Wired News; Time
daily; Time magazine; The Netly News; CNN; ABC News; Wireless Daily News
[local copy]; The Daily Californian.
Three years later: Indications are that the GSM industry is taking steps to repair the
security weaknesses in the GSM cryptographic algorithms. A patched version of
COMP128 is now available (called COMP128-2), although it remains unpublished.
The U.S. Secret Service and the wireless telecommunications industry are
increasingly concerned about wireless fraud. First, the wireless telecommunication
industry asserts that wireless fraud has grown exponentially since its introduction into
the market. They estimate that wireless fraud costs the telecommunications industry
over $650 million per year. Second, according to the Secret Service cloned phones
are the communications medium of choice for criminals because it gives them mobile
communications and anonymity. Cloned phones are difficult to detect and trace , and
phone numbers can be changed in an instant.
and/or access to individual accounts. The changes in 18 U.S.C. § 1029 are aimed at
counterfeit fraud, specifically, the cloning of cellular telephones.
Call Selling Operations: This type of fraud involves using stolen calling card
numbers and/or cellular account numbers to sell less expensive cellular long distance
(often international) service to others.
Most importantly, the GSM industry appears to have at least partially learned
the important lesson here: security through obscurity doesn't work. The next-
generation replacement for GSM, called 3GPP, will use algorithms developed based
on principles from the research literature.
Note that the other major players in this arena moved some time ago to open
design processes. This includes the next-generation AES standard process being
shepherded by the US government, as well as the US cellular industry. The US
cellular industry is an interesting case study: initially they used closed design, but
after several of their cryptographic algorithms were rapidly broken by cryptographers
in the open research community, to their credit they quickly moved to an open design
process. I am glad that the GSM/3GPP industry has recognized the benefits of this
approach.
We also understand that the GSM Association has agreed to develop a new,
stronger voice encryption cipher called A5/3, apparently based on Kasumi (a block
cipher which was developed based on principles from the research literature). It will
apparently become mandatory to support A5/3 at some point in the future. I strongly
support the GSM Association's efforts to repair the ailing series of voice privacy
algorithms and provide robust voice privacy protection for the future.
Over-the-air cloning:
In our original announcement, we noted that we could not rule out the
possibility of over-the-air attacks, but we emphasized that we had not demonstrated
such an attack. At that time, we did not provide any further analysis on the resources
required to mount an over-the-air attack. There was, for obvious reasons,
considerable interest in the possibility of over-the-air attacks, and we had reason to
suspect they might be possible, but we wanted to be extremely conservative in
reporting only what we knew for certain was exploitable. That viewpoint is probably
now best regarded as outdated.
METHODOLOGY
Cell phone cloning is copying the identity of one mobile telephone to another
mobile telephone. Cell phones send radio frequency transmissions through the air on
two distinct channels, one for voice communications and the other for control signals.
Each cellular phone has a unique pair of identifying numbers: the electronic
serial number ESN and the mobile identification number MIN. The ESN is
programmed into the wireless phone’s microchip by the manufacturer at the time of
production. The MIN is a ten-digit phone number that is assigned by the wireless
carrier to a customer when an account is opened .The MIN can be changed by the
carrier, but the ESN, by law, cannot be altered .When a cellular phone is first turned
on, it emits a radio signal that broadcasts these numbers to the nearest cellular tower.
The phone will continue to emit these signals at regular intervals, remaining in
contact with the nearest cellular tower. These emissions(called autonomous
registration) allow computers at the cellular carrier to know how to route incoming
calls to that phone, to verify that the account is valid so that outgoing call scan be
made, and to provide the foundation for proper billing of calls. This autonomous
registration occurs whenever the phone is on, regardless of whether a call is actually
in progress.
IMEI number. This is a very valuable number and used in tracking mobile
phones.
Cloning still works under the AMPS/NAMPS system, but has fallen in
popularity as older clone able phones are more difficult to find and newer
phones have not been successfully reverse-engineered.
Cloning has been successfully demonstrated under GSM, but the process is not
easy and it currently remains in the realm of serious hobbyists and researchers.
MIN - The MIN (Mobile Identification Number) is simply the phone number of
the cellular telephone.
ESN - The ESN (Electronic Serial Number) is the serial number of your cellular
telephone. The ESN is transmitted to the cell site and used in conjunction with the
NAME to verify that you are a legitimate user of the cellular system.
