|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: David Wagner <daw@cs.berkeley.edu> To: cryptech@Mcs.Net Date: Tue, 14 Apr 1998 18:22:46 -0700 (PDT) Cc: cryptography@c2.net On Tue, 14 Apr 1998, Jyri Kaljundi wrote: > Actually how would a cloned phone work in a real network, next to the > original? Will they both work next to each-other? Will they both ring at > the same time? Will some networks block the whole number when they see 2 > phones with same number registering to the network? I don't know the answers to your question for certain, as I am not a cellphone engineer. Still, here's what I've been told: Two cloned phones probably could not be on the network at the same time. An incoming call would probably cause one of the two phones to ring at random (but not both). Sources report that at least some US networks have absolutely no fraud-detection expert systems, which means the providers are relying on the strength of the crypto with no fallback. I have no information on whether the European networks have anything in place that could help detect unauthorized calls from cloned phones. So it's not clear if there are any circumstances under which two identical phones could be on the network at the same time; but I don't think that's really relevant to fraud management. For fraud, the critical question is whether any ``giant red flashing lights'' go off in the provider's fraud center when two duplicate phones are in use -- and it's not clear whether any GSM providers actually have such alarms in place. Remember that the GSM system was *designed* so you could use your SIM with multiple different handsets, as you travelled. This doesn't rule out the possibility of fraud-detection; but it makes it slightly more plausible that a cloned SIM might be able to escape detection. Maybe someone who knows more about GSM networks can help us figure out whether the above speculations are accurate. As for Mike Rosing's remarks, I suspect he may be thinking of the US analog networks (and, to some extent, the digital North American systems). For instance, GSM phones don't have any concept of MIN/ESN pairs; so far as I know, that's a North American idiosyncracy. And all those fraud detection expert systems are primarily deployed (as far as I can tell) in North American analog networks, where there's absolutely no crypto, and fraud is already a massive problem, to the tune of > $500 million / year. In article <Pine.BSF.3.95.980414134041.6341A-100000@Venus.mcs.net>, Mike Rosing <cryptech@Mcs.Net> wrote: > Usually both are cut off. The owner won't mind getting his phone > reprogrammed when told he's liable otherwise for a huge bill. It's > standard practice (in Motorola switches anyway) to monitor the system > for duplicate ESN's and kill them all. They won't ring, they will be > "disallowed" and that will traverse they entire roaming network as well. > > The industry has been well aware of the problems for a long time. There's > so much money being made, they can afford to lose several million $ a day. > Beats dealing drugs I think!
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |