Guided By: Prof.

Ajay Upadhyaya

Prepared By : Aesha Parikh (10dit004)

Outline
Introduction

Different ways of M-Cloning

M-cloning Procedure Methods to detect cloned phones

Secure your Mobile

Technical Recommendation for mobile security Conclusion

Introduction
M-Cloning

is one of the burning issue of M-commerce. M-Cloning is copying the identity of one mobile telephone to another mobile telephone. Main thought behind the evolution of M-cloning is to create the clone phone which contains the same data and number as in your original phone. But now a days M-cloning is used for the purpose of making fraudulent telephone calls. The bills for the calls go to the phone subscriber.

Different ways of M-Cloning

GSM Cloning
CDMA Cloning Caller ID spoofing Cloning using Bluetooth

GSM Cloning
To do the GSM Cloning handling with SIM card is

required. For GSM cloning we have to create copy of SIM card. Data from the original SIM card will fetch and insert the same data in new SIM card as in original card using different software are available in the market. Software :
SIM Manager Pro

ChipIt
SimScan Cardinal Sim Emu
5

Software for GSM cloning

Requirements to run the software

Personal computer with an available port (ex. COM,

USB) for the smart card reader A PC/SC compliant smart-card reader Smart card reader driver

M-cloning Procedure
Let see the procedure for M- cloning step by step:
Step 1: Few things which we need before we start. First we

will need to buy a SIM card reader, a card programmer, empty silver pic 2 card, and one 9 pin male to female extension cable. Step 2: We will also need some software for this trick. First we will need a SIM card editor. We can use software here cardinal and Sim Emu. Step 3: Plug SIM Reader into com port. Then run Cardinal and then click where it says "Click Here" and then click Settings.

M-cloning Procedure (cont..)

Step 4: Then select your com/serial port and the baud

rate. Then left click where it says "Click Here", go to smartcard, and click SIM editor. Step 5: The program will from there start up, and you will go to SIM, then SIM Info, and click the load button. After doing this you will see the IMSI code, take note of this code as you will need it. Step 6: Now close the SIM Info and go to Security/Find key KI. When this window opens just click Start and wait. It will take approximately 4 hours to find the key. Once it is found take note of this KI and exit. Now we have the IMSI and KI noted, if so lets continue with the next step.
9

M-cloning Procedure (cont..)

Step 7: Now take your sim card. Within the unzipped

file within you will find two files. SEE50s.hex and SEF50sEN.hex. Step 8: Now connect your programmer to a com port and go to the setup menu on your CardMaster program and choose the appropriate com port. You should then see a yellow rectangle at the bottom of the program that says that there is no card. Step 9: Now insert your smartcard into the programmer, and the rectangle should change to green and you will see "Card ready". Now go to where it says "Card type:" and select "Silvercard".
10

M-cloning Procedure (cont..)

Step 10: Now go to the "File to Pic:" field and upload

SEF50sEN.hex and SEE50s.hex. Step 11: Now go to Edit and click "Auto Program". Step 12: Now insert the newly sim card into the phone. If it asks for a pin just punch in 111. Then from the main menu open up "Sim-Emu". Step 13: Now from this menu go to Set Phone #(Insert phone information here), then GSM #1 (or any slot), then Configure, Edit #. edit GSM #X to any name, and then press ok. 11

M-cloning Procedure (cont..)

Step 14: Now go to Config.Pos and it will ask for PIN2,

which will be 1234. It will then ask you what position you want the card to be, choose Position 1. It will then ask you for the IMSI, which you will punch in the IMSI you got from Cardinal. It will then ask you for the KI, which again you punch in the KI you got from Cardinal. Step 15: Then it will then ask you to enter your PUK which can be anything up to 8 digits. Then it will ask you to enter your PIN which can be anything up to 4 digits.
12

M-cloning Procedure (cont..)

Step 16:Now we have cloned SIM card ready for use. Step 17: After the cloning M-cloner can
Monitor the clone phone data Fetch the information stored on cloned phone.

Use the owner number and do the fraud call and huge

amount of call/messages.

13

M-cloning Procedure (cont..)

14

M-cloning Procedure (cont..)

15

16

CDMA Cloning
To do the CDMA cloning we have to change pair of

ESN/MIN. ESN/MIN pairs were discovered in several ways:

Sniffing the cellular network Trashing cellular companies or cellular resellers

Hacking cellular companies or cellular resellers

Software used for CDMA cloning Patagonia In CDMA instead of SIM card RUMI (Re-Usable Identification Module) card is used. Which provides the interchangeably facility in CDMA mobile.
17

Caller ID Spoofing
No of softwares are available in the market which allows

us Caller ID Spoofing. One of them is SpoofTel. It offers us the ability to spoof caller ID and SMS messages. We can change what someone sees on their call display when they receive a phone call to anything we like.

18

Cloning using Bluetooth

Bluejacking Bluebugging Btscanner

19

Methods to detect cloned phone

User Side Frequent wrong number phone calls to your phone, or hang-ups. Difficulty in placing outgoing calls. Difficulty in retrieving voice mail messages. Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls appearing on your phone bills

20

Methods to detect cloned phone(cont..)

Operator Side Duplicate Detection Time overlap pattern Velocity trap Radio Frequency Fingerprinting Usage profiling Call Counting Call pattern Analysis

21

Secure your Mobile

PIN Locking

Memory card locking

Phone locking Application locking

Remote locking
Mobile trackers

22

Technical Recommendation for mobile security

Network Authentication
Additional Encryption Password/Fingerprint Sensor Protection against Viruses/Spyware: Regular Tests by Operators

23

Conclusion
The most effective way to improve the privacy of mobile

phone users is to increase the awareness among mobile phone users with the various threats that can compromise their privacy. Existing cellular systems have a number of potential weaknesses that were considered. Finally, cell-phones have to go a long way in security before they can be used in critical applications like mcommerce. However, much more steps and efforts are needed from all people involved in this business including mobile phone operators, mobile phone users, federal and provincial governmental institutes, media, and academia. 24

References
http://mcom.cs.cmu.edu/ http://www.ussc.gov/publicat/cloning.pdf http://www.isaac.cs.berkeley.edu/isaac/gsm-faq.html http://www.wisegeek.com http://www.gsm-security.net/faq/imei-international-mobile-equipment-

identity-gsm.shtml http://www.mcks.gov.tr/en/HaberDetay.php?Key=32 http://www.gsm-security.net/faq/imsi-international-mobile-subscriberidentity-number-gsm.shtml http://www.mpirical.com/companion/Generic/LAIIdentity.htm

25

26