International Mobile Equipment Identity

From Wikipedia, the free encyclopedia
IMEI number - an example

The International Mobile Equipment Identity (IMEI)[1] is a numeric identifier, usually unique,[2][3] for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

GSM networks use the IMEI number to identify valid devices, and can stop a stolen phone from accessing the network. For example, if a mobile phone is stolen, the owner can have their network provider use the IMEI number to blocklist the phone. This renders the phone useless on that network and sometimes other networks, even if the thief changes the phone's SIM card.

Devices without a SIM card slot or eSIM capability usually do not have an IMEI code.[4] However, the IMEI only identifies the device and has no particular relationship to the subscriber. The phone identifies the subscriber by transmitting the International mobile subscriber identity (IMSI) number, which is stored on a SIM card that can, in theory, be transferred to any handset. However, the network's ability to know a subscriber's current, individual device enables many network and security features.[citation needed]

Dual SIM enabled phones will have two IMEI numbers.

IMEI and the law[edit]

Many countries have acknowledged the use of the IMEI in reducing the effect of mobile phone thefts. For example, in the United Kingdom, under the Mobile Telephones (Re-programming) Act, changing the IMEI of a phone, or possessing equipment that can change it, is considered an offence under some circumstances.[5][6] A bill was introduced in the United States by Senator Chuck Schumer in 2012 that would have made the changing of an IMEI illegal, but the bill was not enacted.[7]

IMEI blocking is not the only way to fight phone theft. Instead, mobile operators are encouraged to take measures such as immediate suspension of service and replacement of SIM cards in case of loss or theft.[8]

The existence of a formally allocated IMEI number range for a GSM terminal does not mean that the terminal is approved or complies with regulatory requirements. The linkage between regulatory approval and IMEI allocation was removed in April 2000, with the introduction of the European R&TTE Directive.[9] Since that date, IMEIs have been allocated by BABT (or one of several other regional administrators acting on behalf of the GSM Association) to legitimate GSM terminal manufacturers without the need to provide evidence of approval.

Blocklists of stolen devices[edit]

When someone has their mobile equipment stolen or lost, they can ask their service provider to block the phone from their network, and the operator may do so, especially if required by law. If the local operator maintains an Equipment Identity Register (EIR), it adds the device IMEI to it. Optionally, it also adds the IMEI to shared registries, such as the Central Equipment Identity Register (CEIR), which blocklists the device with other operators that use the CEIR. This blocklisting makes the device unusable on any operator that uses the CEIR, which makes mobile equipment theft pointless, except for parts.

To make blocklisting effective, the IMEI number is supposed to be difficult to change. However, a phone's IMEI may be easy to change with special tools.[10][better source needed] In addition, IMEI is an un-authenticated mobile identifier (as opposed to IMSI, which is routinely authenticated by home and serving mobile networks.) Using a spoofed IMEI can thwart some efforts to track handsets, or target handsets for lawful intercept.[citation needed]

Australia was the first nation to implement IMEI blocking across all GSM networks, in 2003.[11] In Australia the Electronic Information Exchange (EIE) Administration Node provides a blocked IMEI lookup service for Australian customers.[12]

In the UK, a voluntary charter operated by the mobile networks ensures that any operator's blocklisting of a handset is communicated to the CEIR and subsequently to all other networks. This ensures that the handset is quickly unusable for calls, at most within 48 hours.

Some UK Police forces, including the Metropolitan Police Service, actively check IMEI numbers of phones found involved in crime.

In New Zealand the NZ Telecommunications Forum Inc[13] provides a blocked IMEI lookup service for New Zealand consumers. The service allows up to three lookups per day[14] and checks against a database that is updated daily by the three major mobile network operators. A blocked IMEI cannot be connected to any of these three operators.

In Latvia the SIA "Datorikas institūts DIVI"[15] provides a blocked IMEI lookup service for checks against a database that is updated by all major mobile network operators in Latvia.

