SIM Card Clone : Why It Is Next To Impossible

Understanding the Basics of Why SIM Card Clone is Impossible Demands Good Knowledge About Networking & Embedded Systems. Scam runs to fool the innocent users. We talked about too much basics on SIM card. We are not talking about the CDMA network. We are talking about the GSM network. Actually the SIM card is a computer itself. In client server model, SIM is a client. Obviously you must know about the OSI model.

SIM Card Clone Method For CDMA Phones

Code Division Multiple Access (CDMA) mobile telephone cloning is easier. The devices are embedded systems. It is possible to access the /nvm/num directory via special software. Another method used is kind of usage of hardware key loggers. A modified EEPROM is placed in the targeted mobile telephone, this allows the Electronic serial number (ESN) and Mobile Equipment Identifier (MEID) to be changed. ESN or MEID is used to authenticate a device onto the mobile network (server). It is demonstrated that it is difficult but possible to do a phone cloning of CDMA.

Obviously “over the air”, “via application” or “via software” these methods can never be done.

SIM Card Clone : Why It Is Next To Impossible

SIM Card is very complicated small computer. It has CPU, RAM, ROM, a writeable storage and have an operating system which can run Java Card application. Yes, we are talking about the SIM card not the phone.

First thing is that, the SIM cards which we currently use follows version 2 (year 2002 onwards) system. Version 1 had some bugs that probably allowed some backdoor. We can not say which underdeveloped country still uses the Version 1 SIM, but for sure, India, US, European Countries, Australia and all the other countries with higher GDP (PPP) uses the new standard. The easiest way to hack the SIM card would be to gain the root access of the OS that loads up Java Card. Java Card means Java virtual machine for the smart cards including the SIMs. Java Card runs Java applets, each applet is sandboxed by the Java VM, preventing the leak of the sensitive data to the other apps.

Now the mobile phone interacts with these apps via the SIM Application Toolkit (STK) and also communicates with the network as client in client server model. All over-the-air (OTA) messages are signed with a cryptographic key, so that the SIM can check the origin of these messages.

The SIM card itself is housed inside a tamper proof housing to protect from physical access. We are talking about the size which are practically visible under an electron microscope. If we try to “cut” to get physical access, the card will get auto destroyed.

GSM phones has an International Mobile Station Equipment Identity (IMEI) number. There are numerous hacking methods used to obtain the IMEI and MIN. The probable most common method is to hack into the cellular company’s server.

Technically, GSM SIM card can be copied by removing the SIM card from the phone, placing a key logger like device between the handset and the SIM card and it must operate for a few days to extract the security keys like the K1, A3, A5, A8 algorithms which are responsible for the identification of the subscriber to a new “blank” SIM. We are deliberately avoiding the details, frankly this is the basic how intrusion is checked by the 100% white hackers (who are hugely knowledgeable and are usually certified).

India’s Hyderabad-based Central Forensic Science laboratory (CFSL) under Ministry of Home Affairs, clearly stated that they can not “clone SIM” (February 2015) for a Court Case.

Cloning is very harder, if we assume that we can use the cloned SIM on the network. On the client-server model, it needs to authenticate. One part of that key is only known by the vendor, the SIM card will not disclose it at extreme.

What Richard Stallman says about Governmental spyware activities using these Mobile Phones a bit different. There is a thing named Radio fingerprinting. Radio fingerprinting identifies a cellular phone by the unique “fingerprint” that characterizes its signal transmission. It makes possible to identify a particular device by its unique radio transmission characteristics.
Good point about the radio fingerprinting is that, it is commonly used by cellular operators to prevent cloning of the cellular phones.

A German security researcher named Karsten Nohl found a bug in Java Card which can practically work as a backdoor. That basically the fear of Richard Stallman’s way of thought which practically Edward Snowden proved. Surveillance increases the risk of getting hacked plus it is not exactly great to remain under surveillance by the Governmental agents including Google, Microsoft, Facebook, Amazon and more brands. But, frankly the Phone’s operating system is more easy way to run the spyware than via the SIM card. In the middle, various cunning peoples, ponzi companies are making money by fooling the innocent peoples by delivering odd sort of sci-fi stories. What basically they are doing, they are promoting various application to be installed on the mobile phone. Either computing devices should better was not to become so much of consumer grade product that a layman will use or the layman skipped to the learn the basics of computing.