If someone bad knows my imei number, say an x-gf who's crazy, what can they do and should I be worried about my phone being tracked or text msg's read? Is it possible to call tmobile and have them change it?
Thanks! But can t-mobile change it for me?
It's unlikely. If she works for TMO and is willing to risk her job then there might be some cause for concern.If someone bad knows my imei number, say an x-gf who's crazy, what can they do and should I be worried about my phone being tracked or text msg's read?
Not unless you buy another phone from them.Is it possible to call tmobile and have them change it?
No, and in many countries it's a criminal offence to change a phone's IMEI, Mobile Telephones (Re-programming) Act in the UK. Want a different IMEI, you'll have to get a new phone.
From an ethical standpoint, changing your IMEI number after Google surreptitiously takes it is being street wise.
Users on this board have reported being able the change the IMEI number by flashing the ROM.
An IMEI is a serialized identifier for the mobile networks to identify a piece of hardware similar to the MAC address of your router, IP address of your domain or the license plate on the back of your car. As far as I am aware, it is not protected by any privacy laws. Knowing that your IMEI is XXXX-XXXXX-XXXXX is similar to knowing your phone number or the street address of your house.
Worst thing I can think of (that's still practical to do) is report the phone as stolen so the networks will block it.The difference is that if I know your phone number I can call and harass you. If I know your address, I can drive by and paintball your house. I don't know what damage I could possibly do to you by knowing your IMEI.
The difference is that if I know your phone number I can call and harass you. If I know your address, I can drive by and paintball your house. I don't know what damage I could possibly do to you by knowing your IMEI.
Frankly, I wonder how useful IMEI's would be for that. I change phones every 20 months or so (basically when I'm upgrade eligible) and I currently have 4 phones I use at the moment.You could create a database of people who are in a particular political party, using the IMEI as a key (harmless in itself). Someone else could make a database of employees using IMEI as a primary key (again, harmless in itself). Someone could then put the two databases together (buy, sell, trade them), and in aggregate decide who to let go when it comes time to do layoffs. It doesn't take much imagination to realize how far data collection and aggregation goes when the same primary key becomes a part of multiple databases.
Worst thing I can think of (that's still practical to do) is report the phone as stolen so the networks will block it.
Another thing I can think of, spoof the IMEI on another phone and use that phone for illegal activity.
Alas, neither option is particularly smart.
You could create a database of people who are in a particular political party, using the IMEI as a key (harmless in itself). Someone else could make a database of employees using IMEI as a primary key (again, harmless in itself). Someone could then put the two databases together (buy, sell, trade them), and in aggregate decide who to let go when it comes time to do layoffs. It doesn't take much imagination to realize how far data collection and aggregation goes when the same primary key becomes a part of multiple databases.
A number seems pretty innocuous to those unaware of the evolution of social security numbers in the U.S. These were simply a number with a single purpose, a unique key into someones social security records. Harmless, right? Today, the same SSN number is used for practically everything, including authenticating ones identity for bank transactions.
In some countries, you can report a phone as stolen to a central body (ala-FCC) so the phone is blacklisted by all GSM providers. In countries where prepaid is the norm and it's easy to just switch SIM cards, that's the only recourse to deal with stolen phones (pre-smartphone era and apps like LookOut/Plan B). Granted, if this is postpaid where you need to prove your identity to the customer service rep by giving the last 4 of your SSN, you've got bigger problems than just someone having your IMEI. Of course, getting them to block the IMEI if you're on prepaid (even in the US) is easier as you wouldn't really have to prove your identity. When I activated my GoPhone, the only thing that was required of me was the zip code (presumably for assigning a phone number with the correct area code). If you refill your account with cards bought from Walmart, etc, and don't ever use your credit/debit card, you never give the carrier any identifying info aside from perhaps the phone numbers you call.You can't report the phone stolen unless you're the account holder. If I can convince your carrier that I'm the account holder I don't need the IMEI do I? Wouldn't I simply call them, convince them I'm you and tell them the phone associated with XYZ number is stolen? I've never reported a phone as stolen, but I don't think the carrier would expect you to know the IMEI.
