Report on Mobile Cloning
Content
M-Cloning
ABSTRACT
Today's communication market is moving quickly toward the promises of communications, Ecommerce, and content availability at anytime, at anywhere, and on any device.M-commerce (Mobile-Commerce) is an electronic transaction or information interaction in wireless environment using any mobile devices. M-cloning is working as a speed breaker in the growth of M-commerce.M-cloning (Mobile-Cloning) means copying the identity of one mobile phone to another mobile phone. Now a day’s mobile becomes an essential part of our daily routine. Positive use of M-cloning is creating the clone phone which contains the same data and number as in your original phone. But now a day’s total meaning of M-cloning is changed. It is also mandatory to keep in mind that a technique which is safe today can be the most unsecured technique in the future. Finally, maintaining security is mandatory in critical applications like mcommerce.This paper will focus on basics of M-cloning, Different ways and methods of Mcloning,Methods to know cloned phone, MobileSecurity and Future scope of Mobile Security.
INTRODUCTION
M-commerce is an electronic transaction or information interaction in wireless environment using any mobile devices. The main aim behind the growth of M-commerce is "Handle all transaction using handheld device". M-cloning is developed for positive use but now a day Mcloning is use for the purpose of making fraudulent telephone calls. The M-cloner is able to make effectively anonymous calls, which attracts another group of interested users. M-Cloning is one of the burning issues of M-commerce. M-Cloning menans copying the identity of one mobile telephone to another mobile telephone. M-Cloning is the process of taking the programmed information that is stored in a legitimate mobile phone and illegally programming the identical information into another mobile phone. The result is that the "cloned" phone can make and receive calls and the charges for those calls are billed to the legitimate subscriber. The service provider network does not have a way to differentiate between the legitimate phone and the "cloned" phone. The other cell phone becomes the exact replica of the original cell phone like a clone. Though communication channels are equipped with security algorithms, yet cloners get
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 1
M-Cloning away with the help of loop holes in systems. So when one gets huge bills, the chances are that the phone is being cloned. Some of the features of mobile communication make it an alluring target for criminals. Its newness also means intense competition among mobile phone service providers as they are attracting customers. The major thre at to mobile phone is cloning. Mobile phone user is the legitimate owner of that phone. Target telephone is now a clone of the telephone from which the original ESN and MIN numbers or SIM details were obtained.
HISTORY OF M-CLONING
M-cloning started with Motorola "bag" phones. It reached its peak in the mid 90's with a commonly available modification for the Motorola "brick" phones, such as the Classic, the Ultra Classic, and the Model 8000. Now a day it reaches its peak rate in the country like US, China. This is usually done to make fraudulent telephone calls. This had made cloning very popular in areas with large immigrant populations, where the cost to "call home" was very steep. The cloner is also able to make effectively anonymous calls, which attracts another group of interested lawbreakers. Cloning involved modifying or replacing the EPROM in the phone with a new chip which would allow one to configure an ESN via software. This would also have to be changed. On April 13, 1998, the Smartcard Developer Association and the ISAAC security research group announced a flaw in the authentication codes found in digital GSM cell phones. This allows an attacker with physical access to a target phone to make an exact duplicate and to make fraudulent calls billed to the target user's account. GSM industry is taking steps to repair the security weaknesses in the GSM cryptographic algorithms. A patched version of COMP128 is now available and it is called COMP128-2.
DIFFERENT WAYS OF M-CLONING
There are four different ways for M-cloning: (1) GSM (SIM) cloning, (2) CDMA Cloning, (3) Caller ID spoofing, (4) Bluetooth Cloning
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 2
M-Cloning (1)GSM (SIM) cloning: GSM phones use a SIM card that contains user account information. Any GSM phone becomes immediately programmed after plugging in the SIM card. GSM networks which are considered to be impregnable can also be hacked. The process is simple: a SIM card is inserted into a reader. After connecting it to the computer using data cables, the card details were transferred into the PC. Then, using freely available encryption software on the Net, then card details can be encrypted on to a blank smart card.
(2)CDMA Cloning: CDMA is safer then GSM technologies for Mcloning. For cloning CDMA mobile phones ESN ,MEID,MIN is used. Software named Pantagonia is used to clone CDMA phone. (3) Caller ID Spoofing: No. of software's are available in the market which allows us to implement Caller ID Spoofing. One of them is SpoofTel. To use SpoofTel and start spoofing our caller ID, simply sign up and purchase Spoof Minutes. With Spoof Minutes, we can spoof calls. Once we are signed up, we can take advantage of our special caller ID spoofing tools to fake caller ID from anywhere in the world. (4) Bluetooth Cloning: Bluetooth Cloning is a technology in which Mcloning is done through Bluetooth network using different software’s like Bluejacking, Bluebugging, Btscanner. Victim must be in a range of 10 meter for Bluetooth cloning.
