Professional Documents
Culture Documents
Mobile Phone Cloning Documentation
Mobile Phone Cloning Documentation
I have made this report file on READER AND WRITER EXPO RAWX. I have tried my best to include
all the relevant detail to the topic to be included in the report. While in the beginning I have tried to
give a general view about this topic.
My efforts and wholehearted co-corporation of each and everyone has ended on a successful note. I
express my sincere gratitude to Mrs. Jaimini Patel who
assisting me throughout the preparation of this topic. I thank her for providing me the reinforcement,
confidence and most importantly the track for the topic whenever I needed it.
ACKNOWLEDGEMENT
I would like to thank respected Ms Jaimini Patel. for giving me such a wonderful opportunity to expand
my knowledge for my own branch and giving me guidelines to present a seminar report. It helped me a
lot to realize of what we study for.
Secondly, I would like to thank my parents who patiently helped me as I went through my work and
helped to modify and eliminate some of the irrelevant or un-necessary stuffs.
Thirdly, I would like to thank my friends who helped me to make my work more organized and well-
stacked till the end.
Next, I would thank Microsoft for developing such a wonderful tool like MS Word. It helped my work
a lot to remain error-free.
Last but clearly not the least; I would thank The Almighty for giving me strength to complete my report
on time.
ABSTRACT
Mobile communication has been readily available for several years, and is major business
today. It provides a valuable service to its users who are willing to pay a considerable
premium over a fixed line phone, to be able to walk and talk freely. Because of its usefulness
and the money involved in the business, it is subject to fraud. Unfortunately, the advance of
security standards has not kept pace with the dissemination of mobile communication.
Some of the features of mobile communication make it an alluring target for criminals. It is a
relatively new invention, so not all people are quite familiar with its possibilities, in good or
in bad. Its newness also means intense competition among mobile phone service providers as
they are attracting customers. The major threat to mobile phone is from cloning.
Cell phone cloning is a technique wherein security data from one cell phone is transferred
into another phone. The other cell phone becomes the exact replica of the original cell phone
like a clone. As a result, while calls can be made from both phones, only the original is
billed. Though communication channels are equipped with security algorithms, yet cloners
get away with the help of loop holes in systems. So when one gets huge bills, the chances are
that the phone is being cloned.
This paper describes about the cell phone cloning with implementation in GSM and CDMA
technology phones. It gives an insight into the security mechanism in CDMA and GSM
phones along with the loop holes in the systems and discusses on the different ways of
preventing this cloning. Moreover, the future threat of this fraud is being elaborated
CONTENTS
Cloning is the creation of an organism that is an exact genetic copy of another. This means
that every single bit of DNA is the same between the two!
Remember Dolly the lamb, cloned from a six-year-old ewe in 1997, by a group of
researchers at the Roslin Institute in Scotland? While the debate on the ethics of cloning
continues, human race, for the first time, are faced with a more tangible and harmful
version of cloning and this time it is your cell phone that is the target.
Millions of cell phones users, be it GSM or CDMA, run at risk of having their phones cloned.
As a cell phone user if you have been receiving exorbitantly high bills for calls that were
never placed, chances are that your cell phone could be cloned. Unfortunately, there is no
way the subscriber can detect cloning. Events like call dropping or anomalies in monthly
bills can act as tickers.
According to media reports, recently the Delhi (India) police arrested a person with 20 cell-
phones, a laptop, a SIM scanner, and a writer. The accused was running an exchange
illegally wherein he cloned CDMA based cell phones. He used software named Patagonia for
the cloning and provided cheap international calls to Indian immigrants in West Asia.
Cell phones send radio frequency transmissions through the air on two distinct channels, one
for voice communications and the other for control signals. When a cellular phone makes a call,
it normally transmits its Electronic Security Number (ESN), Mobile Identification Number (MIN),
its Station Class Mark (SCM) and the number called in a short burst of data. This burst is the
short buzz you hear after you press the SEND button and before the tower catches the data.
These four things are the components the cellular provider uses to ensure that the phone is
programmed to be billed and that it also has the identity of both the customer and the phone.
MIN and ESN is collectively known as the ‘Pair’ which is used for the cell phone identification.
When the cell site receives the pair signal, it determines if the requester is a legitimate
registered user by comparing the requestor's pair to a cellular subscriber list. Once the cellular
telephone's pair has been recognized, the cell site emits a control signal to permit the
subscriber to place calls at will. This process, known as Anonymous Registration, is carried out
each time the telephone is turned on or picked up by a new cell site.
