I was reading an article in the newspaper yesterday. The article stated that a complex tracking device had been found under the C-series Mercedes of a high profile business analyst (James Middleweek) and that some broking firms are running scared because of high-tech gagetry that is being used by rivals to gain the other hand. This includes cloning mobile phones from the executives of a competing company. :eek:
What really caught my attention was how readily avalible the technology was. While this article is of course going to be biased and exagerated, this lifted an eyebrow;
"The software has been freely available for atleast 2 years [to clone mobile phones] and can be bought over the internet for around 90 pounds". That about AU$250. :cool:

If this article is correct on how easy it is to get hold of the gear required to clone a mobile phone. Then some members of this forum would be in for some fun. IIRC cloning a mobile isn't illegal in Australia yet so you could do a fair bit of damage/make a fair bit of money from cloning them. Since Australia uses a GSM network like europe, the software should be compatable.

If it's just software needed, why isn't something like that available for free, or is there some hardware component involved? Some links to cloning websites, or links to the people selling the software would be nice.

Heh, at the very least people could clone cell phones to give their own family extra lines since they charge for the damn things. Naturally having a cloned cell phone of someone elses account would be much cheaper.

I wonder what the security implications of cloned phones are? If a criminal used only cloned phones he should be able to completly avoid the hassle of buying and throwing away a disposable phone. Would this also make his less trackable if he recloned his phone to a different number every time he used it? For example the phone would have to be used to make outgoing calls only, the crimy could switch his number every time. If the feds were monitering calls (phone logs) they wouldn't see the same number all the time, but a bunch of different numbers. They would likely not connect the different calls.

Cloning cell phones used to be really easy.. I don't know how it works now or if its become more complex. Basically you'd buy a phone that was easily programmable ie: oki 900 ( http://www.geocities.com/ResearchTriangle/Thinktank/3978/p55.htm ) and some programming hardware, which was usually just a simple cable and adapter (the software is free and all over the internet). The only thing you really needed to clone a cell phone is the ESN/MIN pair which used to be (still is?) written on the phone somewhere. People also used to snatch them right out of the airwaves. Kevin Mitnick, a famous hacker who eluded the feds for quite some time, connected to the internet and hacked through cloned cell phones making it rather difficult to locate him. He got most of his by hacking into databases containing tons of ESN/MIN pairs. I also recall certain key combinations which would trigger certain cell phones into test mode. This was useful in that you could program the ESN etc right there using the phone without any additional hardware. Sprint phones can't be cloned because they use an entirely different network. Plenty of information is out regarding cloning cell phones, while it may be outdated its worth a look into.

Cloning cell phones may have been easy a few years ago, but it most cetainly is not now. However, do not lose hope, as it is still possible with some fairly high-tech(you can build it yourself, but it's a bit of a challenged) materials. For insturctions and more details I will refer you to http://www.theregister.co.uk/content/59/25216.html you can also find much more detail by doing a simple google search on some of the terms in that article.

Even cloned phones can be traced and identified. Transmitter "fingerprinting" has been around since WWII and has been automated by the cellular companies to identify cloned phones, as well as provide LE with a means of identifying phones used by suspects that get them re-chipped in an attempt to avoid tracing.

So, unless you can get your mobile to vary it's transmitting and signal processing patterns at random, you'd be better of using pre-paid phones and throwing them away to evade detection, rather than using cloned phones.

I did read on a website somewhere that one of the cartels cloned some mobile phones belonging to the DEA. The DEA didn't realise this until it got a massive phone bill :p .
The ESM/MIN may still be on the back og the phone. My mobile has two numbers on the back. One which is labled "code" is a seven digit phone number. The second is a seventeen digit number that is something like; xxxxxx/xx/xxxxxx/x
I know one of these numbers is an ESN because an aquaitance used the number to prove that a mobile was his after a thief stole it (what he did to the guy is another story :rolleyes: )
Also on the back of my phone there seem to be an input for some sort of plug the input looks like this:

/00/
/00/

This Input is on my Nokia phone. Someone that knows more about mobiles or an engineer might have a more of a clue on what its for.

Here's the way it was ten years ago; The ESN was burned into a ROM and was specific to the phone. The MSN (phone number) is assigned by the cellular company and programmed into the telephone switch and mobile phone. If you could find out someone's ESN and MSN, then you could take another phone apart and hardware the ESN in place of the ROM, or if you were really handy, you could burn a new ROM. Some folks made a "tumbling ESN" device to replace the ROM. Since the ROM was also used for other phone functions, it could become quite a task. Once the ESN is installed, it's only a matter of programming the correct info (including MSN) into the phone.

And, yes, with the right equipment you could read the ESN and MSN off the air.

I know that the cellular technology has changed a lot in the last ten years, so I doubt that it has become any easier. Especially considering that stopping this kind of "theft of service" was top priority.

And seeing as how I sell and program phones everyday...

I have heard that at one point in time, cloning the ESN (electronic serial number for those who haven't picked up on it yet.. and it is most always listed on a sticker underneath the battery) was easy because it contained within a single chip that was set to that number in the factory. So all that need be done is take another chip from the same factory and model and change the number. Well obviously I don't know how exactly to do it but I should figure that once you have done it once, you can do it an infinite amount of times. I know when I am programming a phone that is straight from the factory, it asks for the phone number. So this is obviously interchangeable meaning that the ESN is the only thing to worry about. But everytime a wireless phone attempts to make a connection, it gives its ESN and phone number. Well anyone with experience with selling phones can change one phone to 'mock' the programmed number of another phone. I know that I can do this (which is a good practical joke if I were to get a hold of someones phone and I wanted to change their phone number to make their phone unusable).

But anyways I am drunk but am aware that I am going nowhere with this, but I should think that you wouldn't need any hardware to change the ESN of a phone. And changing the programmed phone number is especially easy with Sprint.....

p.s. I have heard that Nokia is a Finnish company.. is that true?

Flake, the plug your referring is the place where you can attach the data cable and connect the phone to a pc or other device..

As little as I know, phone companies have also built an encryption code for every new cell phone, so one is unlikely to succeed to clone a phone by using mere ESM/MIN codes..it could work with the older models but who uses them anyway...

and yeah, its Finnish.

There also exists a problem in cloning phones for espionage purposes. Cellular companies have sent lots of $$$$ in mobile cloning detection technology. Some of this is exactly what NBK had mentioned in transmitter fingerprinting. A lot of it also is some ‘common sense’ programmed at the cellular switches. If your mobile ESN had placed a (legitimate) call 5 mins ago from point A and then someone using a cloned phone attempts to place a call from point B and that there is no physical way that you could have traveled that distance then the switch will flag the ESN as a bandit and it will not validate any calls.

Obviously this will not catch all cloning issues but unless you plan on following the person whose phone you cloned around (or they use their phone very little) then modern cloning is not that reliable.

Now if you just want to eavesdrop then all you would need to do is build a receiver that decodes the ESN broadcast along with the cellular providers encoding (e.g. Verizon in the US uses CDMA). I am sure that there is some LE only equipment that will do just that.