Complete phone cloning
October 24, 2012 8:27 PM   Subscribe

Hypothetically, what are the practical results of completely cloning a GSM phone-- not just the SIM card, but also the radio fingerprint and any other method used to differentiate two mobile devices?

E.g., assuming that myself and my friend across town have two phones that are indistinguishable by the carrier, what happens when someone dials the number? Or when both of us try to access the internet at the same time? When someone texts the number? Etc.
posted by shakespeherian to Technology (5 answers total) 1 user marked this as a favorite
 
Best answer: The HLR would get very confused. Incoming is not likely to work at all. If it does, the HLR will forward your texts/calls/whatever to whichever device registered most recently (the HLR isn't actually a device, it's a database, but conceptually the description works), so it'll be random from your perspective. Outgoing voice may or may not work, depending on what sort of fraud prevention measures they have in place.

Internet service is unlikely to work at all. I'm pretty sure the GGSN keeps track of which site you're on by IMSI. Outgoing SMS would probably work fine.
posted by wierdo at 8:43 PM on October 24, 2012 [1 favorite]


Best answer: Cloning was a huge problem in the original, analog cellular networks and GSM was specifically designed to prevent it.

There are basically two items unique to every GSM phone: the IMSI, which is stored on the SIM card and which is unique for each subscriber and the IMEI or International Mobile Equipment Identity which is personal to each physical device. (3G phones would also have a unique MAC Address.)

During GSM authentication, the handset transmits both the IMSI and IMEI to the network. The IMSI is checked to see if the subscriber is active and the IMEI is checked to see if the equipment is not black-listed (i.e., stolen.) A successful check of both returns the TMSI to the phone which is then used to identify a GSM device in all subsequent communications with the network. Only one IMSI/IMEI pair can be registered in the HLR. If one device was already registered in the HLR and a second device tried to authenticate (which is what an identical GSM phone would do) the second authentication attempt would be rejected by the HLR, no TMSI would be assigned and the device would be effectively locked out.

Because GSM uses asymmetric encryption keys, it is basically impossible for a second device - even if it was otherwise identical and knew the TMSI - to bypass authentication and attempt to communicate with the network.
posted by three blind mice at 2:15 AM on October 25, 2012


To get some feel how all this IMSI, TMSI etc works in practice, check out this demonstration of an IMSI-catcher.
posted by DreamerFi at 5:05 PM on October 25, 2012


three blind mice: "Only one IMSI/IMEI pair can be registered in the HLR. If one device was already registered in the HLR and a second device tried to authenticate (which is what an identical GSM phone would do) the second authentication attempt would be rejected by the HLR, no TMSI would be assigned and the device would be effectively locked out."

I don't think that's entirely true. Pull your phone's battery and it won't unregister itself as it would when it shuts down normally. You can test this by calling it, you'll note that if you turn it off it immediately goes to voicemail, while if you just pull the battery the network won't realize it's gone away and so will ring for a while before hitting the forward no answer timeout.

If you then put the battery back in and boot the phone before the HLR entry times out and it'll register on the network just fine.
posted by wierdo at 6:29 PM on October 25, 2012


They talk about this a little bit in the movie Primer, for what it's worth. They theorize (based on experience in their little universe) that the network would ring whichever phone it found first, but in the end declare it's a mystery beyond their ken.
posted by carsonb at 4:51 PM on October 29, 2012


« Older It's certainly not "myself"   |   Can't I be the "dad"? Newer »
This thread is closed to new comments.