When placing a call, the phone transmits both the ESN and the MIN to the
network. These were, however, sent in the clear, so anyone with a suitable scanner
could receive them. The eavesdropped codes would then be programmed into
another phone, effectively cloning the original subscription. Any calls made on this
cloned phone would be charged on the original customer.
WHAT IS PATAGONIA?
Too many users treat their mobile phones as gadgets rather than as a
business assets covered by corporate security policy. There is lucrative black
market in stolen and cloned SIM cards. This is possible because SIM’s are not
network specific and though tamper proof, their security is flawed. In fact ,a SIM
can be cloned many times and the resulting cards used in numerous phones, each
feeding illegally off the same bill. But there are locking mechanisms on the
cellular phones that require a PIN to access the phone. An 8 digit PIN requires
approximately 50,000,000 guesses, but there may be ways for sophisticated
attackers to bypass it. With the shift to GSM digital, which now covers almost the
entire UK mobile sector, the phone companies assure us that the bad old days are
over. Mobile phones, then say, are more secure and privacy friendly. This is not
entirely true. The alleged security of GSM relies on the myth that encryption the
mathematical scrambling of our conversations makes it impossible for anyone to
intercept and understand our words and while this claim looks good on paper, it
does not stand up scrutiny.
Usually this is done for the purpose of making fraudulent telephone calls. The
bills for the calls go to the legitimate subscriber. The cloner is also able to make
effectively anonymous calls, which attracts another group of interested users
Cell phones are complex electronic devices, sensitive to heat, cold and
excess moisture. But a cell phone's sensitivity isn't limited to extreme weather
conditions. Analog cell phones, as opposed to the newer digital phones, can be
cloned. This means that someone can tap into your cell phone's personal
identification number and makes calls on the same account. In other words, with a
little technical know-how, someone can steal your phone number and charge the
calls made to your account.
You won't even know it's happened, until you get your phone bill. How does
cloning happen if each phone has its own unique identifying features? Whenever you
dial a number from your cell phone, the ESN (electronic serial number) and MIN
(mobile identification number) of your phone are transmitted to the network
identifying the cell phone dialed from and who to bill. Some people, who work in the
way that computer hackers operate, can use a scanner to listen in to this transmission
and capture the code. They can then use the information they gather to make calls
that are then charged to the account of the phone number they have in effect broken
into.
IMPLEMENTATION
GSM:
Global System for Mobile Communications. A digital cellular phone
technology based on TDMA GSM phones use a Subscriber Identity Module (SIM)
card that contains user account information. Any GSM phone becomes immediately
programmed after plugging in the SIM card, thus allowing GSM phones to be easily
rented or borrowed .Operators who provide GSM service are Airtel , Hutch etc.
Looking at the recent case, it is quite possible to clone both GSM and CDMA
sets. The accused in the Delhi case used software called Patagonia to clone only
CDMA phones (Reliance and Tata Indicom). However, there are software packages
that can be used to clone even GSM phones (e.g. Airtel, BSNL, Hutch, Idea). In order
to clone a GSM phone, knowledge of the International Mobile Equipment Identity
(IMEI) or instrument number is sufficient .But the GSM-based operators maintain
that the fraud is happening on CDMA, for now, and so their subscribers wouldn't
need to worry. Operators in other countries have deployed various technologies to
tackle this menace. They are: -
1) There's the duplicate detection method where the network sees the same
phone in several places at the same time. Reactions include shutting them all off, so
that the real customer will contact the operator because he has lost the service he is
paying for.
2) Velocity trap is another test to check the situation, whereby the mobile
phone seems to be moving at impossible or most unlikely speeds. For example, if a
call is first made in Delhi, and five minutes later, another call is made but this time in
Chennai, there must be two phones with the same identity on the network.
3) Some operators also use Radio Frequency fingerprinting, originally a
military technology. Even identical radio equipment has a distinguishing fingerprint,
so the network software stores and compares fingerprints for all the phones that it
sees.
This way, it will spot the clones with the same identity, but different
fingerprints .Usage profiling is another way wherein profiles of customers' phone
usage are kept, and when discrepancies are noticed, the customer is contacted. For
example, if a customer normally makes only local network calls but is suddenly
placing calls to foreign countries for hours of airtime, it indicates a possible clone.
