1

I just contacted Microsoft support on my Lumia phone via the preinstalled "Contact Support" app, about an issue of the language of comments on apps in the Store being in the wrong language (different from my device language, and different from my account's country). After pinpointing the cause of the problem, they said I should just change the region under the "Time and language" section.

But before I left the support chat, they asked me for my email address to "confirm", even though they admitted that they can see my email address from the account I'm contacting them from. They wanted to send me more information about what I can try if this doesn't help. I gave them my email address.

And then they said that they also need my IMEI. Which was weird, so I just left.

  1. Is there any reason they should actually need my IMEI for this kind of rather simple problem with a simple solution? Is it standard routine?
  2. Is there any chance that the Contact Support app was compromised on my phone and I didn't actually end up in Microsoft support?
  3. What is the worst thing someone can actually do with my IMEI? Am I overreacting?

(also, right at the beginning of the conversation they asked for my phone number. I asked why. They said it's standard practice if we lose connection, they will call me right back. I said it seems intrusive, and I'd rather not give it to them. They immediately apologised, and carried on with solving my problem)

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
  • 1
    An IMEI is an easy way of getting the exact model number. Lots of phones half half a dozen different models that look the same and are marketed the same, but are different inside. They could be trying to get that. – SomeoneSomewhereSupportsMonica Jun 22 '16 at 00:04

1 Answers1

4

Your IMEI is not bound to your IP stack

An IMEI number is used to identify a phone and is bound to each individual device, much like a MAC address is unique to a network interface an IMEI is bound to a device. Unlike a MAC address it does not exist in your network stack.

IMEI stands for International Mobile Station Equipment Identity. IMEI numbers are used for identity (not related to personal identity) on GSM networks.

Security Concerns

IMEI is the core of the handset's identity and is used for authentication with the carrier. It's difficult but possible to leverage the IMEI to pose as another handset and make calls that will map back to the primary users billing and audit trail of calls.

Identity theft is not typically possible as personal information in a handset is not bound to an IMEI, the carrier would need to be compromised in order to map back in IMEI to personal identifiable information.

IF a IMSI and IMEI information can be obtained it would be a another story as both of these numbers could be used to get blacklisted and stolen phones opened back up with the carrier in order to resell them and have them function again in the carrier environment.

I would not be concerned with giving your IMEI to a technical support representative but of course would only want to give it to a legitimate entity for the sake of personal standards, much as yourself, of privacy and personal security.

techraf
  • 9,141
  • 11
  • 44
  • 62
Citizen
  • 378
  • 3
  • 16