1. Download our Official Android App: Forums for Android!

Somebody knows my imei

Discussion in 'Off Topic' started by 413x3, Mar 23, 2011.

  1. 413x3

    413x3 Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    2
    Joined:
    Mar 23, 2011

    Mar 23, 2011
    2
    0
    5
    If someone bad knows my imei number, say an x-gf who's crazy, what can they do and should I be worried about my phone being tracked or text msg's read? Is it possible to call tmobile and have them change it?
     

    Advertisement

  2. Martimus

    Martimus One bite at a time...
    Rank:
    None
    Points:
    843
    Posts:
    19,535
    Joined:
    Jul 9, 2010

    Jul 9, 2010
    19,535
    4,045
    843
    Male
    Engineer
    'neath a cactus
    Welcome to the Android Forums!

    If I'm not mistaken changing the IMEI on a phone is illegal...
     
  3. 413x3

    413x3 Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    2
    Joined:
    Mar 23, 2011

    Mar 23, 2011
    2
    0
    5
    Thanks! But can t-mobile change it for me?
     
  4. mikedt

    mikedt 你好
    Rank:
     #7
    Points:
    2,238
    Posts:
    23,250
    Joined:
    Sep 22, 2010

    Sep 22, 2010
    23,250
    12,434
    2,238
    Teachaaa
    Jinan, China
    No, and in many countries it's a criminal offence to change a phone's IMEI, Mobile Telephones (Re-programming) Act in the UK. Want a different IMEI, you'll have to get a new phone.
     
  5. takeshi

    takeshi Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    3,354
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    3,354
    283
    163
    It's unlikely. If she works for TMO and is willing to risk her job then there might be some cause for concern.

    Not unless you buy another phone from them.
     
  6. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    Presumably that law predates IMEI abuses, like Google collecting users IMEI numbers, and using them as a new kind of global SSN (slave surveillance number). From an ethical standpoint, changing your IMEI number after Google surreptitiously takes it is being street wise.

    Ryhipkiss (a user here) said "A lot of damage can be done if the IMEI number lands in the wrong hands." Would be interesting to hear what all can be done. A unique number in itself is damaging when it's used to id people (considering phones are single user devices).

    And to answer the question, you don't need t-mobile to change it. Users on this board have reported being able the change the IMEI number by flashing the ROM.
     
  7. Slug

    Slug Check six!
    Moderator
    Rank:
    None
    Points:
    2,043
    Posts:
    20,549
    Joined:
    Aug 1, 2009

    Aug 1, 2009
    20,549
    16,995
    2,043
    Male
    Mobile phone retail
    Inverness, UK
    Ethics have nothing to do with it. As already stated, in many countries changing the IEMI is a criminal offence that will earn the perp jail time. As such, discussion of it is prohibited by our Site Rules.

    You've stated this claim in several posts now. I'm interested in where you saw this as to my knowledge it's simply impossible - the IEMI is completely unrelated to the handset's firmware.
     
    9to5cynic, lunatic59 and novox77 like this.
  8. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    There's a far more common number that's associated with your identity and tied to your phone than your IMEI - your actual phone number. Most people will do anything to keep from changing it as it tends to be a PITA to do so and it follows them from one phone to another. Google does not "steal" your IMEI. There's no reason to do so. They can track you far more easily by just looking at what your Gmail account is doing. Why would they want your IMEI?
     
    9to5cynic and novox77 like this.
  9. lunatic59

    lunatic59 Moderati ergo sum
    Moderator
    Rank:
     #3
    Points:
    4,238
    Posts:
    34,960
    Joined:
    Jun 12, 2010

    Jun 12, 2010
    34,960
    30,713
    4,238
    Male
    IT
    Pennsylvania
    An IMEI is a serialized identifier for the mobile networks to identify a piece of hardware similar to the MAC address of your router, IP address of your domain or the license plate on the back of your car. As far as I am aware, it is not protected by any privacy laws. Knowing that your IMEI is XXXX-XXXXX-XXXXX is similar to knowing your phone number or the street address of your house.
     
  10. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    The difference is that if I know your phone number I can call and harass you. If I know your address, I can drive by and paintball your house. I don't know what damage I could possibly do to you by knowing your IMEI.
     
  11. rui-no-onna

    rui-no-onna Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    685
    Joined:
    Jul 19, 2011

    Jul 19, 2011
    685
    104
    93
    Worst thing I can think of (that's still practical to do) is report the phone as stolen so the networks will block it.

    Another thing I can think of, spoof the IMEI on another phone and use that phone for illegal activity.

    Alas, neither option is particularly smart.
     
  12. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    You could create a database of people who are in a particular political party, using the IMEI as a key (harmless in itself). Someone else could make a database of employees using IMEI as a primary key (again, harmless in itself). Someone could then put the two databases together (buy, sell, trade them), and in aggregate decide who to let go when it comes time to do layoffs. It doesn't take much imagination to realize how far data collection and aggregation goes when the same primary key becomes a part of multiple databases.

    A number seems pretty innocuous to those unaware of the evolution of social security numbers in the U.S. These were simply a number with a single purpose, a unique key into someones social security records. Harmless, right? Today, the same SSN number is used for practically everything, including authenticating ones identity for bank transactions.
     
