Preventing SIM Box Fraud Using Device Model Fingerprinting
BeomSeok Oh, Junho Ahn, S. Bae, Mincheol Son, Yonghwa Lee, Min Suk Kang, Yongdae Kim
Abstract
SIM boxes have been playing a critical role in the underground ecosystem of international-scale frauds that steal billions of dollars from individual victims and mobile network operators across the globe.Many mitigation schemes have been proposed for these frauds, mainly aiming to detect fraud call sessions; however, one direct approach to this problem-the prevention of the SIM box devices from network use-has not drawn much attention despite its highly anticipated benefit.This is exactly what we aim to achieve in this paper.We propose a simple access control logic that detects when unauthorized SIM boxes use cellular networks for communication.At the heart of our defense proposal is the precise fingerprinting of device models (e.g., distinguishing an iPhone 13 from any other smartphone models on the market) and device types (i.e., smartphones and IoT devices) without relying on international mobile equipment identity, which can be spoofed easily.We empirically show that fingerprints, which were constructed from network-layer auxiliary information with more than 31K features, are mostly distinct among 85 smartphones and thus can be used to prevent the vast majority of illegal SIM boxes from making unauthorized voice calls.Our proposal, as the very first practical, reliable unauthorized cellular device model detection scheme, greatly simplifies the mitigation against SIM box frauds.* These two authors equally contributed.are useful for such attacks is that they provide a means of circumventing the billing system at the local MNOs.Recently, we have witnessed a surge of an emerging type of criminal activities with a renewed interest in SIM boxes [42],[52], [53].Organized crime groups have quickly learned that with SIM boxes, they can mount financial scamming operations targeting people in a certain nation while staying outside the legal boundaries of their targets.Scam calls made through SIM boxes show local phone numbers on the target's mobiles, rendering these calls much less suspicious than traditional VoIP-based scam calls.These financial scams typically have targets in developed countries (where the expected financial gain is large) while their operations take place in less regulated, attacker-chosen countries anywhere on Earth [9].Over 256,000 phone frauds, worth approximately $18.6 billion, occurred in China in 2020 [17], [30].Korea also has suffered a significant loss of approximately $0.6 billion due to scam calls [37].For simplicity, we will refer to those frauds using SIM boxes as "SIM box frauds" throughout this paper.