SIM Clone

SIM cloning which is a serious security threat for SIM security is the process in which a legitimate SIM card is duplicated. When the cloning is completed, the cloned SIM card's identity information is for gaining access to Mobile Network Operator (MNO) network and services transferred onto a cloned SIM card. The cloned SIM card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully duplicated.

A successful cloning depends on the a user's ability to extract the SIM card's information such as IMSI (International Mobile Subscriber Identifier) and Authentication key (Ki). IMSI is like a subscriber identity to the network. MNO identify their customers and related services with IMSI. While a IMSI is relatively easy to identify, finding the Ki can be more difficult for the native user. Ki is encrypted with strong encryption algorithm and less visible compared to IMSI. Separate devices and software programs may have to be used to decrypt the Ki. A combination calculation of IMSI and Ki can result access credentials to the network.

Strong security awareness is crussial against SIM cloning. Do not let your mobile phone and SIM card unprotected. At least protect your mobile phone with stong security credentials. For SIM card at least protect it with PIN and don’t leave it unattended.

 



Comments

Post a Comment

Popular posts from this blog

Proactive SIM

Image
  SIM card has the ability to interact with outside entities like device or network. With regards of SIM capability to initiate command to the device, it is conducted with proactive command. When the SIM initiate proactive command it means the SIM is in proactive mode. Some example of this proactive commands are DISPLAY TEXT, SETUP MENU, POWER ON CARD, POWER OFF CARD, etc. Some files will be required for SIM / UICC to handle the proactive command. •        EF SUME (Setup Menu Element). This file contains values related to menu title tobe used by SIM / UICC when execute Setup Menu command. •        EF RMA (Remote Management Action). This file contains record with values of proactive command used in remote management.
Read more

EUICC Architecture

Image
  There are some components involved   in Remote SIM Provisioning (RSP) in order to provide eSIM services. These components must be integrated with Mobile Network Operator (MNO) system and eUICC Manufacturer (EUM). Inside the eSIM, the eUICC holds some components contain values, keyset, and profile of eSIM. This is for both M2M and Consumer architecture. According to Global Platform Certifitation (GPC), card architecture contain Security Domain (SD) and Application. Each can come from controlling authorities, application provider, and card issuer.   In eSIM / eUICC Security Domain plays significant roles. It contains connectivity and security variables of eSIM to run the services.  During the integration between the RSP and MNO system these components must be clearly defined. They are ISD-R, ISD-P, and ECASD. 1.        ISD-R (Issuer Security Domain- Root), representation of off-card entity SM-SR. •     ...
Read more

How SIM “talks” to external

Image
  Basically SIM card is one entity in cellular telecommunication system . Like any other smart card, it can be programmed, receive commands, and initiate commands to external system. The external system can be a SIM reader, mobile phone or any other mobile device which can has SIM / eSIM inside it. When SIM talks the command to the external and it will receive answer or response.     The language or the command which SIM talks to the external is APDU (Application Protocol Data Unit). APDU is a command response protocol for pushing functions executed on a smart card or similar device. The command consists of a 4 byte header followed by up to 255 bytes of data. The response contains a 2 byte header followed by up to 256 bytes of data. The headers and data are specified in a suite of standards from ISO and others. The structure of a Command APDU (C-APDU) includes a required header (CLA INS P1 P2) and an optional body ([Lc field] [Data field] [Le field]).   An APDU...
Read more