Well, the OP was asking about what harm someone with his IMEI number might be able to do. He never said whether that person was an idiot or an evil criminal mastermind.The second I could see happening, but wouldn't be the most practical thing in the world with so many burner cell phones available. It would have to be someone who had an active interest in framing you for something and was an evil genius to boot. Another reason to fear my goateed counter-part.
The difference is that if I know your phone number I can call and harass you. If I know your address, I can drive by and paintball your house. I don't know what damage I could possibly do to you by knowing your IMEI.
Frequent phone changes are no hinderance for logging. Consider IP addresses. Some people have a different IP every day, but the logs won't fail to reveal that you were allocated a particular IP address at a particular time. Since most people keep their phone for at least a couple years, it's really a negligible cost for google to keep logs that go several decades back -- further back than useful, thus fully covering the who period of which the information collection can cause malicious disclosure.Frankly, I wonder how useful IMEI's would be for that. I change phones every 20 months or so (basically when I'm upgrade eligible) and I currently have 4 phones I use at the moment.
Those lists are now linked to your IMEI. So getting one piece of information is a key to getting the next. Now anyone who gets your IMEI and has sufficient skill, influence, or corporation position can use it to get the whole motherload of information.I'd be more concerned of a list with my phone number or address than one with one of my phones' IMEI.
One can get the physical address using the IMEI. Here's how:
Google's street view data collection created a database of physical locations, which were linked to MAC addresses of (open and closed) routers. Google also has data on where you live (from a variety of data: satnav usage, IP proximity, where you have google checkout orders shipped, region specific searches, etc). Now Google has your IMEI.
Sample scenario:
Stalking, angry, ex-lover gets ahold of your phone and dials *#06# surreptitiously. She goes to her close friend who happens to be a google employee, and says take this IMEI number, and find out where he sleeps, where he hangs out, and look into his google checkout account to find out what he's buying, and gather his emails.. find out his other gmail accounts (i.e. the ones i don't know about) because they're all conveniently associated within google anyway. Also grab his google voicemail transcriptions for me.
You got no results because you're doing it wrong. If you want the information for free, you'll have to go beyond the google search field at google.com.I ran my IMEI in a google search. It came up with no results.
Of course. Google has fired several people already for snooping in gmail accounts. And that's just those who actually did something stupid with the information - something that put a spotlight on google, essentially forcing google to take corrective actions.So you have an angry ex-lover and a friend who is willing to get fired and face criminal charges?
Now you're thinking. Indeed, information can be harvested from any database. This is why you should only allow disclosure of information needed for the task at hand. This is why in network security the "rule of least privilege" trumps. The principle is simple and obvious. If access to information is not needed to accomplish the task, then it's foolish give excess access. It's a needless risk.How is this different than if the friend works in a bank. They could put false information on your credit report,
So you recognize that damage can be done using a primary key to a database in one case, but not another. Why is that? SSNs only became damaging because they proliferated beyond the one database they were created for (as IMEIs have).steal your SSN,
Sure they can. Your IMEI (coupled with a span of time it's used) is as much your identity as your SSN. Even more so, because your finances are less about your identity than your social life.. where you sleep, work, eat, who you talk to, what you say, etc. And SSNs and IMEI are linked together so either can be obtained from the other. Your SSN is on your bank accounts, and thus electronic transactions, which are then linked to your phone purchase and your mobile phone payments, your mobile phone banking transactions, and ultimately your IMEI.take out loans in your name and never repay them and drain your account of money. That is a huge headache. They can flat out steal your actual identity which they can't do with your IMEI.
I would be way more scared of the ex who has a bank friend willing to get fired and go to jail than the ex who has a Google friend willing to do the same.
