Professional Documents
Culture Documents
A Seminar Report
Submitted by B.LAKSHMI PRIYA 11121A0514 In partial fulfillment for the award of the degree of
BACHELOR OF TECHNOLOGY
In
CERTIFICATE
This is to certify that the Seminar Report on MOBILE PHONE CLONING is the bonafide work done by
in the Department of Computer Science and Engineering, Sree Vidyanikethan Engineering College (Autonomous), A.Rangampet, in partial fulfillment of the requirements for the award of Bachelor of Technology in Computer Science and Engineering during 2013-2014.
This work has been carried out under my guidance and supervision.
ABSTRACT
Mobile communication has been readily available for several years, and is major business today. It provides a valuable service to its users who are willing to pay a considerable premium over a fixed line phone, to be able to walk and talk freely. Because of its usefulness and the money involved in the business, it is subject to fraud. Unfortunately, the advance of security standards has not kept pace with the dissemination of mobile communication. Some of the features of mobile communication make it an alluring target for criminals. It is a relatively new invention, so not all people are quite familiar with its possibilities, in good or in bad. Its newness also means intense competition among mobile phone service providers as they are attracting customers. The major threat to mobile phone is from cloning. Cell phone cloning is a technique wherein security data from one cell phone is transferred into another phone. The other cell phone becomes the exact replica of the original cell phone like a clone. As a result, while calls can be made from both phones, only the original is billed. Though communication channels are equipped with security algorithms, yet cloners get away with the help of loop holes in systems. So when one gets huge bills, the chances are that the phone is being cloned. This paper describes about the cell phone cloning with implementation in GSM and CDMA technology phones. It gives an insight into the security mechanism in CDMA and GSM phones along with the loop holes in the systems and discusses on the different ways of preventing this cloning. Moreover, the future threat of this fraud is being elaborated
CONTENTS
S.NO.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. INTRODUCTION
CHAPTER
PAGE NO.
HOW CELL PHONE WORKS? WHAT IS CELL PHONE CLONING? WHEN DID CELL CLONING START? HOW IS CELL CLONING DONE? METHODS TO DETECT CLONED PHONE ON NETWORK ARE OUR CELL PHONES SECURED? HOW TO KNOW THAT THE CELL HAS BEEN CLONED? ROLE OF SERVICE PROVIDERS TO COMBAT CLONING FRAUD? HOW TO PREVENT CELL CLONI\NG? SOME FACTS AND FIGURES FUTURE THREATS CONCLUSION REFERENCES
CHAPTER-1
INTRODUCTION
Cloning is the creation of an organism that is an exact genetic copy of another. This means that every single bit of DNA is the same between the two! Remember Dolly the lamb, cloned from a six-year-old ewe in 1997, by a group of researchers at the Roslin Institute in Scotland? While the debate on the ethics of cloning continues, human race, for the first time, are faced with a more tangible and harmful version of cloning and this time it is your cell phone that is the target. Millions of cell phones users, be it GSM or CDMA, run at risk of having their phones cloned. As a cell phone user if you have been receiving exorbitantly high bills for calls that were never placed, chances are that your cell phone could be cloned. Unfortunately, there is no way the subscriber can detect cloning. Events like call dropping or anomalies in monthly bills can act as tickers. According to media reports, recently the Delhi (India) police arrested a person with 20 cellphones, a laptop, a SIM scanner, and a writer. The accused was running an exchange illegally wherein he cloned CDMA based cell phones. He used software named Patagonia for the cloning and provided cheap international calls to Indian immigrants in West Asia.
CHAPTER-2
ESN
- The ESN (Electronic Serial Number) is the serial number of your cellular telephone.The ESN is transmitted to the cell site and used in conjuction with the NAM to verify that you are a legitimate user of the cellular system.
MIN - The MIN (Mobile Identification Number) is simply the phone number of the
cellular telephone.
CHAPTER-3
CHAPTER-4
GSM Global System for Mobile Communications. A digital cellular phone technology
based on TDMA GSM phones use a Subscriber Identity Module (SIM) card that contains user account information. Any GSM phone becomes immediately programmed after plugging in the SIM card, thus allowing GSM phones to be easily rented or borrowed.Operators who provide GSM service are Airtel,Hutch etc.
CDMA - Code Division Multiple Access. A method for transmitting simultaneous signals
over a shared portion of the spectrum. There is no Subscriber Identity Module (SIM) card unlike in GSM.Operators who provides CDMA service in India are Reliance and Tata Indicom. Both GSM and CDMA handsets are prone to cloning. Technically, it is easier to clone a CDMA handset over a GSM one, though cloning a GSM cell phone is not impossible. There are also Internet sites that provide information on how one could go about hacking into cellphones.
- Cellular telephone thieves monitor the radio frequency spectrum and steal the cell phone pair as it is being anonymously registered with a cell site. The technology uses spread-spectrum techniques to share bands with multiple conversations. Subscriber information is also encrypted and transmitted digitally. CDMA handsets are particularly vulnerable to cloning, according to experts. First generation mobile cellular networks allowed fraudsters to pull subscription data (such as ESN and MIN) from the analog air interface and use this data to clone phones. A device called as DDi, Digital Data Interface (which comes in various formats from the more expensive stand-alone box, to a device which interfaces with your 800 MHz capable scanner and a PC) can be used to get pairs by simply making the device mobile and sitting in a busy traffic area (freeway overpass) and collect all the data you need. The stolen ESN and EMIN were then fed into a new CDMA handset, whose existing program was erased with the help of downloaded
software. The buyer then programs them into new phones which will have the same number as that of the original subscriber.
- GSM handsets, on the contrary, are safer, according to experts. Every GSM phone has a 15 digit electronic serial number (referred to as the IMEI). It is not a particularly secret bit of information and you don't need to take any care to keep it private. The important information is the IMSI, which is stored on the removable SIM card that carries all your subscriber information, roaming database and so on. GSM employs a fairly sophisticated asymmetric-key cryptosystem for over-the-air transmission of subscriber information. Cloning a SIM using information captured over-the-air is therefore difficult, though not impossible. As long as you don't lose your SIM card, you're safe with GSM. GSM carriers use the COMP128 authentication algorithm for the SIM, authentication center and network which make GSM a far secure technology. GSM networks which are considered to be impregnable can also be hacked. The process is simple: a SIM card is inserted into a reader. After connecting it to the computer using data cables, the card details were transferred into the PC. Then, using freely available encryption software on the Net, the card details can be encrypted on to a blank smart card. The result: A cloned cell phone is ready for misuse
-As background to a better understanding of the attacks on the GSM and CDMA network the following gives a brief introduction to the Security functions available in GSM. The following functions exist: Access control by means of a personal smart card (called subscriber Identity module, SIM) and PIN (personal identification number), Authentication of the users towards the network carrier and generation of a session key in order to prevent abuse. Encryption of communication on the radio interface, i.e. between mobile Station and base station, concealing the users identity on the radio interface, i.e. a temporary valid Identity code (TMSI) is used for the identification of a mobile user instead Of the IMSI.
CHAPTER 5
WHAT IS PATAGONIA?
Patagonia is software available in the market which is used to clone CDMA phone. Using this software a cloner can take over the control of a CDMA phone i.e. cloning of phone. There are other Softwares available in the market to clone GSM phone. This softwares are easily available in the market. A SIM can be cloned again and again and they can be used at different places. Messages and calls sent by cloned phones can be tracked. However, if the accused manages to also clone the IMEI number of the handset, for which softwares are available, there is no way he can be traced.
CHAPTER -6
Duplicate detection - The network sees the same phone in several places at the same
time. Reactions include shutting them all off so that the real customer will contact the operator because he lost the service he is paying for, or tearing down connections so that the clone users will switch to another clone but the real user will contact the operator.
Velocity trap - The mobile phone seems to be moving at impossible, or most unlikely
speeds. For example, if a call is first made in Helsinki, and five minutes later, another call is made but this time in Tampere, there must be two phones with the same identity on the network.
RF (Radio Frequency)
- fingerprinting is originally a military technology. Even nominally identical radio equipment has a distinguishing ``fingerprint'', so the network software stores and compares fingerprints for all the phones that it sees. This way, it will spot the clones with the same identity but different fingerprints.
Usage profiling. -
Profiles of customers' phone usage are kept, and when discrepancies are noticed, the customer is contacted. Credit card companies use the same method. For example, if a customer normally makes only local network calls but is suddenly placing calls to foreign countries for hours of airtime, it indicates a possible clone.
Call counting
- Both the phone and the network keep track of calls made with the phone, and should they differ more than the usually allowed one call, service is denied.
PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code
and then calls as usual. After the call has been completed, the user locks the phone by entering the PIN code again. Operators may share PIN information to enable safer roaming.
CHAPTER -7
CHAPTER -8
Difficulty in placing outgoing calls. Difficulty in retrieving voice mail messages. Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls appearing on your phone bills
CHAPTER -9
CHAPTER -10
CHAPTER -11
CHAPTER - 12
FUTURE THREATS
Resolving subscriber fraud can be a long and difficult process for the victim. It may take time to discover that subscriber fraud has occurred and an even longer time to prove that you did not incur the debts. As described in this article there are many ways to abuse telecommunication system, and to prevent abuse from occurring it is absolutely necessary to check out the weakness and vulnerability of existing telecom systems. If it is planned to invest in new telecom equipment, a security plan should be made and the system tested before being implemented. It is therefore mandatory to keep in mind that a technique which is described as safe today can be the most unsecured technique in the future.
CHAPTER - 13
CONCLUSION
Presently the cellular phone industry relies on common law (fraud and theft) and in-house counter measures to address cellular phone fraud. Is in initial stages in India so preventive steps should be taken by the network provider and the Government the enactment of legislation to prosecute crimes related to cellular phones is not viewed as a priority, however. It is essential that intended mobile crime legislation be comprehensive enough to incorporate cellular phone fraud, in particular "cloning fraud" as a specific crime. Existing cellular systems have a number of potential weaknesses that were considered. It is crucial that businesses and staff take mobile phone security seriously. Awareness and a few sensible precautions as part of the overall enterprise security policy will deter all but the most sophisticated criminal. It is also mandatory to keep in mind that a technique which is described as safe today can be the most unsecured technique in the future. Therefore it is absolutely important to check the function of a security system once a year and if necessary update or replace it. Finally, cell-phones have to go a long way in security before they can be used in critical applications like m-commerce.
CHAPTER - 14
REFERENCES
Websites:
http://www.cdmasoftware.com/eng.html http://www.victorgsm.com/products/msl/ http://www.unlocker.ru/cdma_soft.php http://www.cxotoday.com http://infotech.indiatimes.coM http://wiretap.spies.com http://www.hackinthebox.org/ http://www.google.com http://www.wikipedia.com