METHODS TO DETECT CLONED PHONE
We can detect the cloned mobile phone either from user side or from operator side. Fraud Detection methods to detect cloned phone at User side: Frequent wrong number phone calls to your phone or hang-ups, Difficulty in placing outgoing calls, Difficulty in retrieving voice mail messages, Incoming calls constantly receiving busy signals or wrong numbers,Unusual calls appearing on your phone bills Fraud Detection methods to detect cloned phone operator side: Duplicate Detection, Time overlap pattern, Velocity trap, Radio Frequency Fingerprinting, Usage profiling, Call Counting, Call pattern Analysis.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 3
M-Cloning
SECURE YOUR MOBILE FROM M-CLONING
To secure our mobile from M-cloning we have to take care of following points:
(1) PIN Locking: Some service providers offer their subscribers a free fraud protection feature (FPF) to help protect against unauthorized use of their cell phones. FPF uses a private combination, or personal identification number (PIN). Even if pirates capture the phone's signal, they would not be able to use it without the PIN code. (2) Memory card locking: The SD memory cards have a protective lock-switch at the top left. Sliding the switch into an open position allows the SD memory card to be written to or read. Sliding the switch closed allows reading only. This protects data from
accidental overwrite. We can also lock the memory card using different software available in the market.
(3) Phone locking: A SIM lock, network lock or subsidy lock is a capability built into GSM phones by mobile phone manufacturers. Network providers use this capability to Restrict the use of this phones to specific countries and network providers.
(4) Application locking: Install Application Certification software in y our mobile which
Basically means that you can't install anything onto the phone that doesn't have a valid Security certificate.If anything you want to install then it requires master password.
(5) Remote locking: This is a feature provided by different software available in the Market which, just once you set it up, if you lose your phone you can lock it via
Text message.But before that you have to enable service for it.
(6) Mobile trackers: As advancement in technology we can track our mobile if it is stolen. For this we have to register in a particular website. By this we can do the same task task As CIBER security department can do but for only our mobile.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 4
M-Cloning
CONCLUSION
Existing cellular systems have a number of potential weaknesses that were considered. also mandatory to keep in mind that a technique which is considered as safe today can be the most unsecured technique in the future.Therefore it is absolutely important to check the function of a security system once a year and if necessary update or replace it. Finally, cellphones have to go a long way in security before they can be used in critical applications like mcommerce. It is
REFERENCES
[1] Lowell Charles, Farhad Monodee & Tanya Nurek, The Critical Success Factors For Mobile Commerce,http://www.commerce.uct.ac.za/InformationSystems/Research%26Publications/2007 /Pubs2000/ER02.pdf [2] A research on usage pattern and analysistechnique for communication fraud: SIM cloning and surfing, Computing & Informatics,2006. ICOCI '06. International Conference,by Xerandy", June 2006.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 5
ABSTRACT
Today's communication market is moving quickly toward the promises of communications, Ecommerce, and content availability at anytime, at anywhere, and on any device.M-commerce (Mobile-Commerce) is an electronic transaction or information interaction in wireless environment using any mobile devices. M-cloning is working as a speed breaker in the growth of M-commerce.M-cloning (Mobile-Cloning) means copying the identity of one mobile phone to another mobile phone. Now a day’s mobile becomes an essential part of our daily routine. Positive use of M-cloning is creating the clone phone which contains the same data and number as in your original phone. But now a day’s total meaning of M-cloning is changed. It is also mandatory to keep in mind that a technique which is safe today can be the most unsecured technique in the future. Finally, maintaining security is mandatory in critical applications like mcommerce.This paper will focus on basics of M-cloning, Different ways and methods of Mcloning,Methods to know cloned phone, MobileSecurity and Future scope of Mobile Security.
INTRODUCTION
M-commerce is an electronic transaction or information interaction in wireless environment using any mobile devices. The main aim behind the growth of M-commerce is "Handle all transaction using handheld device". M-cloning is developed for positive use but now a day Mcloning is use for the purpose of making fraudulent telephone calls. The M-cloner is able to make effectively anonymous calls, which attracts another group of interested users. M-Cloning is one of the burning issues of M-commerce. M-Cloning menans copying the identity of one mobile telephone to another mobile telephone. M-Cloning is the process of taking the programmed information that is stored in a legitimate mobile phone and illegally programming the identical information into another mobile phone. The result is that the "cloned" phone can make and receive calls and the charges for those calls are billed to the legitimate subscriber. The service provider network does not have a way to differentiate between the legitimate phone and the "cloned" phone. The other cell phone becomes the exact replica of the original cell phone like a clone. Though communication channels are equipped with security algorithms, yet cloners get
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 1
M-Cloning away with the help of loop holes in systems. So when one gets huge bills, the chances are that the phone is being cloned. Some of the features of mobile communication make it an alluring target for criminals. Its newness also means intense competition among mobile phone service providers as they are attracting customers. The major thre at to mobile phone is cloning. Mobile phone user is the legitimate owner of that phone. Target telephone is now a clone of the telephone from which the original ESN and MIN numbers or SIM details were obtained.