ESN - The ESN (Electronic Serial Number) is the serial number of your cellular
telephone.The ESN is transmitted to the cell site and used in conjuction with the NAM to
verify that you are a legitimate user of the cellular system.
Cell phone cloning is copying the identity of one mobile telephone to another mobile
telephone.
Usually this is done for the purpose of making fraudulent telephone calls. The bills for the
calls go to the legitimate subscriber. The cloner is also able to make effectively
anonymous calls, which attracts another group of interested users.
Cloning is the process of taking the programmed information that is stored in a legitimate
mobile phone and illegally programming the identical information into another mobile
phone. The result is that the "cloned" phone can make and receive calls and the charges
for those calls are billed to the legitimate subscriber. The service provider network does
not have a way to differentiate between the legitimate phone and the "cloned" phone.
Cloning of mobile phones is the act of copying the subscriber information from one phone
onto the other for purposes of obtaining free calls. The other cell phone becomes the exact
replica of the original cell phone like a clone. As a result, while calls can be made from both
phones, only the original is billed.
Cloning occurs most frequently in areas of high cell phone usage -- valet parking lots,
airports, shopping malls, concert halls, sports stadiums, and high-congestion traffic areas in
metropolitan cities.
Cell phone cloning started with Motorola "bag" phones and reached its peak in the mid
90's with a commonly available modification for the Motorola "brick" phones, such as the
Classic, the Ultra Classic, and the Model 8000.
GSM
CDMS
Both GSM and CDMA handsets are prone to cloning. Technically, it is easier to
clone a CDMA handset over a GSM one, though cloning a GSM cell phone is not
impossible. There are also Internet sites that provide information on how one
could go about hacking into cell-phones.
The answer is yes. In spite of this, the security functions which prevent
eavesdropping and unauthorized user are emphasized by the mobile phone
companies. The existing mobile communication networks are not safer than the
fixed Telephone networks. They only offer protection against the new forms of
abuse.
Cloning still works under the AMPS/NAMPS system, but has fallen in popularity as
older clone able phones are more difficult to find and newer phones have not been
successfully reverse-engineered.
Cloning has been successfully demonstrated under GSM, but the process is not easy
and it currently remains in the realm of serious hobbyists and researchers.
When placing a call, the phone transmits both the ESN and the MIN to the network.
These were, however, sent in the clear, so anyone with a suitable scanner could receive
them. The eavesdropped codes would then be programmed into another phone,
effectively cloning the original subscription. Any calls made on this cloned phone would
be charged on the original customer. See figure2.
WHAT IS PATAGONIA?
10
6. METHODS TO DETECT CLONED PHONES ON NETWORK
Several countermeasures were taken with varying success. Here are various methods to
detect cloned phones on the network:
Duplicate detection
The network sees the same phone in several places at the same time. Reactions
include shutting them all off so that the real customer will contact the operator
because he lost the service he is paying for, or tearing down connections so that
the clone users will switch to another clone but the real user will contact the
operator.
Velocity trap
RF (Radio Frequency)
Usage profiling.
Profiles of customers' phone usage are kept, and when discrepancies are
noticed, the customer is contacted. Credit card companies use the same method.
For example, if a customer normally makes only local network calls but is
suddenly placing calls to foreign countries for hours of airtime, it indicates a
possible clone.
Call counting
Both the phone and the network keep track of calls made with the phone, and
should they differ more than the usually allowed one call, service is denied.
11
PIN codes
Prior to placing a call, the caller unlocks the phone by entering a PIN code and
then calls as usual. After the call has been completed, the user locks the phone
by entering the PIN code again. Operators may share PIN information to enable
safer roaming.
Figure 3.Duplicate Detection
7. ARE OUR CELL PHONES SECURED?
Too many users treat their mobile phones as gadgets rather than as business assets
covered by corporate security policy. Did you realize there's a lucrative black market in
stolen and "cloned" Sim cards? This is possible because Sims are not network specific
and, though tamper-proof, their security is flawed. In fact, a Sim can be cloned many
times and the resulting cards used in numerous phones, each feeding illegally off the
same bill.
But there are locking mechanisms on the cellular phones that require a PIN to access the
phone. This would dissuade some attackers, foil others, but might not work against a
well financed and equipped attacker. An 8-digit PIN requires approximately 50,000,000
guesses, but there may be ways for sophisticated attackers to bypass it.
