0

I know there are few questions about the risk of IMEI with various answers from rare risk to none. But my question is regarding the kind of websites that provide IMEI check services for free with some services are paid. An example is this website: https://www.imei.info/

The stats at below the page are staggering. The website has access to all these valid IMEI numbers and keep increasing. I tried to enter my IMEI and I got some accurate information like model, specs, warranty, purchase date, carrier, etc.. They are obviously not an authorized body. Or are they?

I did some research online and on academic papers and IMEI does pose a minor risk in privacy and spoofing by counterfeiters. I am asking is disclosing millions of IMEI numbers to such websites has any serious risks? Am I vulnerable after I used it?

Thank you.

Josef
  • 1
  • 1
  • 1
  • Part of the number is the Type Allocation Code (TAC) which gives the manufacturer and model. Even Wikipedia has a small list of examples https://en.wikipedia.org/wiki/Type_Allocation_Code – Brian Aug 12 '20 at 18:53

1 Answers1

0

I tried to enter my IMEI and I got some accurate information like model, specs, warranty, purchase date, carrier, etc.. They are obviously not an authorized body. Or are they?

The GSM/3GPP standards specify the purpose of the IMEI as identifying the mobile equipment (the device, not the person using it). These are industry standards.

I did some research online and on academic papers and IMEI does pose a minor risk in privacy and spoofing by counterfeiters. I am asking is disclosing millions of IMEI numbers to such websites has any serious risks? Am I vulnerable after I used it?

To properly answer whether you are "vulnerable" would require more context. But I suspect the answer is "no, you are not."

Remember, the purpose of the IMEI is to uniquely identify the device--the actual physical electrical/radio equipment used to connect to the tower/network--not the person using it. The SIM card is used to identify the mobile subscriber (e.g., person with billing information). You can use different SIM cards with the same device (same IMEI).

hft
  • 4,910
  • 17
  • 32
  • Thank you for your answer. I agree with you but what I mean by "vulnerable" is when the IMEI is cloned (flashed) on another handset. Now I know this is very difficult but doesn't seem to be impossible. In that case, I read even here on stackexchange that an attacker could be able to receive my phone calls and SMS messages. but then what would be the difference between IMEI cloning and SIM cloning or both together? Thank you – Josef Aug 13 '20 at 13:45
  • You may be confusing IMEI (part of the phone) with the IMSI (part of the SIM card). An attacker would need to clone your SIMm or a similar attack, to receive any calls or messages destined for you. – David Sep 11 '20 at 22:23