Molloy DSG Professional Digest

SIM card cloning involves creating an identical copy of a mobile phone SIM card, enabling unauthorized access to the associated phone number, services, and data. The process involves extracting the subscriber identity and other information from the original SIM card, and requires the adversary to possess the original SIM. Specialized tools, typically only used by law enforcement, criminals, and black hats, that can read and write SIM card data are used to perform this process. The result is a cloned SIM card that carries the same identity as the original. This cloned card can be inserted into another mobile device, effectively allowing the adversary to masquerade as the account owner.

SIM cloning is not positively detectable except by the mobile service provider. The most warning a victim will receive is when long period of time goes by where incoming text messages never arrive; other indicators such as looping tower joins and missed incoming calls may be harder to identify. It's helpful to cross-reference a realtime billing log with the service, and to additionally look for any sent messages in there.

The implications of this are profound due to the nature of a personal mobile device, and the range of capabilities can be creatively broad. Here are some examples of how an adversary can use a cloned SIM:

• SMS interception - With access to incoming text messages, it's possible to bypass some "second factor" authentication schemes often used by financial institutions and civic portals. Can provide a means to extract money or cypto and authenticate into an email.
• Framing an Individual - A cloned SIM can put an individual's account within a geofence during investigation of a crime. If the adversary were to commit a crime with the cloned SIM, then the account owner would have to answer why "they" where present at a murder, arson, or other crime. Even for innocent people this will cause financial and reputational headaches.
• Impersonation - Can be used in conjunction with trained AI text to speech in order to impersonate an individual to authenticate or give instructions. This can be used to extract money from the victim or their family, to alert or cause concern, or to simply offend with rude or lewd voice messages or media.

It's imperative that users of physical SIM card devices immediately have a new SIM associated with their account if their phone was in possession of any type of security company, agency, or unknown individual, in order to protect themselves from SIM cloning. Disassociation of the old SIM is critical, even if it means being without service for a few days. Any chance a criminal can take, a criminal will; and sleeping on a stolen SIM might be the difference between dealing with a theft or frame, or avoiding it.