How to Clone a Phone
Cellphone cloning and the cloning of a SIM card both require physical access to the phone. A cloned cellphone receives the exact same phone calls and text messages as the original when certain conditions are met. The process of cloning is fairly quick, but it certainly can’t be done in just a few moments. In theory, cellphone cloning allowing the attacker to intercept and listen to phone calls and read messages is possible when connecting to the same broadcasting cellular tower.
When in range, the attacker’s cloned phone will ring when the target device does. As long as the attacker remains silent he or she’ll remain undetected. This, however, is easier said than done and one needs to precisely mimic a range of factors. Here we’ll be taking you through a look at how to clone a phone and the various forms of cellphone cloning, plus the scenarios where the method is used to spy on you.
Advanced Mobile Phone System (AMPS) Analogue Cloning
The most vulnerable form of mobile technology is analogue mobile phones. This form of cellular tech was so bad and so lacking in security that calls could be listened in using narrowband FM hardware. Avid snoops would collect electronic serial numbers and mobile directory numbers using over-the-air broadcasts and handheld technology.
Advanced mobile phone system cloning of analogue phones was so widespread than certain carries had to implement a pin to detect cloned phones. Eavesdropping on cellphones was so easy in 1997 some British newspapers even detailed how to listen in on another’s calls openly. All you would have needed to listen in is a good scanned and some know-how. Thankfully this technology is now long gone.
Code Division Multiple Access (CDMA) Cloning
CDMA is a technology which is still used by certain phones and networks. Across regions of South Africa, India and other third-world countries CDMA is still a standard in operation with numerous CDMA-only devices access local networks. In order to clone your phone, the attacker will need physical access to the phone but doesn’t need the SIM.
Once in hand, the phone’s embedded file system is modified to change the electronic serial number (ESN) and/or mobile equipment identifier (MEI) of the phone. A custom-programmed EEPROM can alternatively be fitted to the phone instead. With its new ESN and MEI, your phone will be cloned to a phone fitted with the same identifier at the mobile telephone switching office, or MTSO, of your cellular network provider.
Global System for Mobile Communications (GSM) Cloning
GSM cloning is a rare practice which barely works. In a GSM cloning hack, the SIM card is cloned using software but not the device itself. GSM phone technology doesn’t have an ESN or mobile identifying number; instead it has an international mobile station equipment identity number, or IMEI. An attacker connects the phone to a device designed to extract its subscriber identity number.
Through logging the info between your device and the MTSO the handshake information and identify key is obtained which gives full control over where your calls and messages are forwarded to. Most service providers detect this form of cloning very quickly despite its efficacy with older phones.
Modern SIM Security
Present day cellular security standards have made cloning almost impossible. A duplicate SIM is near useless and will not deliver replicated calls and messages as the symmetric key will be missing. The symmetric key or Ki of your device is known to the vendor only and will need to be snooped from the mobile network itself. This is a highly unlikely scenario due to the high-end security employed to guarantee privacy standards are met and maintained.
Even if you physically have access to the card the only way to get the encryption code is using a brute force query which can take far longer than your attacker could have your device for. The only SIM cards which can be cloned are 2G SIM cards using the COMP128-1 algorithm. These were last in use over 11 years ago and had authentication keys derived from vectors generated by the card.
The brute force needed to crack the encryption code would normally result in these SIM cards overheating and breaking or the SIM would brick completely before this happened. It all depended on the specific network and card. Mobile security has evolved far past this.
Who is Still Vulnerable?
There are isolated cases of SIM and phone cloning used maliciously across the world. The only people at risk are those living in underdeveloped areas where CDMA phones are still commonplace, and the networks still rely on SS7 standards. Even though some US networks and other international mobile operators support CDMA, the lack of old cellphones using the technology ensures that cellphone cloning attempts are almost nonexistent.
The regions of the world at the highest risk include South Africa, Nigeria, Angola, Kenya, Namibia, India, Indonesia, Philippines, Thailand, Brazil, Ecuador, Dominican Republic, Puerto Rico and Armenia. Most networks in these countries are in the process of phasing out the vulnerable, outdated CDMA2000 standard but users are still at risk if using old cellular hardware.
Cellphone Cloning – A Dead Practice
Cellphone cloning is not a long-term spying solution. An attacker will only have a limited window during which they can intercept your calls and messages. Mobile operators rapidly catch and shutdown cloned phones thanks to the unique radio fingerprint which each device hosts regardless of the ESN, IMEI or MIN.
Phone cloning is also a highly illegal activity in most parts of the world, prohibited in the US by the Wireless Telephone Protection Act of 1998. Aside from the legality, cellphone cloning can’t be used to exploit smartphones and most malicious users wouldn’t take the time to try.
There are far more robust solutions to spying on your phone calls, messages and other communications. From remote access toolkits to keyloggers, trojans and an endless arsenal of ever-evolving spyware, cellphone cloning is no longer anywhere near as effective or popular as it once was.