SIM card cloning and why it won't work for you
How to clone a SIM card [not]
I often bump into ads in which somebody states that a company can clone your SIM card, or that some wise-guy has the gear needed to clone a SIM card. A slight variation is made by the ads that state that one can make a SIM card hold more than one SIM card [i.e. if you have two SIMs, you can migrate them into one, thus there will be no need to switch cards when you feel like switching numbers or mobile operators].
Why cloning a SIM card is impossible? [for a usual human being like you and me]
Because a SIM card is a smart card. it has an operating system, a microprocessor and a file system. On top of that, it has a great authentication mechanism that allows the card to determine which actions can be carried out [and which ones cannot] by a specific user. Yes – it is similar to an OS with multiple users, in which an administrator [or root ] can do anything, while somebody else [say, Guest ] can only read a limited number of files.
A SIM card is made of directories that hold files, each file has its own use, for instance, one of them holds your address book. another one – your SMS archive. etc. These files can be read by us – mobile phone owners.
There are also system files, such as the ones that contain information about the secret keys used by the phone to connect to the mobile network. Such data are critical, and they cannot be changed by the user – i.e. by us.
In order to clone a SIM card, every single file must be read, including the ones that hold the low-level secret information. But, as you’ve probably figured out by now – the card’s protection mechanism will simply not allow that data to be read. Just imagine that you’re logged on as a guest. and you want to copy some files that only an administrator can access. For obvious reasons – you will fail.
So, if you really want to clone a SIM card, you need to “log on as an administrator”. Simple - but not possible for the end-user. Here are some extra facts that should help you understand why things are so.
When you buy a SIM card, the operator gives you the SIM card itself, and several codes: PIN. PUK [sometimes also PIN2, and PUK2]. The card is already formatted, meaning that its file system is created and it already contains some data. The PIN is something that allows you to “log on as a guest” and use the resources such as the address book. So there’s no way you can clone the card - insufficient privileges.
But how do mobile operators make changes to the card?
As stated earlier, a SIM card is just a smart card with a special format. Assume the
mobile operator buys a thousand smart cards that are 100% empty. From the very beginning, the card manufacturer gives the provider the so called transport key (a.k.a issuer key ), which is what is needed in order to perform any operation with the card. Afterwards, a person from the GSM operator formats the cards, creates the needed files, assigns the PINs, etc. and then the SIM cards end up on the shelves of stores and boutiques.
The conclusion is that the SIM card’s transport key is what you need in order to be able to actually clone it. But the problem is that the key is kept secret, for obvious reasons. Think about all the damage that could be done, all the financial scams, and so on.
So, when somebody says they can clone a SIM card, it is very likely to be a false claim, unless that person is an employee of the mobile operator, and has access to the transport keys. Even in that case, you can be sure that it is illegal, because no employee is allowed to disclose such information and use it for personal purposes.
But what about brute-force attacks?
Those won’t work, because a GSM SIM card [like any other smart card] will lock itself if an invalid PIN is entered a certain number of times. Afterwards, you can still unlock the card with the PUK, but if that fails too – the card will permanently lock itself. Meaning that its data are not available, gone, nada, zilch!
Technically, it is possible, all you need is a SIM card reader (or a PC/SC compliant smart card reader ), and a hell of a lot of luck – so that you could guess the right key before the card locks itself. But let’s face it; the chance to succeed is probably much smaller than the chance of a pink unicorn materializing right now, right behind you!
Back to our money-making wise-guys – most often, the ad goes like this:
“SIM card clones, any operator, any country”.
Now that’s a bold statement! If it was just a once in a lifetime deal, somebody who can clone a SIM card of a single operator (where they used to work, but got fired, and now they fight back) – it would’ve been more credible. But being able to clone any SIM card means that all the transport keys of all the mobile operators have been compromised, and nobody noticed that.
No, I am not a statistician, but I did do a minor research, which included questioning almost everybody I know (who is technically literate). It turns out that everybody heard about people who clone SIM cards, but nobody has ever seen the process of cloning, or a home-made ^ two-in-one SIM card in action.
With that said, ladies and gentlemen, I rest my case.
^ - Strictly home-made, because it makes sense when the operator itself provides such a service [which is not an uncommon thing]