Seriously, if you're that paranoid, you shouldn't be using the internet or a smartphone.One case is orthoganal to the other. Many people and relationships in the world are potentially damaging. To say that one is not the single most damaging (as far as you can imagine) and then concluding that another case must be harmless is to create a false dichotomy. You have far more protection from banking damage than what can be done with information about where you live, along with social information to fuel the fire. Your bank doesn't generally know who your latest lover is, or what's being said to who -- pretty boring information for an emotional stalker, compared to Google's treasure trove of intimately personal data. Money is also protected by Regulation E. What's protecting you from physical attack by a nut case bent on destroying you, for example?
And look at the corporations. Anything damaging done to your finances through misuse of information is generally illegal, and is recoverable with some effort. But when your personal/social information is traded without a data protection act, it can be used in countless damaging (but legal) ways.. you have no recourse.
You've stated this claim in several posts now. I'm interested in where you saw this as to my knowledge it's simply impossible - the IEMI is completely unrelated to the handset's firmware.
The difference is that if I know your phone number I can call and harass you. If I know your address, I can drive by and paintball your house. I don't know what damage I could possibly do to you by knowing your IMEI.
You got no results because you're doing it wrong. If you want the information for free, you'll have to go beyond the google search field at google.com.
Of course. Google has fired several people already for snooping in gmail accounts. And that's just those who actually did something stupid with the information - something that put a spotlight on google, essentially forcing google to take corrective actions.
Now you're thinking. Indeed, information can be harvested from any database. This is why you should only allow disclosure of information needed for the task at hand. This is why in network security the "rule of least privilege" trumps. The principle is simple and obvious. If access to information is not needed to accomplish the task, then it's foolish give excess access. It's a needless risk.
So you recognize that damage can be done using a primary key to a database in one case, but not another. Why is that? SSNs only became damaging because they proliferated beyond the one database they were created for (as IMEIs have).
Sure they can. Your IMEI (coupled with a span of time it's used) is as much your identity as your SSN. Even more so, because your finances are less about your identity than your social life.. where you sleep, work, eat, who you talk to, what you say, etc. And SSNs and IMEI are linked together so either can be obtained from the other. Your SSN is on your bank accounts, and thus electronic transactions, which are then linked to your phone purchase and your mobile phone payments, your mobile phone banking transactions, and ultimately your IMEI.
One case is orthoganal to the other. Many people and relationships in the world are potentially damaging. To say that one is not the single most damaging (as far as you can imagine) and then concluding that another case must be harmless is to create a false dichotomy. You have far more protection from banking damage than what can be done with information about where you live, along with social information to fuel the fire. Your bank doesn't generally know who your latest lover is, or what's being said to who -- pretty boring information for an emotional stalker, compared to Google's treasure trove of intimately personal data. Money is also protected by Regulation E. What's protecting you from physical attack by a nut case bent on destroying you, for example?
And look at the corporations. Anything damaging done to your finances through misuse of information is generally illegal, and is recoverable with some effort. But when your personal/social information is traded without a data protection act, it can be used in countless damaging (but legal) ways.. you have no recourse.
Why would I need to? The data is collected. Of course there are countless ways to attack a database, motivate someone else to attack a database, or simply buy access from a party willing to share for the right price.Fair enough. Can you offer specific directions of where I need to go?
When you say "lookup", which database are you interested in? Start there.You're alleging that people can track me via my IMEI that Google has on file. I'm very interested in looking up my IMEI to see exactly how much info I can get from it.
No, of course not - not with data they don't need. If your bank asks you who you are meeting for dinner, don't trust them -- they don't need that information to be a custodian of your bank account. Again, the rule of least privilege trumps.And banks have fired people for doing the same thing. So I shouldn't trust them either?
It's mitigation of needless information disclosure. Submitting a needless information disclosure is not street wise - it's naive from an information security standpoint.It's needless paranoia IMO.
Except Google. Except your phone carrier. Except some other non-google apps that harvest the data, needlessly.No one tracks people by their IMEIs. No one does.
