restricted - confidential information © gsm association 2009 imei security paul gosden director of...
TRANSCRIPT
Restricted - Confidential Information
© GSM Association 2009
IMEI Security
Paul GosdenDirector of Devices & Smart Card Groups, GSM Association
April 24, 2009
© GSM Association 2009
International Mobile Equipment Identity (IMEI)
IMEI - a 15-digit decimal number used to identify equipment when it is used on a GSM/3G mobile phone network.
IMEI must be unique Manufacturers must ensure no duplication of IMEI. The GSM Association (GSMA) is responsible for allocating IMEIs,
and records all of the IMEIs that it has allocated in its IMEI database. The IMEI database stores basic information associated with the IMEI:
– manufacturer name– model identifier– some technical capabilities (e.g. frequency bands, power class)
© GSM Association 2009
IMEI Database
Access to GSMA members (GSM/3G network operators across the world and to qualified industry parties), regulators and police
Network operators use the data to determine types of devices being used by their customers, and what features they support, so that they can offer and support the latest services to these customers.
Also supports a "black list“:– IMEIs associated with GSM/3G equipment to be denied service
because lost, stolen, faulty or otherwise unsuitable for use. – a central system for network operators to share their individual
black lists so that devices denied service (blacklisted) by one network will not work on other networks.
© GSM Association 2009
IMEI Format
RRXXXXXXYYYYYYA– Type Allocation Code (TAC) = RRXXXXXX (allocated by body
appointed by GSMA)– RR identifies the allocating body– Serial Number = YYYYYY (allocated by manufacturer)– Check digit = A (calculated by manufacturer)
Allocating bodies– RR = 01 = PTCRB / CTIA– RR = 35 = BABT– RR = 86 = TAF (China)– RR = 91 = MSAI (India)– RR = 98 = BABT for multi mode 3GPP/3GPP2 equipment– RR = 99 = TIA for multi mode 3GPP/3GPP2 equipment
© GSM Association 2009
Mobile Phone Crime
GSM and 3G devices are subject to theft Mobile phones are used in criminal activities GSMA IMEI database is used as a tool to combat crime by identifying
individual phone types and “black listing”. The GSMA co-operates with police forces around the world.
Many mobile network operators deploy Equipment Identity Registers and “black lists” in their networks and connect them to the IMEI DB as a means of reducing phone crime. There are over 40 operators connected to the IMEI database from:
– Belgium, Germany, Norway, Chile, Greece, Portugal, Cyprus, Hungary, South Africa, Czech Republic, Ireland, Spain, Denmark, Italy, Sweden, Finland, Kenya, United Kingdom, France, Malta
Some countries have made changing IMEI without manufacturer’s authority a criminal offence, eg UK
© GSM Association 2009
Current Problems
GSM/3G equipment with no IMEI– Manufactured with an all-zero IMEI
GSM/3G equipment with the same IMEI Allocation of IMEI by unauthorised organisations
– by manufacturers who do not apply to GSM Association or organisations acting on their behalf
– by unauthorised organisations claiming to represent the GSM industry
The above makes it difficult to “black list” individual mobile phones to help prevent mobile phone crime
© GSM Association 2009
Terminals with no IMEI
IMEI applications have been received from established GSM manufacturers, applying for IMEI for the first time, having manufactured GSM phones for several years
– Reasons given included “the market did not require IMEIs before” Current problem markets:
– India• Estimates of 25,000,000 GSM handsets with no IMEI have been reported
– Middle East– Africa
© GSM Association 2009
Terminals with the same IMEI
TAC 13579024 has not been allocated by the GSMA IMEI 135790246811220 has appeared on several UK crime reports
– Black listed several times by UK networks only to be unblocked by another network sometime later
A service provider has collected figures about subscribers handsets with this TAC (over 1,300,000 handsets with TAC 13579024), eg
– Afghanistan: 75687, Bangladesh: 302206, Algeria: 11171, Dominican Republic: 1687, Kenya: 24378, Jordan: 23360, Pakistan: 545883, Egypt: 324964, Niger: 14598, Tunis: 31524, Uganda: 3021
In Australia, 6,500 handsets with IMEI 135790246811220. The network operator has been instructed to block this IMEI and is trying to find the legal requirement that handsets must have a unique IMEI as justification for blocking these handsets from the network.
© GSM Association 2009
Terminals with unregistered IMEI
In Uganda, a network operator has reported that the number of TACs on its network that are not in the GSMA IMEI database is greater than the number of TACs registered in the GSMA IMEI database
© GSM Association 2009
Regulating IMEI
A single, unique IMEI allocated by the GSM Association, or by an organisation acting on its behalf, and recorded in the IMEI database, aids law enforcement agencies
If the requirement for a unique IMEI allocated by the GSM Association, or by an organisation acting on its behalf, were a regulatory requirement, then network operators can justifiably refuse to connect equipment for which the IMEI is not registered in the GSMA’s IMEI database and would encourage the use of properly allocated IMEIs
© GSM Association 2009
Proposal
Formally recognise within a European Commission Decision the organisation responsible for IMEI allocation:
– the GSM Association and organisations appointed by the GSM Association to act on its behalf
Make the requirement for a unique IMEI an R&TTE Directive Article 3.3 (d) requirement
Create an R&TTE Directive Article 3.3 (d) Harmonised Standard Define the IMEI requirements in the Harmonised Standard