In some countries, such blocklisting is not customary. In 2012, major network companies in the United States, under government pressure, committed to introducing a blocklisting service, but it's not clear whether it will interoperate with the CEIR.[16][17] GSM carriers AT&T and T-Mobile began blocking newly reported IMEIs in November 2012.[18] Thefts reported prior to November 2012 were not added to the database. The CTIA refers users to websites at www.stolenphonechecker.org[19] and the GSMA[19] where consumers can check whether a smartphone has been reported as lost or stolen to its member carriers. The relationship between the former and any national or international IMEI blocklists is unclear.[19]

It is unclear whether local barring of IMEI has any positive effect, as it may result in international smuggling of stolen phones.[20]

Limitations[edit]

IMEIs can sometimes be removed from a blocklist, depending on local arrangements. This would typically include quoting a password chosen at the time of blocklisting.[citation needed]

Law enforcement and intelligence use[edit]

Law enforcement and intelligence services can use an IMEI number as input for tracking devices that are able to locate a cell phone with an accuracy of a few meters. Saudi Arabian government agencies have reportedly used IMEI numbers retrieved from cell phone packaging to locate and detain women who fled Saudi Arabia's patriarchal society in other countries.[21]

An IMEI number retrieved from the remnants of a Nokia 5110 was used to trace and identify the perpetrators behind the 2002 Bali bombings.[22]

Allowlists[edit]

Some countries use allowlists instead of blocklists for IMEI numbers, so that any mobile phone needs to be legally registered in the country in order to be able to access mobile networks of the country, with possible exceptions for international roaming and a grace period for registering.[23] These include Chile,[24] Turkey,[25] Azerbaijan,[26] Colombia,[27] and Nepal.[28] Other countries that have adopted some form of mandatory IMEI registration include India, Pakistan, Indonesia, Cambodia, Thailand, Iran, Nigeria, Ecuador, Ukraine and Lebanon.[29]

Prior to their merger with T-Mobile, Sprint in the United States also used an allowlist of devices, where a user had to register their IMEI and SIM card before a device can be used.[30] If a user changed their device, they had to register their new IMEI and SIM card. This isn't the case with other CDMA carriers like Verizon which only used allowlists for 3G, and T-Mobile has since migrated towards a blocklist, including for former Sprint customers.

Structure of the IMEI and IMEISV (IMEI software version)[edit]

The IMEI (15 decimal digits: 14 digits plus a check digit) or IMEISV (16 decimal digits: 14 digits plus two software version digits) includes information on the origin, model, and serial number of the device. The structure of the IMEI/SV is specified in 3GPP TS 23.003. The model and origin comprise the initial 8-digit portion of the IMEI/SV, known as the Type Allocation Code (TAC). The remainder of the IMEI is manufacturer-defined, with a Luhn check digit at the end. For the IMEI format prior to 2003, the GSMA guideline was to have this Check Digit always transmitted to the network as zero. This guideline seems to have disappeared for the format valid from 2003 onwards.[31]

As of 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may not always be displayed this way. The IMEISV does not have the Luhn check digit but instead has two digits for the Software Version Number (SVN), making the format AA-BBBBBB-CCCCCC-EE

AA - BB BB BB - CC CC CC D or EE
Old IMEI TAC FAC Serial number D = Check Digit (CD) (Optional)
New IMEI TAC
Old IMEISV TAC FAC EE = Software Version Number (SVN)
New IMEISV TAC

Prior to 2002, the TAC was six digits and followed by a two-digit Final Assembly Code (FAC), which was a manufacturer-specific code indicating the location of the device's construction. From January 1, 2003 until April 1, 2004, the FAC for all phones was 00. After April 1, 2004, the Final Assembly Code ceased to exist and the Type Allocation Code increased to eight digits in length.

In any of the above cases, the first two digits of the TAC are the Reporting Body Identifier, which identifies the GSMA-approved group that allocated the TAC. The RBI numbers are allocated by the Global Decimal Administrator. IMEI numbers being decimal helps distinguish them from an MEID, which is hexadecimal and always has 0xA0 or larger as the first two hexadecimal digits.

For example, the old style IMEI code 35-209900-176148-1 or IMEISV code 35-209900-176148-23 tells us the following:

TAC: 35-2099 - issued by the BABT (code 35) with the allocation number 2099
FAC: 00 - indicating the phone was made during the transition period when FACs were being removed.
SNR: 176148 - uniquely identifying a unit of this model
CD: 1 so it is a GSM Phase 2 or higher
SVN: 23 - The "software version number" identifying the revision of the software installed on the phone. 99 is reserved.

By contrast, the new style IMEI code 49-015420-323751-8 has an 8-digit TAC of 49-015420.

The new CDMA Mobile Equipment Identifier (MEID) uses the same basic format as the IMEI.

Check digit computation[edit]

The last number of the IMEI is a check digit, calculated using the Luhn algorithm, as defined in the IMEI Allocation and Approval Guidelines:

The Check Digit shall be calculated according to Luhn formula (ISO/IEC 7812). (See GSM 02.16 / 3GPP 22.016). The Check Digit is a function of all other digits in the IMEI. The Software Version Number (SVN) of a mobile is not included in the calculation.

The purpose of the Check Digit is to help guard against the possibility of incorrect entries to the CEIR and EIR equipment.

The presentation of the Check Digit both electronically and in printed form on the label and packaging is very important. Logistics (using bar-code reader) and EIR/CEIR administration cannot use the Check Digit unless it is printed outside of the packaging, and on the ME IMEI/Type Accreditation label.

The check digit is not transmitted over the radio interface, nor is it stored in the EIR database at any point. Therefore, all references to the last three or six digits of an IMEI refer to the actual IMEI number, to which the check digit does not belong.

The check digit is validated in three steps:

  1. Starting from the right, double every other digit (e.g., 7 → 14).
  2. Sum the digits (e.g., 14 → 1 + 4).
  3. Check if the sum is divisible by 10.

Conversely, one can calculate the IMEI by choosing the check digit that would give a sum divisible by 10. For the example IMEI 49015420323751?,

IMEI 4 9 0 1 5 4 2 0 3 2 3 7 5 1 x
Double every other 4 18 0 2 5 8 2 0 3 4 3 14 5 2 x
Sum digits 4 + (1 + 8) + 0 + 2 + 5 + 8 + 2 + 0 + 3 + 4 + 3 + (1 + 4) + 5 + 2 + x = 52 + x

To make the sum divisible by 10, we set x = 8, so the complete IMEI becomes 490154203237518.

Usage on satellite phone networks[edit]

The Broadband Global Area Network (BGAN), Iridium and Thuraya satellite phone networks all use IMEI numbers on their transceiver units as well as SIM cards in much the same way as GSM phones do. The Iridium 9601 modem relies solely on its IMEI number for identification and uses no SIM card; however, Iridium is a proprietary network and the device is incompatible with terrestrial GSM networks.

See also[edit]

References[edit]

