SIM Cloning
What is SIM Cloning?
SIM CloningCopying the secret key Ki from a SIM card so that a second card can impersonate the original on the mobile network.
SIM cloning recovers the subscriber's IMSI and the secret key Ki stored in a SIM, then writes them to a programmable card to produce a duplicate that registers on the carrier as the original. The attack was first practical against COMP128-1, the original GSM authentication algorithm broken in 1998 by the Smartcard Developer Association and David Wagner: a researcher with physical access could query the card around 50 000 times and derive Ki via differential cryptanalysis. COMP128-2 and v3 fixed the math but legacy SIMs were vulnerable for years. Cloning enables voice/SMS interception, location spoofing and 2FA theft. Mitigations include modern Milenage USIMs, anti-clone monitoring on the HLR/HSS, and replacing SMS one-time codes with authenticator apps or FIDO2.
● Examples
- 01
An old prepaid GSM SIM cloned to a programmable card to receive a target's calls.
- 02
Insider at a kiosk reading Ki from a customer's SIM during a phone repair.
● Frequently asked questions
What is SIM Cloning?
Copying the secret key Ki from a SIM card so that a second card can impersonate the original on the mobile network. It belongs to the Attacks & Threats category of cybersecurity.
What does SIM Cloning mean?
Copying the secret key Ki from a SIM card so that a second card can impersonate the original on the mobile network.
How does SIM Cloning work?
SIM cloning recovers the subscriber's IMSI and the secret key Ki stored in a SIM, then writes them to a programmable card to produce a duplicate that registers on the carrier as the original. The attack was first practical against COMP128-1, the original GSM authentication algorithm broken in 1998 by the Smartcard Developer Association and David Wagner: a researcher with physical access could query the card around 50 000 times and derive Ki via differential cryptanalysis. COMP128-2 and v3 fixed the math but legacy SIMs were vulnerable for years. Cloning enables voice/SMS interception, location spoofing and 2FA theft. Mitigations include modern Milenage USIMs, anti-clone monitoring on the HLR/HSS, and replacing SMS one-time codes with authenticator apps or FIDO2.
How do you defend against SIM Cloning?
Defences for SIM Cloning typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SIM Cloning?
Common alternative names include: GSM SIM cloning, COMP128 clone.
● Related terms
- attacks№ 521
IMSI Catcher
A fake cell-site that tricks nearby phones into revealing their IMSI/IMEI and, on weak networks, intercepting calls and SMS.
- attacks№ 1085
SS7 Attack
Abuse of Signalling System No. 7 inter-carrier messages to locate subscribers, intercept SMS or divert calls anywhere in the world.
- attacks№ 1104
Stingray
A commercial cell-site simulator originally made by Harris Corporation that mimics a base station to collect IMSIs and track or intercept mobile devices.
- identity-access№ 1180
Two-Factor Authentication (2FA)
A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.
- attacks№ 1059
Smishing
Phishing delivered via SMS or other mobile-messaging channels to trick victims into clicking malicious links, calling fraudulent numbers, or revealing data.