7

We have all heard them, rumors about people randomly calling you on your mobile phone number and asking you to confirm something by typing in a specific combination onto your dial pad (the rumor I'm referring to, specifically states 09# or 90#).

When you do, people claim these callers copy your SIM card (information) and make counterfeit copy(s) of it, to do "illegal things" using your number, and of course, your phone bill.

Is this actually possible? Any sane mind would state no, but in theory, can a caller copy your complete SIM card, and/or even get anything else from you then the number they use to call you?

kalina
  • 3,354
  • 5
  • 20
  • 36
Lighty
  • 2,368
  • 1
  • 23
  • 36
  • 1
    Not sure if this is what you are looking for, but Karsten Nohl found a way to root [sim cards](https://www.youtube.com/watch?v=wBzb-Zx4rsI) – BadSkillz Nov 27 '14 at 12:17
  • @BadSkillz This is indeed not what i'm searching for, I'm not interested in the (Cryptographic) Security of a SIM Card, but if the information on it could be compromised through someone CALLING you from a distance – Lighty Nov 27 '14 at 13:29
  • This is almost entirely a hoax. It does not apply to mobiles/cellphones or their SIM cards *at all*. It applies only to certain types of phones used by some US businesses and organizations. See snopes, http://www.truthorfiction.com/rumors/n/ninezeropound.htm and http://www.hoax-slayer.com/nine-zero-hash-hoax.html – dave_thompson_085 Jan 10 '15 at 20:40

2 Answers2

2

Short answer - no. Currently there is no mechanism that would allow someone to clone your SIM card without having physical access to it. A number of cheap and commercially available devices (e.g. this SIM MAX for $7.50) can clone your SIM card with relative ease - that is, if you place your SIM card inside the device and it extracts the KI.

What you're referring to are scams (quite common in recent times) where scammers attempt to extract as much information as possible from you, and then go to the telco and obtain a "replacement" SIM card, which then they use to make international phone calls, for which you will pick the bill.

Some telecom service providers have lax policies in place, where you only need an ID (can be easily faked) and part of the IMSI number (which the scammers are trying to obtain from you when they're asking you to enter those key combinations) to obtain a replacement SIM.

Milen
  • 1,148
  • 6
  • 12
0

Hypothetically yes. At the lowest level all cellphones have a proprietary baseband controller, which means that if a vulnerability is discovered in some portion of the controller that controls calls, the call could be an attack vector.

http://www.extremetech.com/computing/170874-the-secret-second-operating-system-that-could-make-every-mobile-phone-insecure

http://www.gizmag.com/researcher-demonstrates-vulnerabilities-of-mobile-phones/17366/

Fred Concklin
  • 821
  • 8
  • 15