23

In many dictatorships SIM card cloning is used by the police (working together with the telco) to spy on dissidents, journalists etc. Some people say that you need the authentication key on the SIM card to clone it so that physical access to the card is a pre-requisite for cloning. However, if we assume that the telco works for the political police can they design the SIM card in such a way that they can work without an authentication key on them? This would make the process of SIM card cloning much easier and therefore dangerous for civil society.

Pedro
  • 239
  • 2
  • 3
  • 8
    It's probably easier for them to just get the key before handing you the sim card and keeping a DB of all the key – Sefa Aug 30 '19 at 09:34
  • 3
    Telcos do not design the SIM or how the phone interacts or authenticates against the SIM. – schroeder Aug 30 '19 at 09:42
  • 11
    *"In many dictatorships... the police (working together with the telco)..."* - It is not just dictatorships. In the US the telecoms and government form a unholy matrimony. US Congress went so far as to pass legislation making the violations of federal law OK once they were caught. It effectively ended all the EFF lawsuits. Also see the EFF's [NSA Spying FAQ | Electronic Frontier Foundation](https://www.eff.org/nsa-spying/faq). –  Aug 31 '19 at 01:50
  • 1
    If it's the police and telecom together, why would they even need to clone the SIM card? I may be wrong, but I don't think data usage and calls are end-to-end encrypted. And if that's the case, wouldn't it be easier for them to just log traffic flowing towards that specific endpoint? – zypA13510 Aug 31 '19 at 10:28
  • From [another question](https://security.stackexchange.com/a/21452/117921): _The primary weakness in 4G security is that its use of cryptography does not provide end-to-end security. It only encrypts the traffic between the phone and the base station, but there is no encryption while the data is communicated over the wired network. This means that **there is no security against a malicious or compromised carrier (or a carrier who is sharing all of your data with the local government)**_ – zypA13510 Aug 31 '19 at 10:39
  • I would summarize: in absence of end2end encryption, any telco has **technical capability** to eavesdrop users. In every country, courts can order wiretaps for legitimate reasons. So there is no need to clone the SIM card – usr-local-ΕΨΗΕΛΩΝ Sep 02 '19 at 07:22
  • Telco systems are secure, but consider that the security measures they implement isn't intended to protect you, but rather to protect the telco's interest. The main telco's interests here is that every traffic in their network had to be billed to the correct account. Encryption in GSM isn't designed to protect end user from surveillance, but to prevent an attacker from tricking the telco into carrying traffic that doesn't originate from their subscriber. A secondary interest for telco is to remain in business, and for that they will comply with any "lawful interception". – Lie Ryan Sep 02 '19 at 10:51
  • Since the telco can eavesdrop on your calls, and even record them with or without metadata (a legal requirement in many countries) whether they can clone the SIM card or not is probably a moot point. Unless you are concerned that they could rack up your phone bill ? – Kate Jan 11 '20 at 18:35

3 Answers3

31

No, telecom providers do not need physical access to the SIM.

They can change the allocated number or any SIM unique ID, therefore they can:

  • assign the number to any new SIM and unassign it from the old one (this is actually a standard procedure for anyone losing their phone/sim)

  • clone the number to any SIM

References- cellphone operator sites:

Third-party articles with more detailed explanation:

Alex R
  • 123
  • 5
Overmind
  • 8,779
  • 3
  • 19
  • 28
  • 11
    Would you be able to provide a couple of references for this? – Marc.2377 Aug 31 '19 at 00:24
  • 4
    @AlexR that is not how StackExchange usually works. Links to google are discouraged. Also links get old, so quoting is appreciated – aaaaa says reinstate Monica Sep 02 '19 at 03:41
  • 1
    References are not needed. It is standard procedure for any Telecom provider. Basically, they ask you to prove that the old SIM that you supposedly lost is your by a few means (like asking the amount of remaining credit in the case of prepayed and/or a few numbers you used often in the last period) and if the information provided sufficiently confirms you are issued a new SIM with your number assigned to it. – Overmind Sep 02 '19 at 07:59
  • @Overmind you have at least 11 people asking for references. Can you supply any? – schroeder Sep 02 '19 at 10:44
  • Reading the site of any operator on how to proceed when losing a SIM card should count as quite valid reference. https://www.verizonwireless.com/support/4g-sim-card-faqs/ – Overmind Sep 02 '19 at 10:48
11

Not only do you not need physical access to the SIM, you don't even need cooperation from the telecom provider. There have been instances where SIM card encryption keys were obtained directly from the company that manufactures the SIM card.

bta
  • 1,111
  • 5
  • 10
9

No, the telco has unlimited control over your number. It doesn't need physical access to do whatever it wants.

This is similar to most internet-based communication services. If you need protection against the service provider (and entities coercing, bribing or deceiving the service provider) you need to use end-to-end encryption, and a open source implementation (or, at least, a implementation that is independent from the provider). For concrete options, see the EFF messaging scorecard

It's worth mentioning that mobile networks are, in general, incredibly insecure (from a modern security perspective). Many telcos will happily give anyone a new SIM card bound to your phone number after a minimal amount of social engineering (for example, by claiming that you lost your old SIM). Also, the protocols used by telcos are riddled by security vulnerabilities that can't be fixed. This insecurity is not an accident - it's intentional:

[Standards designers] had to respect strict controls on the type and strength of encryption they could use.

"It was as strong as we could make it," said Mr Brookson.

Your default assumption when using a phone network should be that everything you say on it is intercepted.

Technical details about SIM cards

There's 3 important pieces of data stored on a SIM card: the ICCID, the IMSI and the authentication key.

The ICCID Is the closest there is to a "uncloneable" identity, as it's used to identify the physical SIM card. However, it's just a data field without a backing cryptographic mechanism. It's written to the SIM in a process called "personalization", and, at least technically, everyone with writting equipment seems free to write whatever they like there.

The IMSI identifies you to the network. This is the closest identifier to the "phone number" (but is not a phone number). The IMSI is written to the SIM card, so, again, everyone is free to say they are whoever they want to be.

The authentication key seems to be the only field with a cryptographic purpose. In theory, it's impossible to read it from the SIM, even with physical access. Unfortunately, it's also written during the "personalization" process, and the telco retains a copy in the authentication center, so anyone with access to it and a SIM card writer would be able to clone it.

Sources:

https://en.wikipedia.org/wiki/SIM_card#Data

https://en.wikipedia.org/wiki/International_mobile_subscriber_identity

Bruno Rohée
  • 5,221
  • 28
  • 39
loopbackbee
  • 5,308
  • 2
  • 21
  • 22