M-Cloning

ABSTRACT

Today's communication market is moving quickly toward the promises of communications, E-

commerce, and content availability at anytime, at anywhere, and on any device.M-commerce

(Mobile-Commerce) is an electronic transaction or information interaction in wireless

environment using any mobile devices. M-cloning is working as a speed breaker in the growth of

M-commerce.M-cloning (Mobile-Cloning) means copying the identity of one mobile phone to

another mobile phone. Now a day’s mobile becomes an essential part of our daily routine.

Positive use of M-cloning is creating the clone phone which contains the same data and number

as in your original phone. But now a day’s total meaning of M-cloning is changed. It is also

mandatory to keep in mind that a technique which is safe today can be the most unsecured

technique in the future. Finally, maintaining security is mandatory in critical applications like m-

commerce.This paper will focus on basics of M-cloning, Different ways and methods of

Mcloning,Methods to know cloned phone, MobileSecurity and Future scope of Mobile Security.

INTRODUCTION

M-commerce is an electronic transaction or information interaction in wireless environment

using any mobile devices. The main aim behind the growth of M-commerce is "Handle all

transaction using handheld device". M-cloning is developed for positive use but now a day M-

cloning is use for the purpose of making fraudulent telephone calls. The M-cloner is able to

make effectively anonymous calls, which attracts another group of interested users. M-Cloning is

one of the burning issues of M-commerce. M-Cloning menans copying the identity of one

mobile telephone to another mobile telephone. M-Cloning is the process of taking the

programmed information that is stored in a legitimate mobile phone and illegally programming

the identical information into another mobile phone. The result is that the "cloned" phone can

make and receive calls and the charges for those calls are billed to the legitimate subscriber. The

service provider network does not have a way to differentiate between the legitimate phone and

the "cloned" phone. The other cell phone becomes the exact replica of the original cell phone like

a clone. Though communication channels are equipped with security algorithms, yet cloners get

Aesha Parikh(10dit004),IT,IDSNirma University Page 1

M-Cloning

away with the help of loop holes in systems. So when one gets huge bills, the chances are that

the phone is being cloned. Some of the features of mobile communication make it an alluring

target for criminals. Its newness also means intense competition among mobile phone service

providers as they are attracting customers. The major thre at to mobile phone is cloning. Mobile

phone user is the legitimate owner of that phone. Target telephone is now a clone of the

telephone from which the original ESN and MIN numbers or SIM details were obtained.

HISTORY OF M-CLONING

M-cloning started with Motorola "bag" phones. It reached its peak in the mid 90's with a

commonly available modification for the Motorola "brick" phones, such as the Classic, the Ultra

Classic, and the Model 8000. Now a day it reaches its peak rate in the country like US, China.

This is usually done to make fraudulent telephone calls. This had made cloning very popular in

areas with large immigrant populations, where the cost to "call home" was very steep. The cloner

is also able to make effectively anonymous calls, which attracts another group of interested

lawbreakers. Cloning involved modifying or replacing the EPROM in the phone with a new chip

which would allow one to configure an ESN via software. This would also have to be changed.

On April 13, 1998, the Smartcard Developer Association and the ISAAC security research group

announced a flaw in the authentication codes found in digital GSM cell phones. This allows an

attacker with physical access to a target phone to make an exact duplicate and to make fraudulent

calls billed to the target user's account. GSM industry is taking steps to repair the security

weaknesses in the GSM cryptographic algorithms. A patched version of COMP128 is now

available and it is called COMP128-2.

DIFFERENT WAYS OF M-CLONING

There are four different ways for M-cloning:

(1) GSM (SIM) cloning, (2) CDMA Cloning,

(3) Caller ID spoofing, (4) Bluetooth Cloning

Aesha Parikh(10dit004),IT,IDSNirma University Page 2

M-Cloning

(1)GSM (SIM) cloning: GSM phones use a SIM card that contains user account information.

Any GSM phone becomes immediately programmed after plugging in the SIM card. GSM

networks which are considered to be impregnable can also be hacked. The process is simple: a

SIM card is inserted into a reader. After connecting it to the computer using data cables, the card

details were transferred into the PC. Then, using freely available encryption software on the Net,

then card details can be encrypted on to a blank smart card.