With the shift to GSM digital - which now covers almost the entire UK mobile sector -
the phone companies assure us that the bad old days are over. Mobile phones, they say,
are secure and privacy friendly.
This is not entirely true. While the amateur scanner menace has been largely
exterminated, there is now more potential than ever before for privacy invasion.
The alleged security of GSM relies on the myth that encryption - the mathematical
scrambling of our conversations - makes it impossible for anyone to intercept and
understand our words. And while this claim looks good on paper, it does not stand up to
scrutiny.
The reality is that the encryption has deliberately been made insecure. Many encrypted
calls can therefore be intercepted and decrypted with a laptop computer.
8. HOW TO KNOW THAT THE CELL HAS BEEN CLONED?
Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls
appearing on your phone bills
9. ROLE OF SERVICE PROVIDER TO COMBAT CLONING FRAUD?
They are using many methods such as RF Fingerprinting, subscriber behavior profiling,
and Authentication. RF Fingerprinting is a method to uniquely identify mobile phones
based on certain unique radio frequency transmission characteristics that are essentially
"fingerprints" of the radio being used. Subscriber behavior profiling is used to predict
possible fraudulent use of mobile service based on the types of calls previously made by
the subscriber.
Calls that are not typical of the subscriber's past usage are flagged as potentially
fraudulent and appropriate actions can be taken.
Authentication has advantages over these technologies in that it is the only industry
standardized procedure that is transparent to the user, a technology that can effectively
combat roamer fraud, and is a prevention system as opposed to a detection system.
10. HOW TO PREVENT CELL CLONING?
Uniquely identifies a mobile unit within a wireless carrier's network. The MIN
often can be dialed from other wireless or wire line networks. The number
differs from the electronic serial number (ESN), which is the unit number
assigned by a phone manufacturer. MINs and ESNs can be checked electronically
to help prevent fraud.
Always set a Pin that's required before the phone can be used.
Check that all mobile devices are covered by a corporate security policy.
Ensure one person is responsible for keeping tabs on who has what equipment
and that they update the central register. How do service providers handle
reports of cloned phones?
Legitimate subscribers who have their phones cloned will receive bills with
charges for calls they didn't make. Sometimes these charges amount to several
thousands of dollars in addition to the legitimate charges.
Typically, the service provider will assume the cost of those additional fraudulent
calls. However, to keep the cloned phone from continuing to receive service, the
service provider will terminate the legitimate phone subscription. The subscriber
is then required to activate a new subscription with a different phone number
requiring reprogramming of the phone, along with the additional headaches that
go along with phone number changes.
11. SOME FACTS AND FIGURES
Southwestern Bell claims wireless fraud costs the industry $650 million each year in
the US. Some federal agents in the US have called phone cloning an especially
`popular' crime because it is hard to trace. In one case, more than 1,500 telephone
calls were placed in a single day by cellular phone thieves using the number of a
single unsuspecting owner.
A Home Office report in 2002 revealed that in London around 3,000 mobile phones
were stolen in one month alone which were used for cell phone cloning.
Authorities, in the case, estimated the loss at $3,000 to $4,000 for each number
used in cell phone cloning.
Qualcomm, which develops CDMA technology globally, says each instance of mobile
hacking is different and therefore there is very little an operator can do to prevent
hacking. "It's like a virus hitting the computer. The software which is used to hack
into the network is different, so operators can only keep upgrading their security
firewall as and when the hackers strike," says a Qualcomm executive.
12. FUTURE THREATS
Resolving subscriber fraud can be a long and difficult process for the victim. It
may take time to discover that subscriber fraud has occurred and an even longer
time to prove that you did not incur the debts. As described in this article there
are many ways to abuse telecommunication system, and to prevent abuse from
occurring it is absolutely necessary to check out the weakness and vulnerability
of existing telecom systems. If it is planned to invest in new telecom equipment,
a security plan should be made and the system tested before being
implemented. It is therefore mandatory to keep in mind that a technique which
is described as safe today can be the most unsecured technique in the future.
13. CONCLUSION
Presently the cellular phone industry relies on common law (fraud and theft) and
in-house counter measures to address cellular phone fraud.
20
14. References
Websites
http://www.cdmasoftware.com/eng.html
http://www.victorgsm.com/products/msl/
http://www.unlocker.ru/cdma_soft.php
http://www.cxotoday.com
http://infotech.indiatimes.coM
http://www.hackinthebox.org/
http://www.google.com
http://www.wikipedia.com
21