  1. ^ "3GPP TS 22.016: International Mobile Equipment Identities (IMEI)" (ZIP/DOC; 36 KB). 2009-10-01. Retrieved 2009-12-03.
  2. ^ "Phone firms defend security record". BBC News. January 8, 2002. Retrieved August 25, 2011.
  3. ^ GSM Europe, ""GSME proposals regarding mobile theft and IMEI security""., 2003-06
  4. ^ "How to activate license when no IMEI available". Archived from the original on 19 July 2019. Retrieved 19 July 2019.
  5. ^ "Mobile Telephones (Re-programming) Act 2002". Legislation.gov.uk. Retrieved 2013-09-18.
  6. ^ "The Criminal Law". VVC.gov.lv. Latvian State Language Center. Archived from the original on 2012-03-14. Retrieved 2012-10-08.
  7. ^ "S.3186 - Mobile Device Theft Deterrence Act of 2012". Congress.gov. Library of Congress.
  8. ^ "What is an IMEI number? - Where Can You Find It? - Activation". TechPayout.com. Retrieved 16 September 2016.
  9. ^ "The Radio and Telecommunications Terminal Equipment Directive". Retrieved 16 September 2016.
  10. ^ "How To Change IMEI, Device ID of Any Android Device". 2 December 2016. Archived from the original on 19 July 2019. Retrieved 12 August 2019.
  11. ^ "FAQs on mobile security". AMTA.org.au. Archived from the original on 2013-05-22. Retrieved 2013-09-18.
  12. ^ "Check the status of your Handset". prod.EIE.net.au.
  13. ^ "TCF – NZ Telecommunications Forum". Retrieved 16 September 2016.
  14. ^ "Check whether your mobile handset has been blocked - TCF". Archived from the original on 27 September 2016. Retrieved 16 September 2016.
  15. ^ "Numuri.lv". Retrieved 6 August 2017.
  16. ^ Carriers to allow Customers to Brick Stolen Phones by Shani Hilton, Apr. 10, 2012, Washington City Paper
  17. ^ Wireless carriers partner with FCC, police on database of stolen cellphones. The Washington Post (2011-02-28). Retrieved on 2013-09-18.
  18. ^ Checkmend.com Accessed: 2012-12-26. (Archived by WebCite Webcitation.org
  19. ^ a b c "U.S. Wireless Industry Launches Free Consumer Tool To Combat Smartphone Theft" (Press release). CTIA. 11 May 2017. Archived from the original on 20 August 2018. Retrieved 20 August 2018.
  20. ^ Smith, Gerry (2013-07-13). "Inside The Massive Global Black Market For Smartphones". The Huffington Post. Archived from the original on 2013-09-17. Retrieved 2013-10-13.
  21. ^ Bostock, Bill (12 June 2019). "The Saudi government is hunting down women who flee the country by tracking the IMEI number on their cellphones". Business Insider. Retrieved 13 June 2019.
  22. ^ "How spies used a shard of an exploded Nokia phone to expose the Bali bombers". ABC News. 3 June 2023.
  23. ^ Epstein, Jeremy (2017-12-11). "Mobile phone IMEI whitelisting in Chile and elsewhere". Archived from the original on 2021-03-25. Retrieved 2021-05-27.
  24. ^ "Homologación y recepción de alertas de emergencia serán obligatorias en teléfonos celulares a contar del 23 de septiembre". 2017-09-06. Archived from the original on 2018-07-27. Retrieved 2021-05-27.
  25. ^ "Mission Accomplished! How to Register a Foreign Mobile Phone in Turkey". 2015-03-16. Archived from the original on 2021-05-05. Retrieved 2021-05-27.
  26. ^ "Mobile Devices Registration System". Archived from the original on 2019-04-03. Retrieved 2019-04-03.
  27. ^ "Register your mobile phone". 2016-08-10. Archived from the original on 2016-08-17. Retrieved 2021-05-27.
  28. ^ Chand, Abhishek (2016-05-06). "Everything about NTA's IMEI number registration program". Archived from the original on 2021-01-23. Retrieved 2021-05-27.
  29. ^ Nwokoma, Chimgozirim (2021-05-21). "Does the Nigerian government want safety or surveillance with its new IMEI policy?". Archived from the original on 2021-05-24. Retrieved 2021-05-27.
  30. ^ Lloyd, Jack (2022-09-01). "How to Activate a Sprint Phone". Retrieved 2023-12-14.
  31. ^ GSM Association, IMEI Allocation and Approval Guidelines Archived 2012-09-08 at archive.today, Version 5.0, 2010-09-01, chapter 2.1.5 vs. D.1.6