Upload
ankur-kumar
View
854
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Copying the identity of one phone or SIM to another phone or SIM is known as sim or mobile phone cloning. The bill for usage goes to legitimate subscriber.
Citation preview
MOBILE & SIM CARD CLONING
MOBILE & SIM CLONING
Warning.
2
These slide is only for education purpose.No SIM card or Mobile phone is cloned .My purpose is to draw attention towards
security vulnerabilities in GSM and mobile communication.
MOBILE & SIM CLONING
Contents1. Introduction2. What is phone or SIM cloning?3. What is the Purpose of cloning?4. Requirements for cloning5. How cell phone cloning is done?6. Mobile station7. Base Transceiver station8. GSM authentication9. COMP 128 and A510. Process of SIM cloning11. Man in the middle attack12. How to know your phone or SIM is cloned?13. Preventive measures14. What can be done by cloned SIM or phone? 15. References3
MOBILE & SIM CLONING
1. INTRODUCTIONNearly 1 billion telecom subscriber
worldwide.Estimated that worldwide mobile phone
fraud will reach $40 billion dollars soon.US Law enforcement agents have found
that 80% of drug dealers arrested in US using cloned mobile phones.
Pablo Escobar the top Columbian drug dealer was tracked down by monitoring his mobile phone activity.
4
MOBILE & SIM CLONING
2. What is cell phone or SIM cloning?
Copying the identity of one phone or SIM to another phone or SIM.
The bill for usage goes to legitimate
subscriber.
5
MOBILE & SIM CLONING
3. What is the Purpose of cloning?Making fraudulent phone callsGetting owner messages. Using internet on owners bill Using phone to commit a crime.Getting personal information of owner.Listening owner calls.To tease anybody etc.
6
MOBILE & SIM CLONING
4. Requirements for phone cloning?ESN ( Electronic Serial Number):
Unique number Loaded when phone is manufactured.
Cannot be changed or tempered.MIN ( Mobile Identification number)
Every subscriber provides a MIN to its user.It is a unique number.
ESN/MIN pairs can be discovered in several ways:Sniffing the cellular phone ( need physical access
to phone)Hacking cellular company database
7
MOBILE & SIM CLONING
5. How cell cloning is done?Cloning involves modifying or replacing the
EPROM in the phone with a new chip which would allow you to configure an ESN ( Electronic serial number) via a software (eg. PATAGONIA).
Then you would also have to change MIN (Mobile identification number) by the same software.
When we had successfully changed the ESN/MIN pair, your phone is an effective clone of other phone.[2]
8
MOBILE & SIM CLONING
6. MOBILE STATION
Consist of Mobile Equipment and SIM.
Mobile equipment has
IMEI – International Mobile Equipment Identity
9
MOBILE & SIM CLONING
SIM(Subscriber Identity module)
SIM provides details printed on the surface :Name of the Network ProviderUnique ID Number
Personal Identification Number (PIN)4 digit code set at point of
manufacture that can be changed by the Subscriber.
Usually 3 attempts before SIM is blocked
Pin Unblocking Key (PUK)8 digit code set by manufacturerMaximum 10 attempts before SIM
is permanently blocked
10
MOBILE & SIM CLONING
KI (Subscriber identification key) Size is 128 bits (16 bytes) loaded in SIM hardware can not be
changed (read only).Goal
Authenticate subscriber to networkCreate a session key
IMSI (International mobile subscriber identity)Unique for every subscriber. [3]
11
SIM Contd…
MOBILE & SIM CLONING
7. Base Transceiver Station (BTS)
The network element which handles the radio interface to the mobile station. The BTS is the radio equipment (transceivers and antennas) needed to service each cell in the network.
12
MOBILE & SIM CLONING
8. GSM authentication
13
MOBILE & SIM CLONING
GSM authentication Contd…..
The base station sends a 16 byte random number say RAND.
The SIM card get this RAND and uses the KI(secret number) to feed to A3A8 (COMP-128) whose output is a 12 byte long number say OUTPUT.
OUTPUT is split into two parts , upper 4 bytes is called as SRES(authentication key) and lower 8 byte as Kc (encryption key).
SRES is send to Base Transceiver Station as Authentication response. Where the operator uses the same algorithm because he knows our KI and match the SRES then we are authenticated.
The Kc is sent to Mobile which is used as encryption key for A5 algorithm.[1]
14
MOBILE & SIM CLONING
9. COMP – 128 and A5 algorithmsCOMP 128 algorithm is used to generate the Encryption key (Kc) and Authentication key (SRES).
There are three versions of COMP algorithmsIn V1 last and second last byte of Kc is 0x00. In V2 last byte of Kc is 0x00. In V3 bytes may be anything between 0x00 to
0xFF which is the most secured one.
A5 algorithm is used to encrypt the voice over-the-air communication.[1]
15
MOBILE & SIM CLONING
10. SIM Cloning Process Things required : Blank SIM card ,SIM Card Reader and a software
to generate the content for blank SIM. (Can be bought from www.ebay.in ,www.alibaba.com etc.)
Step 1: Remove the SIM from your phone, place it in the SIM card reader.
Step 2 :Read the KI code and IMSI
Read SIM card for KI and IMSI using software Once KI and IMSI is found ,save your cracked SIM
information to a .dat file.
16
MOBILE & SIM CLONING
SIM Cloning Process contd……..
Disadvantage:Need physical access to the SIM card for at least
30 minutes.
Step 3: Writing to blank card Put the blank card in the reader.
Select write to SIM. Select .dat file you saved before. It will take about 10 minutes to
write it.your card is cloned. If you try to make 2 calls at the same time, one will go through, the other will say call failed, and both phones will get the same messages, text and voice, and both will receive the same calls, but only one can talk at a time. [4]
17
MOBILE & SIM CLONING
11. MAN IN THE MIDDLE attack In GSM only subscriber is authenticated with the
network but there is no way by which a network can be authenticated. Anybody can not get whether the network is reliable or not.
It is possible for the network to order the MS to switch on and off encryption at times of high loading.
This signal can be spoofed using a man-in-the-middle attack.
18
MOBILE & SIM CLONING
Operator BTSLegitimate Subscriber Man-in-the-middle
1. Attempt to register using encryption
3. Authenticates
Spoofing BTS
Spoofing MS
2. Passes on the registration request
4. Passes on authentication
5. Dials a number
6. Requests MS switch off encryption 7. Encrypts then passes on the call request
8. Call proceeds wit MIM eavesdropping
19
MOBILE & SIM CLONING
12. How to know your phone or SIM is cloned?Frequent wrong number phone calls to your
phone.Difficulty in placing outgoing calls.Difficulty in retrieving voice mail messages.Incoming call constantly receiving busy
signals.Increased bill amount.
20
MOBILE & SIM CLONING
13. Preventive measuresAlways set a PIN in the SIM card.
Always set up security code in the phone.
Switch to 3G SIM card which are more secured then 2G.
21
MOBILE & SIM CLONING
15. ReferencesResearch papers[1] Security in the GSM network Marcin
Olawski[2] CDG Document 138 Version 0.34 CDMA Development Group, 575 Anton Boulevard, Suite
560 Costa Mesa, California 92626 [3] Design of a Routing Mechanism to Provide Multiple
Mobile Network Service on a Single SIM Card Boobalan. P, Krishna. P, Udhayakumar. P, Santhosh. A
Websites[4]
http://www.hackingprojects.net/2013/04/secrets-of-sim.html
[5] http://www.wikipedia.com22
MOBILE & SIM CLONING
THANK YOU
(Follow me for more
updates.)
23