This is actually good. IMEI is a unique number that can identify each device. And is huge privacy issue as it can be used against the user, can individually track each user.
IMEI is not required when placing calls or transferring data since this is securely managed by the GSM chip.
Are you sure this would not cause problems if two devices with the same IMEI were on the same tower, or even same provider? It might look fishy having multiple dups floating around on your network.
If one of these devices gets IMEI blacklisted, now all 13.5K devices are blacklisted... Not so good.
This is actually not good. There is an IMEI database which can be used to prevent stolen phones from attaching to a network. If this IMEI is added, all of these devices will be prevented from registering.
You can actually fake the IMEI number on some phones. Be advised that this is a crime in several jurisdictions. (The UK being one of them if I remember correctly)
Well, probably this was the result of some corruption in a parameter in the flash. On the early days of the Samsung Galaxy phones if you broke part of the efs partition the modem couldn't read the IMEI and would fall back to a generic one. This looks quite the same
Though with 13000 devices affected either it was a problem in manufacturing or someone in the Service Center was not doing the job too well...
I've done "First Articles of Inspection" (FAI) for Pixel phones at the factory where they're being made. Basically take the very first handful of devices off the line after software provisioning and run them through a litany of software checks, including that the IMEIs are unique. Then we do this for another bunch of random samples. The factories are unique experiences.
Hard to imagine for me how this could have happened. I don't know precisely how IMEIs are provisioned or stored, but I suspect they can be changed in software.
Trying to sell a used phone on line is tricky. Legitimate buyers may want the IMEI to check it's not a reported stolen phone. Illegitimate buyers may want a known good one to replace one on a reported stolen phone.
Carriers can blacklist IMEIs from their network (that's a threat they use for certification; they want to make sure families of devices are well behaved).
One of my phones was blacklisted from a carrier a few years ago. They said it was reported stolen. I brought them the receipt; I bought it new in box. They said it was reported stolen by a carrier in a foreign country. I'd been there, maybe ten years earlier, and never with that phone. The local carrier I was a customer of said they couldn't remove the block, since it was reported stolen by a foreign carrier. Seems fishy how carriers work together to ban IMEIs but do nothing to verify reports of stolen devices.
I'm not sure carriers would ban this IMEI if it's tied to 13.5k phones, but I'm sure they're not happy.
If you buy cheap Bluetooth OBD-II dongles, you'll find they all have the same addresses. That's why you can't buy two dongles and use them in two cars without re-associating each time, for instance.
If you buy the $150 dongles, they have valid addresses like you would expect.
Picking a fight with a national telecom regulatory authority from a country other than your own seems like a poor business choice. Their customs people will seize all your products and Boston Tea Party them. They'll probably keep doing that even after you fix the problem.
I wonder: is there a dialect of English in India in which this post follows rules of grammar? I found it uncanny-valley hard to read.
Very nice! I presume the phones still work too, otherwise this would have been caught much sooner. The existence of the IMEI is, at this point, a deliberate security flaw that has been pushed onto us by governmental standards bodies, and cemented into law. A secure mobile protocol would not have fixed identifiers, and would instead identify endpoints with a nonce that rotated over time and base station.
I agree. Vendors are perfectly happy to randomize MAC addresses when scanning for WiFi access points, but apparently not willing to use the same algorithm when connecting to the cell network. I get that it makes many things easier when you have a persistent unique ID, but it is by no means required to control access to the physical layer. You can just randomly generate a number, and then authenticate with actual credentials.
Indeed. There is no valid technical reason for IMEIs to be unique, except for already very tenuous anti-theft perpetuation which is really a very minor factor.
Isn't that some high level kind of fraud? At the same time, I think it would easily be caught, so I'm a little confused if it's incompetence or maybe a mistake?
Does that mean they bribed somebody working at a factory? I'm not sure what could be gained by this. Having an "untraceable", replaceable phone? Wouldn't those be easily blacklisted once it's discovered?
Do we really need IMEI or SIM Cards?
- Some countries use IMEI for tracking & disallowing certain phones bought in some other country
- SIM Card also seem to just create problems to people.
IMEI is only needed if you want to track hardware. Physicals SIMs are not needed (and eSIM is a thing now) but some form of the "Subscriber Identity" part of SIM is needed unless you are operating the carrier for free to all with a phone.
Not surprising; This isn't the first time a hardware manufacturer has screwed this up.
At a mobile game dev company we had a hardcoded list of bogus IMEI numbers. If a device returned an IMEI that was on the blacklist, we'd use another method to identify the device.
[+] [-] rafaelturk|5 years ago|reply
IMEI is not required when placing calls or transferring data since this is securely managed by the GSM chip.
[+] [-] Klinky|5 years ago|reply
If one of these devices gets IMEI blacklisted, now all 13.5K devices are blacklisted... Not so good.
[+] [-] bzb4|5 years ago|reply
[+] [-] DaniloDias|5 years ago|reply
[+] [-] joyj2nd|5 years ago|reply
[+] [-] dehrmann|5 years ago|reply
[+] [-] achow|5 years ago|reply
[+] [-] biktor_gj|5 years ago|reply
Though with 13000 devices affected either it was a problem in manufacturing or someone in the Service Center was not doing the job too well...
[+] [-] ndesaulniers|5 years ago|reply
Hard to imagine for me how this could have happened. I don't know precisely how IMEIs are provisioned or stored, but I suspect they can be changed in software.
Trying to sell a used phone on line is tricky. Legitimate buyers may want the IMEI to check it's not a reported stolen phone. Illegitimate buyers may want a known good one to replace one on a reported stolen phone.
Carriers can blacklist IMEIs from their network (that's a threat they use for certification; they want to make sure families of devices are well behaved).
One of my phones was blacklisted from a carrier a few years ago. They said it was reported stolen. I brought them the receipt; I bought it new in box. They said it was reported stolen by a carrier in a foreign country. I'd been there, maybe ten years earlier, and never with that phone. The local carrier I was a customer of said they couldn't remove the block, since it was reported stolen by a foreign carrier. Seems fishy how carriers work together to ban IMEIs but do nothing to verify reports of stolen devices.
I'm not sure carriers would ban this IMEI if it's tied to 13.5k phones, but I'm sure they're not happy.
[+] [-] chiph|5 years ago|reply
[+] [-] RyJones|5 years ago|reply
If you buy the $150 dongles, they have valid addresses like you would expect.
[+] [-] OliverJones|5 years ago|reply
I wonder: is there a dialect of English in India in which this post follows rules of grammar? I found it uncanny-valley hard to read.
[+] [-] rajup|5 years ago|reply
[+] [-] mindslight|5 years ago|reply
[+] [-] jrockway|5 years ago|reply
[+] [-] sudosysgen|5 years ago|reply
[+] [-] jokoon|5 years ago|reply
Does that mean they bribed somebody working at a factory? I'm not sure what could be gained by this. Having an "untraceable", replaceable phone? Wouldn't those be easily blacklisted once it's discovered?
[+] [-] dingle_thunk|5 years ago|reply
[+] [-] diminish|5 years ago|reply
[+] [-] zamadatix|5 years ago|reply
[+] [-] numpad0|5 years ago|reply
[+] [-] xsmasher|5 years ago|reply
At a mobile game dev company we had a hardcoded list of bogus IMEI numbers. If a device returned an IMEI that was on the blacklist, we'd use another method to identify the device.
[+] [-] demarq|5 years ago|reply