2

The title says it all basically. Even now, why is tampering IMEI possible at all? Shouldn't manufactures be using one time writable memory to embed IMEI into phones? Why don't they?

Nikhil
  • 21
  • 1
  • Why _would_ they? What would they gain from the extra cost of the hardware? – forest Jan 14 '19 at 03:45
  • Wouldn't the cost be eventually transferred to the customer anyway? And which customer won't prefer such a system? Also, GSMA states that the IMEI should be implemented in a manner such that it can't be changed, and obviously current implementations aren't that secure, so why aren't manufactures taking some action? – Nikhil Jan 14 '19 at 03:47
  • Most customers wouldn't even _know_ that it was implemented, much less actively prefer it. And the requirements only state that reasonable measures be taken to prevent the end-user from changing it, which is usually implemented as restrictions in software. Why would they go further when they aren't legally required and when it would not make them further profit? – forest Jan 14 '19 at 03:50
  • https://imeidb.gsma.com/imei/resources/documents/IMEI-Security-Technical-Design-Principles-v4.pdf Doesn't principle 6 here tell the manufacturers to use appropriate technique to prevent unauthorized tampering of IMEI? – Nikhil Jan 14 '19 at 03:59
  • So it's best practices, but it would still be cheaper for them to do the bare minimum. – forest Jan 14 '19 at 04:02
  • I understand. I underestimated manufacturer's need for profit. Also, what does Apple do differently that makes changing IMEI of iPhones difficult as compared to Android Phones? – Nikhil Jan 14 '19 at 04:05
  • I don't know for sure, but I'd imagine it's because Apple sources their own hardware, whereas Google develops the software and allows 3rd party OEMs to install it on the hardware of their choice. – forest Jan 14 '19 at 04:07
  • Hmm, I see. I was looking for a deeper technical explanation, but thank you for all your assistance! – Nikhil Jan 14 '19 at 04:10
  • Unfortunately, the explanation would be purely about economics with nothing technical involved. – forest Jan 14 '19 at 04:11
  • @forest It's not a cost issue for such a small amount of data. Plenty of devices include [one-time programmable fuses](https://www.flashmemorysummit.com/English/Collaterals/Proceedings/2010/20100818_T2A_Zajac.pdf) on die. Apple's phones, Intel CPUs, CPLDs, smart cards, HDMI devices, even cheap Ethernet cards etc. The weakness is firmware tampering, tampered firmware can be patched to read some other data/do something else. – user71659 Jan 14 '19 at 05:28
  • [How secure are IMEI numbers? - Unanswered](https://security.stackexchange.com/questions/188354/how-secure-are-imei-numbers) – defalt Jan 14 '19 at 05:58
  • The question asks only about storage, but the problem is also making sure IMEI is not tampered with when it's being **used/transferred** (which is the obvious point of attack if it's read-only). – domen Jan 14 '19 at 10:32
  • IMEI in most Android device *is* written into the hardware. What you are confusing is the IMEI that is written into the hardware (this cannot be changed without replacing the board/chip that contains the IMEI) and the IMEI that is reported by the OS (this is under the control of the OS). Changing the former is not possible without changing the hardware; changing the latter is fairly trivial in both rooted Android and jailbroken iPhone. Once rooted/jailbroken, the OS can lie about the IMEI it reads from the hardware. – Lie Ryan Jan 14 '19 at 14:50
  • What do hardware flasher devices available in black market do then? Don't they change the IMEI which is written into the hardware? – Nikhil Jan 16 '19 at 00:25

0 Answers0