1 / 11

IMEI Security

IMEI Security. Paul Gosden Director of Devices & Smart Card Groups, GSM Association. April 24, 2009. International Mobile Equipment Identity (IMEI). IMEI - a 15-digit decimal number used to identify equipment when it is used on a GSM/3G mobile phone network. IMEI must be unique

Download Presentation

IMEI Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IMEI Security Paul Gosden Director of Devices & Smart Card Groups, GSM Association April 24, 2009

  2. International Mobile Equipment Identity (IMEI) • IMEI - a 15-digit decimal number used to identify equipment when it is used on a GSM/3G mobile phone network. • IMEI must be unique • Manufacturers must ensure no duplication of IMEI. • The GSM Association (GSMA) is responsible for allocating IMEIs, and records all of the IMEIs that it has allocated in its IMEI database. • The IMEI database stores basic information associated with the IMEI: • manufacturer name • model identifier • some technical capabilities (e.g. frequency bands, power class)

  3. IMEI Database • Access to GSMA members (GSM/3G network operators across the world and to qualified industry parties), regulators and police • Network operators use the data to determine types of devices being used by their customers, and what features they support, so that they can offer and support the latest services to these customers. • Also supports a "black list“: • IMEIs associated with GSM/3G equipment to be denied service because lost, stolen, faulty or otherwise unsuitable for use. • a central system for network operators to share their individual black lists so that devices denied service (blacklisted) by one network will not work on other networks.

  4. IMEI Format • RRXXXXXXYYYYYYA • Type Allocation Code (TAC) = RRXXXXXX (allocated by body appointed by GSMA) • RR identifies the allocating body • Serial Number = YYYYYY (allocated by manufacturer) • Check digit = A (calculated by manufacturer) • Allocating bodies • RR = 01 = PTCRB / CTIA • RR = 35 = BABT • RR = 86 = TAF (China) • RR = 91 = MSAI (India) • RR = 98 = BABT for multi mode 3GPP/3GPP2 equipment • RR = 99 = TIA for multi mode 3GPP/3GPP2 equipment

  5. Mobile Phone Crime • GSM and 3G devices are subject to theft • Mobile phones are used in criminal activities • GSMA IMEI database is used as a tool to combat crime by identifying individual phone types and “black listing”. The GSMA co-operates with police forces around the world. • Many mobile network operators deploy Equipment Identity Registers and “black lists” in their networks and connect them to the IMEI DB as a means of reducing phone crime. There are over 40 operators connected to the IMEI database from: • Belgium, Germany, Norway, Chile, Greece, Portugal, Cyprus, Hungary, South Africa, Czech Republic, Ireland, Spain, Denmark, Italy, Sweden, Finland, Kenya, United Kingdom, France, Malta • Some countries have made changing IMEI without manufacturer’s authority a criminal offence, eg UK

  6. Current Problems • GSM/3G equipment with no IMEI • Manufactured with an all-zero IMEI • GSM/3G equipment with the same IMEI • Allocation of IMEI by unauthorised organisations • by manufacturers who do not apply to GSM Association or organisations acting on their behalf • by unauthorised organisations claiming to represent the GSM industry • The above makes it difficult to “black list” individual mobile phones to help prevent mobile phone crime

  7. Terminals with no IMEI • IMEI applications have been received from established GSM manufacturers, applying for IMEI for the first time, having manufactured GSM phones for several years • Reasons given included “the market did not require IMEIs before” • Current problem markets: • India • Estimates of 25,000,000 GSM handsets with no IMEI have been reported • Middle East • Africa

  8. Terminals with the same IMEI • TAC 13579024 has not been allocated by the GSMA • IMEI 135790246811220 has appeared on several UK crime reports • Black listed several times by UK networks only to be unblocked by another network sometime later • A service provider has collected figures about subscribers handsets with this TAC (over 1,300,000 handsets with TAC 13579024), eg • Afghanistan: 75687, Bangladesh: 302206, Algeria: 11171, Dominican Republic: 1687, Kenya: 24378, Jordan: 23360, Pakistan: 545883, Egypt: 324964, Niger: 14598, Tunis: 31524, Uganda: 3021 • In Australia, 6,500 handsets with IMEI 135790246811220. The network operator has been instructed to block this IMEI and is trying to find the legal requirement that handsets must have a unique IMEI as justification for blocking these handsets from the network.

  9. Terminals with unregistered IMEI • In Uganda, a network operator has reported that the number of TACs on its network that are not in the GSMA IMEI database is greater than the number of TACs registered in the GSMA IMEI database

  10. Regulating IMEI • A single, unique IMEI allocated by the GSM Association, or by an organisation acting on its behalf, and recorded in the IMEI database, aids law enforcement agencies • If the requirement for a unique IMEI allocated by the GSM Association, or by an organisation acting on its behalf, were a regulatory requirement, then network operators can justifiably refuse to connect equipment for which the IMEI is not registered in the GSMA’s IMEI database and would encourage the use of properly allocated IMEIs

  11. Proposal • Formally recognise within a European Commission Decision the organisation responsible for IMEI allocation: • the GSM Association and organisations appointed by the GSM Association to act on its behalf • Make the requirement for a unique IMEI an R&TTE Directive Article 3.3 requirement • Create an R&TTE Directive Article 3.3 Harmonised Standard • Define the IMEI requirements in the Harmonised Standard

More Related