(2)CDMA Cloning: CDMA is safer then GSM technologies for Mcloning. For cloning CDMA

mobile phones ESN ,MEID,MIN is used. Software named Pantagonia is used to clone CDMA

phone.

(3) Caller ID Spoofing: No. of software's are available in the market which allows us to

implement Caller ID Spoofing. One of them is SpoofTel. To use SpoofTel and start spoofing our

caller ID, simply sign up and purchase Spoof Minutes. With Spoof Minutes, we can spoof calls.

Once we are signed up, we can take advantage of our special caller ID spoofing tools to fake

caller ID from anywhere in the world.

(4) Bluetooth Cloning: Bluetooth Cloning is a technology in which Mcloning is done through

Bluetooth network using different software’s like Bluejacking, Bluebugging, Btscanner. Victim

must be in a range of 10 meter for Bluetooth cloning.

METHODS TO DETECT CLONED PHONE

We can detect the cloned mobile phone either from user side or from operator side. Fraud

Detection methods to detect cloned phone at User side: Frequent wrong number phone calls

to your phone or hang-ups, Difficulty in placing outgoing calls, Difficulty in retrieving voice

mail messages, Incoming calls constantly receiving busy signals or wrong numbers,Unusual calls

appearing on your phone bills Fraud Detection methods to detect cloned phone operator side:

Duplicate Detection, Time overlap pattern, Velocity trap, Radio Frequency Fingerprinting,

Usage profiling, Call Counting, Call pattern Analysis.

Aesha Parikh(10dit004),IT,IDSNirma University Page 3

M-Cloning

SECURE YOUR MOBILE FROM M-CLONING

To secure our mobile from M-cloning we have to take care of following points:

(1) PIN Locking: Some service providers offer their subscribers a free fraud protection

feature (FPF) to help protect against unauthorized use of their cell phones. FPF uses a

private combination, or personal identification number (PIN). Even if pirates capture

the phone's signal, they would not be able to use it without the PIN code.

(2) Memory card locking: The SD memory cards have a protective lock-switch at the top

left. Sliding the switch into an open position allows the SD memory card to be written

to or read. Sliding the switch closed allows reading only. This protects data from

accidental overwrite. We can also lock the memory card using different software available in

the market.

(3) Phone locking: A SIM lock, network lock or subsidy lock is a capability built into

GSM phones by mobile phone manufacturers. Network providers use this capability to

Restrict the use of this phones to specific countries and network providers.

(4) Application locking: Install Application Certification software in y our mobile which

Basically means that you can't install anything onto the phone that doesn't have a valid

Security certificate.If anything you want to install then it requires master password.

(5) Remote locking: This is a feature provided by different software available in the

Market which, just once you set it up, if you lose your phone you can lock it via

Text message.But before that you have to enable service for it.

(6) Mobile trackers: As advancement in technology we can track our mobile if it is stolen.

For this we have to register in a particular website. By this we can do the same task task

As CIBER security department can do but for only our mobile.

Aesha Parikh(10dit004),IT,IDSNirma University Page 4

M-Cloning

CONCLUSION

Existing cellular systems have a number of potential weaknesses that were considered. It is

also mandatory to keep in mind that a technique which is considered as safe today can be the

most unsecured technique in the future.Therefore it is absolutely important to check the

function of a security system once a year and if necessary update or replace it. Finally,

cellphones have to go a long way in security before they can be used in critical applications like

mcommerce.

REFERENCES

[1] Lowell Charles, Farhad Monodee & Tanya Nurek, The Critical Success Factors For Mobile

Commerce,http://www.commerce.uct.ac.za/InformationSystems/Research%26Publications/

2007/Pubs2000/ER02.pdf

[2] A research on usage pattern and analysistechnique for communication fraud: SIM cloning

and surfing, Computing & Informatics,2006. ICOCI '06. International Conference,by

Xerandy", June 2006.

Aesha Parikh(10dit004),IT,IDSNirma University Page 5