During November 2008, the Indian police by a strange co-incidence stumbled upon the technology of SIM card cloning while investigating the Assam blasts. Since the SIM cloning is an illegal activity, the police in their defence said that they had no expertise in the area and SIM card cloning was a "technological surprise".
However, in other parts of the world, SIM cloning has been a major part of research since GSM mobiles claimed the markets. Phone cloning is, basically, a transfer of identity between two mobile phones. It involves placing a chip in the target mobile and allowing the electronic serial number (ESN) to be altered. ESN is the information used by the telecom operators to find if a person is the legitimate user of a particular SIM card. Mobile Identification Number (MIN) alteration together with changing ESN makes it easier to make fraudulent mobile calls as the information can be utilised to make the target mobile, a clone of the legitimate mobile. Cracking a telecom company or even eaves dropping in a cellular network can be used to obtain the ESN or MIN. All one needs to carry out the operation is a SIM card reader, a blank silver wafer card or smartcard, software to extract authentication keys etc, Wafer card programmers and some software to write PIC and EEPROM files to the blank card.
Cloning has been quite successful in CDMA phones as compared to GSM phones since GSM phones have IMEI number instead of ESN or MIN. However, version 1 GSM phones, which are the older handsets can easily be hacked and cloned since their security is questionable. Though SIM cloning has generated much public interest, its effectiveness has a limited scope. The radio fingerprint of every mobile phone remains unique to any mobile phone despite other changes, which makes it very easy for any cellular operator to catch the cloned phones. The successful duplication of SIM card depends on the user's ability to extract the IMSI numbers and authentication key (Ki) in case of GSM mobiles. While IMSI is easy to identify, the Ki is far more difficult to find especially for novice hackers. However, software is available in the market, which makes the decryption a cake walk. Besides, understanding the security risk cloning can pose, more stringent security measures has been made available like embedding security operations in the SIM itself, which makes this operation a difficult task.
SIM cloning might feel like an attractive option for individuals who would like to use two mobiles with a single number. But in case of emergencies, Law enforcement agencies may find it difficult to reach distressed parties since cloning compromises with the GSM location based services. And then, there is always a possibility of the SIM getting into wrong hands. However, the chances of being able to clone the modern SIM is nearly impossible since version two and three that uses alphanumeric and symbols are being used for encryption.
So the next time you feel that your mobile bills are a tad high, relax. If the trend does not continue, it is probably just you!
About the author: Nisha Meledath is a Contributing Editor for TradeBriefs. She can be reached at firstname.lastname@example.org