HISTORY OF M-CLONING
M-cloning started with Motorola "bag" phones. It reached its peak in the mid 90's with a commonly available modification for the Motorola "brick" phones, such as the Classic, the Ultra Classic, and the Model 8000. Now a day it reaches its peak rate in the country like US, China. This is usually done to make fraudulent telephone calls. This had made cloning very popular in areas with large immigrant populations, where the cost to "call home" was very steep. The cloner is also able to make effectively anonymous calls, which attracts another group of interested lawbreakers. Cloning involved modifying or replacing the EPROM in the phone with a new chip which would allow one to configure an ESN via software. This would also have to be changed. On April 13, 1998, the Smartcard Developer Association and the ISAAC security research group announced a flaw in the authentication codes found in digital GSM cell phones. This allows an attacker with physical access to a target phone to make an exact duplicate and to make fraudulent calls billed to the target user's account. GSM industry is taking steps to repair the security weaknesses in the GSM cryptographic algorithms. A patched version of COMP128 is now available and it is called COMP128-2.
DIFFERENT WAYS OF M-CLONING
There are four different ways for M-cloning: (1) GSM (SIM) cloning, (2) CDMA Cloning, (3) Caller ID spoofing, (4) Bluetooth Cloning
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 2
M-Cloning (1)GSM (SIM) cloning: GSM phones use a SIM card that contains user account information. Any GSM phone becomes immediately programmed after plugging in the SIM card. GSM networks which are considered to be impregnable can also be hacked. The process is simple: a SIM card is inserted into a reader. After connecting it to the computer using data cables, the card details were transferred into the PC. Then, using freely available encryption software on the Net, then card details can be encrypted on to a blank smart card.
(2)CDMA Cloning: CDMA is safer then GSM technologies for Mcloning. For cloning CDMA mobile phones ESN ,MEID,MIN is used. Software named Pantagonia is used to clone CDMA phone. (3) Caller ID Spoofing: No. of software's are available in the market which allows us to implement Caller ID Spoofing. One of them is SpoofTel. To use SpoofTel and start spoofing our caller ID, simply sign up and purchase Spoof Minutes. With Spoof Minutes, we can spoof calls. Once we are signed up, we can take advantage of our special caller ID spoofing tools to fake caller ID from anywhere in the world. (4) Bluetooth Cloning: Bluetooth Cloning is a technology in which Mcloning is done through Bluetooth network using different software’s like Bluejacking, Bluebugging, Btscanner. Victim must be in a range of 10 meter for Bluetooth cloning.
METHODS TO DETECT CLONED PHONE
We can detect the cloned mobile phone either from user side or from operator side. Fraud Detection methods to detect cloned phone at User side: Frequent wrong number phone calls to your phone or hang-ups, Difficulty in placing outgoing calls, Difficulty in retrieving voice mail messages, Incoming calls constantly receiving busy signals or wrong numbers,Unusual calls appearing on your phone bills Fraud Detection methods to detect cloned phone operator side: Duplicate Detection, Time overlap pattern, Velocity trap, Radio Frequency Fingerprinting, Usage profiling, Call Counting, Call pattern Analysis.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 3
M-Cloning
SECURE YOUR MOBILE FROM M-CLONING
To secure our mobile from M-cloning we have to take care of following points:
(1) PIN Locking: Some service providers offer their subscribers a free fraud protection feature (FPF) to help protect against unauthorized use of their cell phones. FPF uses a private combination, or personal identification number (PIN). Even if pirates capture the phone's signal, they would not be able to use it without the PIN code. (2) Memory card locking: The SD memory cards have a protective lock-switch at the top left. Sliding the switch into an open position allows the SD memory card to be written to or read. Sliding the switch closed allows reading only. This protects data from
accidental overwrite. We can also lock the memory card using different software available in the market.
(3) Phone locking: A SIM lock, network lock or subsidy lock is a capability built into GSM phones by mobile phone manufacturers. Network providers use this capability to Restrict the use of this phones to specific countries and network providers.
(4) Application locking: Install Application Certification software in y our mobile which
Basically means that you can't install anything onto the phone that doesn't have a valid Security certificate.If anything you want to install then it requires master password.
(5) Remote locking: This is a feature provided by different software available in the Market which, just once you set it up, if you lose your phone you can lock it via
Text message.But before that you have to enable service for it.
(6) Mobile trackers: As advancement in technology we can track our mobile if it is stolen. For this we have to register in a particular website. By this we can do the same task task As CIBER security department can do but for only our mobile.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 4
M-Cloning
CONCLUSION
Existing cellular systems have a number of potential weaknesses that were considered. also mandatory to keep in mind that a technique which is considered as safe today can be the most unsecured technique in the future.Therefore it is absolutely important to check the function of a security system once a year and if necessary update or replace it. Finally, cellphones have to go a long way in security before they can be used in critical applications like mcommerce. It is
REFERENCES
[1] Lowell Charles, Farhad Monodee & Tanya Nurek, The Critical Success Factors For Mobile Commerce,http://www.commerce.uct.ac.za/InformationSystems/Research%26Publications/2007 /Pubs2000/ER02.pdf [2] A research on usage pattern and analysistechnique for communication fraud: SIM cloning and surfing, Computing & Informatics,2006. ICOCI '06. International Conference,by Xerandy", June 2006.
Aesha Parikh(10dit004),IT,IDS Nirma University
Page 5
