SIM cloning is the process in which a legitimate SIM card is duplicated. When the cloning is completed, the cloned SIM card’s identifying information is transferred onto a separate, secondary SIM card. The secondary card can then be used in a different phone while having all calls and associated charges attributed to the original SIM card. The phrase SIM clone is often used to refer to the SIM card that has been successfully duplicated.
A successful duplication hinges on the a user’s ability to extract the SIM card’s IMSI (International Mobile Subscriber Identifier) and Authentication key (Ki). While a IMSI is relatively easy to identify, finding the Ki can prove to be much more difficult for the novice user. Separate devices and software programs may have to be used to decrypt the Ki.While some Opensource hardware and software exists, to aid in reading SIM cards (see below):
- http://www.ladyada.net/media/simreader/pySimReader-Serial-src-v2.zip (Cross Platform)
It is very difficult to crack the Ki on modern SIMs (version 2+) though on the older version 1 SIMs the Ki can be bruteforced within 24hrs due to a mathematical weakness in the COMP128-1 algorithm. The software below will allow you to attempt to break the Ki on older SIMs supporting COMP128-1:
Engaging in activities that can result in a SIM clone is illegal. In the 1990s, companies that provided cellular services recognized the problems that SIM cloning presented and began to take measures to thwart the cloning business. New security measures such as embedding security operations make obtaining a SIM clone more difficult. Now, if a SIM card detects that cloning has been engaged, the SIM card can render itself inoperable. Whereas a few years ago cloning could be done by radio, people must now have physical access to the original SIM card.
As stated earlier modern SIM cards are typically version 2 or above the use the improved COMP128-2 and COMP128-3 algorithms which make brute-forcing the Ki very very difficult. It is believed that some smaller (or poorer) cellular providers in countries (eg. Africa) still use the older version 1 SIMs which are still available and considerably cheaper.