Be Careful! Your Cell Phone Could Be Cloned

by Julia Fernandes    Feb 08, 2005

Technology is finally rearing up its dark side. Along with the proliferation of technological innovations, this era also marks the birth of the new-age IT criminals in a big way, with the latest technology fraud being mobile phone cloning.

As a mobile phone user if you have been receiving exorbitantly high bills for calls that were never placed, chances are that your mobile phone could be cloned. Mobile phone cloning is a technique wherein security data from one cell phone is transferred into another phone. As a result, while calls can be made from both phones, only the original is billed.

According to media reports, recently the Delhi police arrested a person with 20 cell- phones, a laptop, a SIM scanner, and a writer. The accused was running an exchange illegally wherein he cloned’ Code Division Multiple Access (CDMA)’-based mobile phones. He used software for the cloning and provided cheap international calls to Indian immigrants in West Asia.

So, what is the modus operandi of a typical fraudster?

Every mobile handset has a unique factory-coded Electronic Serial Number (ESN) and a Mobile Identification Number (MIN). The crime starts when someone working for a mobile-phone service provider leaks these numbers to grey market operators. The buyer then programs them into new phones which will have the same number as that of the original subscriber.

The accused in the Delhi case used software called Patagonia to clone only CDMA phones (Reliance and Tata Indicom). However, there are software packages that can be used to clone even Global System for Mobile or GSM (e.g. Airtel, Hutch, Idea) phones. In order to clone a GSM phone, knowledge of the International Mobile Equipment Identity (IMEI) or instrument number is sufficient.

According to a Reliance Infocomm spokesperson, “Cloning is a fraudulent act done with criminal intent and needs to be condemned. Indulging in cloning directly and/or helping in cloning in any way amounts to fraud which causes financial loss to the person whose phone has been cloned, the service provider and the society at large.”

What security measures can a service provider currently offer to protect its customers, apart from maintaining the billing pattern of users, which is usually monthly?

Says the spokesperson, “The best way to check any unusual spurt in usage (and bill) is to check regularly the unbilled amount, the details of which are available on R World. One can also get these details on our website by logging in with specific user ID for the mobile number.”

Speaking further the spokesperson cautioned, “Users with ILD facility need to be more careful as fraudsters attempt to make as many international calls as possible within a short time due to fear of getting caught. Since ILD rates are higher than other calls, fraudsters try to derive maximum benefits in the shortest time.”

However, to what extent can banning of software for mobile phone cloning reduce the risk?

“Banning this software will certainly help. However, the framework needs to be thought through and implemented cross-border due to Internet-based software and skill transfers,” says the spokesperson.

Today enterprises are leveraging mobility solutions to achieve their business objectives. Apart from mobilizing applications such as CRM, field service, and sales force automation tools, many companies are also providing wireless access to their back-end servers, applications, and/or data.

With increasing mobile deployments among enterprise users, a technology fraud such as this could pose a serious concern to enterprises.

According to a school of thought, the Telecom Regulatory Authority of India (TRAI) should issue a directive, which holds the operators responsible for duplications of mobile phones. But, until such a scenario emerges, users have no option but to maintain a strict vigil on its billing and usage pattern.