SIM clone or swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM. This feature is normally used when a customer has lost or had their phone stolen. Attacks like these are now widespread, with cybercriminals using them not only to steal credentials and capture OTPs (one-time passwords) sent via SMS but also to cause financial damage to victims.
If someone steals your phone number, you’ll face a lot of problems, especially because most of our modern two-factor authentication systems are based on SMSs that can be intercepted using this technique. Criminals can hijack your accounts one by one by having a password reset sent to your phone. They can trick automated systems – like your bank – into thinking they’re you when they call customer service. And worse, they can use your hijacked number to break into your work email and documents. And these attacks are possible because our financial life revolves around mobile apps that we use to send money, pay bills, etc.
However, technology today has made it possible to clone some particular types of sim card by hackers and fraudsters who are desperate in their activities.
Four ways a SIM card can be cloned, by Damilola Ojo
It is important to know that not all SIM cards can be cloned, some are nearly impossible to clone because of the secure firmware that they contain.
There are basically two types: the COMP128v1 is the kind of SIM card that can be cloned easily, while the COMP128v2 is the kind that contains the secure firmware that makes cloning really hard work.
In line with this, Jumia Travel, the leading online travel agency, shares four ways a SIM card can be cloned.
By the use of a SIM cloning tool
SIM cloning tools can be used to view a lot of information that is normally hidden or appears deleted on phones. They are typically downloaded and installed on computers, and then run to clone the SIM card and copy the needed data. The SIM cloning software easily helps to collect all possible parts from the target device and generates comprehensive details on a computer that can either be stored or printed.
Through programmable cards
SIM cloning isn’t actually all bad. It can actually serve as backup in case your phone gets lost or stolen, or if you need to free up space by saving a copy of the data you are deleting. To clone a SIM through a programmable card, you simply need to first purchase the card (the blank SIM programmable card). These cards do not have phone numbers and can be purchased online. You would also need a SIM Firmware Writer, which allows you to copy different numbers to one SIM card. You would then need to download a Woron Scan, which is a software for reading the phone. With all these, you would be able to configure the software and clone the SIM card.
Through IMSI and Ki Number
Every SIM card has an ID number that helps to identify it in the device’s corresponding operator. The ID number inside the SIM is called International Mobile Subscriber Identity (IMSI) and this data is very important because it is what helps the cloned SIM function properly. Also, another important data to extract from the SIM is the Ki (Authentication Key), which serves to authenticate as a subscriber of an operator. This authentication enables the operator to ensure that the IMSI and other SIM information are correct and part of a valid card, so you can clone the SIM card. Once you have the IMSI number and Ki number, you then use a SIM reader (which can be sourced online) to facilitate the process, copy the necessary contents and thus clone the SIM card.
Through a SIM card reader
This device has already come up earlier in this article to be used in conjunction with other devices. However, a SIM card reader can be used on its own to attempt to gain access to the contents of a SIM card in a sort of ‘brute-force’ attack, but this is a long shot. You’re going to need a lot of luck to be able to guess the right key before the card locks itself. Generally, the chances of succeeding at this are in fact quite slim.
.png)
No comments:
Post a Comment