Of course they are. These are single user devices. They supply data to their single user, who produces data. This data is linked to the IMEI of the device. The device is associated to the IMEI.Again, the reason is simple - phones are not tied to people.
Actually you are issued multiple different slave surveillance numbers potentially from one government and certainly from different other governments you have a relationship with. One SSN in the US, another number like an SSN in another country, just as you are issued one IMEI per device per person. Your point?SSNs are. You are issued one SSN.
Logs don't care whether you've died or not. A number can last till death, or it can last for a year, either way it's still a primary key linking you to data for a duration of time.It belongs to you until the day you die.
Of course there is varying degrees of uniqueness. The SSN 078-05-1120 is used by many. Uniquely issued, but this can be manipulated. MAC addresses are also uniquely issued - no two are the same. MAC addresses can be altered, but what's issued is unique. Anyone can decide to start using uniquely issued MAC addresses as a primary key, and collect whatever data they want under that key. Same for VINs. These are unique numbers, and can be utilized to reference the data of an individual person (even if it perverts the original intent). You're letting intent control how you view the number, instead of understanding how utilitarians are making use of it.IMEIs are no more unique to people than MAC addresses on computers or VINs on your car or the MAC on your BT headset.
How do you figure "easier"? It depends on the context. It's far easier for google to harvest an IMEI from device they have code running on, than to surreptitiously harvest an SSN. With SSNs already the centerpiece of identity theft, it would be a stupid legal risk for Google, as opposed to simply re-purposing something else to creep in as their own kind of SSN.Why in the world would someone track you by your IMEI when there are things far more easily available and far more unique like your name/DOB, your SSN, your phone number or even your email address?
What part of the chain in the linked data are you having trouble accepting? We'll go from there.Can you point me to a place where I can look up my SSN and find the IMEI of my phone?
Actually what you're replying to is fact. It's verifiable. Paranoia is a mental state, not a defense for objecting to facts. The data is traceable, or it's not. Try not to rely on emotional arguments. Tell us why you think the traceability is absent, and we can go from there.Otherwise I call BS on this. It's paranoia.
You're presuming you've found your target to begin with. In some cases that's the end game, and the most difficult bit of information to get. Online stalkers start with much less than your present location.You know what I'm going to do if I want to find your address? I'll follow you home one night. Why? Because on a scale of 1-10 with 1 being easy and 10 being difficult, following you home undetected is probably a 3.
The system is can be complex, but the adversary needs not be. One can break into a WEP-secured wifi AP without knowing the first detail about the system. The work has been done by others.. insiders, or skilled hackers, those with more patience.. you just need to be able to use whatever mechanism is made available to you. Or hire someone else to go through the "level 10 difficulty" process.Setting up a complex system to track your IMEI for a period of time so I can find you is a 10.
Frequency is only part of a threat assessment measurement. I might have a higher frequency for spilling coffee, that doesn't make it a greater damage. Getting hit by a train is pretty damaging, even though the probability is low. I'll favor 100 coffee spills over one single train hit.A vindictive bank employee is far scarier than a vindictive Google employee because it's far more likely to happen
Not sure where you get "extreme" concern from. Should you lose sleep over it? No. But should you be foolish enough to needlessly disclose a unique number to all apps that ask, linking a significant portion of your social life to a number, of course not. It's just being street wise- just like you don't sign your messages on this forum with your real name and SSN.You are arguing that I should be extremely concerned about something that has next to no chance at all of happening to me.
Now you're using appeal to probability logic, and failing to balance cost with risk. You can use this flawed logic to justify any number of security-naive choices.By that logic I should re-inforce the roof of my house with titanium just in case it gets hit by a meteor.
Someone who has pics of you drunk and nude while harassing someone posts them publicly with the caption "model employee of XYZ employer", and it gets a big spotlight. Perfectly legal, as is the termination of your job that follows.. yet quite damaging.An example of a possible damaging but legal use of my personal data please?
We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.