Any GSM phone becomes immediately programmed after plugging in the SIM card,
thus allowing GSM phones to be easily rented or borrowed Operators who provide
GSM service are Airtel ,Hutch etc.
CDMA:
Code Division Multiple Access. A method for transmitting simultaneous
signals over a shared portion of the spectrum. There is no Subscriber Identity Module
(SIM) card unlike in GSM .Operators who provides CDMA service in India are
Reliance and Tata Indicom.
The answer is yes. In spite of this, the security functions which prevent
eavesdropping and unauthorized users are emphasized by the mobile phone
companies. The existing mobile communication networks are not safer than the fixed
Telephone networks. They only offer protection against the new forms of abuse
computer.
The cloning of a cell phone allows the holder of the cloned phone to appear to
be calling from the original phone so that any call charges are applied to the owner of
the original phone. Since 1998 the Federal Communication Commission has made
"the use, possession, manufacture or sale of cloning hardware or software" illegal.
Electronic Serial Number: Each phone has an electronic serial number unique
to that specific handset. Use of ESNs allows cellular radio networks to identify
phones. When a phone connects to a network, the network can route calls and data
consistently and reliably to the right device.
Mobile Identifier Number: A mobile identifier number is a phone number. It
works across networks and international calling areas to specifically route calls and
data to a particular phone. Since MINs can be transferred from one network to
another, the MIN has to be identified with the ESN to create the network connection
to the specific phone number.
ESN mean Electronic Serial Number. This number is loaded when the phone
number is manufactured. this number cannot be tampered or changes by the user or
subscriber. If this number is known a mobile can be cloned easily.
After that write the serial number down along with your phone number and
area code. Next on the phone that does not have service do the same exact steps to
get to the secret menu and then go to the serial number clear the number that’s
already in there and input the serial number of the phone that has service. Then you
have to find your code to be able to change your number (For Nokia phones the
secret menu is *3001#12345#, and the number changer is #639#).
Cloning still works under the AMPS/NAMPS system, but has fallen in popularity as
older clone able phones are more difficult to find and newer phones have not been
successfully reverse-engineered.
Cloning has been successfully demonstrated under GSM, but the process is not easy
and it currently remains in the realm of serious hobbyists and researchers.
ADVANTAGES
• If your phone has been lost, you can use your cloned cell phone.
• If your phone got damaged or you forgot it at your home or at any other place.
Cloned phone can be useful.
DISADVANTAGES
• It can be used by terrorists for criminal activities.
FUTURE SCOPE
Resolving subscriber fraud can be a long and difficult process for the victim.
It may take time to discover that subscriber fraud has occurred and an even longer
time to prove that you did not incur the debts. As described in this article there are
many ways to abuse telecommunication system, and to prevent abuse from occurring
it is absolutely necessary to check out the weakness and vulnerability of existing
telecom systems. If it is planned to invest in new telecom equipment, a security plan
should be made and the system tested before being implemented. It is therefore
mandatory to keep in mind that a technique which is described as safe today can be
the most unsecured technique in the future.
CONCLUSION
Presently the cellular phone industry relies on common law (fraud and theft)
and in-house counter measures to address cellular phone fraud. Mobile Cloning
is in initial stages in India so preventive steps should be taken by the network
provider and the Government the enactment of legislation to prosecute crimes related
to cellular phones is not viewed as a priority, however. It is essential that intended
mobile crime legislation be comprehensive enough to incorporate cellular phone
fraud, in particular "cloning fraud" as a specific crime.
Existing cellular systems have a number of potential weaknesses that were
considered. It is crucial that businesses and staff take mobile phone security seriously
.Awareness and a few sensible precautions as part of the overall enterprise security
policy will deter all but the most sophisticated criminal. It is also mandatory to keep
in mind that a technique which is described as safe today can be the most unsecured
technique in the future .Therefore it is absolutely important to check the function of a
security system once a year and if necessary update or replace it. Finally, cell-phones
have to go a long way in security before they can be used in critical applications like
m-commerce.
BIBLIOGRAPHY
5) http://www.timesmangalore.com
6) http://www.cdmasoftware.com/eng.html
7) http://www.victorgsm.com/products/msl
8) http://www.unlocker.ru/
9) http://infotech.indiatimes.com
10) http://wiretap.spies.com