  13. rui-no-onna

    rui-no-onna Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    685
    Joined:
    Jul 19, 2011

    Jul 19, 2011
    685
    104
    93
    Frankly, I wonder how useful IMEI's would be for that. I change phones every 20 months or so (basically when I'm upgrade eligible) and I currently have 4 phones I use at the moment.

    I'd be more concerned of a list with my phone number or address than one with one of my phones' IMEI. I've had my cell phone number for 5 years. In that same time period, I've used 5 different phones in conjunction with that phone number.
     
  14. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    You can't report the phone stolen unless you're the account holder. If I can convince your carrier that I'm the account holder I don't need the IMEI do I? Wouldn't I simply call them, convince them I'm you and tell them the phone associated with XYZ number is stolen? I've never reported a phone as stolen, but I don't think the carrier would expect you to know the IMEI.

    The second I could see happening, but wouldn't be the most practical thing in the world with so many burner cell phones available. It would have to be someone who had an active interest in framing you for something and was an evil genius to boot. Another reason to fear my goateed counter-part.

    In both of those cases the information is useless. Only Google would have the capabilities to do such a thing and has no idea when the device changes hands. Without that, the information is useless. The number is not permanently tied to one person making it useless as a personal identifier.
     
    9to5cynic likes this.
  15. rui-no-onna

    rui-no-onna Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    685
    Joined:
    Jul 19, 2011

    Jul 19, 2011
    685
    104
    93
    In some countries, you can report a phone as stolen to a central body (ala-FCC) so the phone is blacklisted by all GSM providers. In countries where prepaid is the norm and it's easy to just switch SIM cards, that's the only recourse to deal with stolen phones (pre-smartphone era and apps like LookOut/Plan B). Granted, if this is postpaid where you need to prove your identity to the customer service rep by giving the last 4 of your SSN, you've got bigger problems than just someone having your IMEI. Of course, getting them to block the IMEI if you're on prepaid (even in the US) is easier as you wouldn't really have to prove your identity. When I activated my GoPhone, the only thing that was required of me was the zip code (presumably for assigning a phone number with the correct area code). If you refill your account with cards bought from Walmart, etc, and don't ever use your credit/debit card, you never give the carrier any identifying info aside from perhaps the phone numbers you call.

    Well, the OP was asking about what harm someone with his IMEI number might be able to do. He never said whether that person was an idiot or an evil criminal mastermind. :p
     
  16. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    One can get the physical address using the IMEI. Here's how:

    Google's street view data collection created a database of physical locations, which were linked to MAC addresses of (open and closed) routers. Google also has data on where you live (from a variety of data: satnav usage, IP proximity, where you have google checkout orders shipped, region specific searches, etc). Now Google has your IMEI.

    Sample scenario:

    Stalking, angry, ex-lover gets ahold of your phone and dials *#06# surreptitiously. She goes to her close friend who happens to be a google employee, and says take this IMEI number, and find out where he sleeps, where he hangs out, and look into his google checkout account to find out what he's buying, and gather his emails.. find out his other gmail accounts (i.e. the ones i don't know about) because they're all conveniently associated within google anyway. Also grab his google voicemail transcriptions for me.
     
  17. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    Frequent phone changes are no hinderance for logging. Consider IP addresses. Some people have a different IP every day, but the logs won't fail to reveal that you were allocated a particular IP address at a particular time. Since most people keep their phone for at least a couple years, it's really a negligible cost for google to keep logs that go several decades back -- further back than useful, thus fully covering the who period of which the information collection can cause malicious disclosure.

    Those lists are now linked to your IMEI. So getting one piece of information is a key to getting the next. Now anyone who gets your IMEI and has sufficient skill, influence, or corporation position can use it to get the whole motherload of information.
     
  18. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    I ran my IMEI in a google search. It came up with no results. That's my old phone that I've been using for the past 1.5 years. I ran a search on my phone that I got earlier this week. No results either. So I really question whether you can get your address from the IMEI. Not to mention the fact that your IMEI is not tied to any person. It's tied to a phone. Just saying.

    So you have an angry ex-lover and a friend who is willing to get fired and face criminal charges? How is this different than if the friend works in a bank. They could put false information on your credit report, steal your SSN, take out loans in your name and never repay them and drain your account of money. That is a huge headache. They can flat out steal your actual identity which they can't do with your IMEI. I would be way more scared of the ex who has a bank friend willing to get fired and go to jail than the ex who has a Google friend willing to do the same.
     
    Graffen likes this.
  19. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    You got no results because you're doing it wrong. If you want the information for free, you'll have to go beyond the google search field at google.com.

    Of course. Google has fired several people already for snooping in gmail accounts. And that's just those who actually did something stupid with the information - something that put a spotlight on google, essentially forcing google to take corrective actions.

    Now you're thinking. Indeed, information can be harvested from any database. This is why you should only allow disclosure of information needed for the task at hand. This is why in network security the "rule of least privilege" trumps. The principle is simple and obvious. If access to information is not needed to accomplish the task, then it's foolish give excess access. It's a needless risk.

    So you recognize that damage can be done using a primary key to a database in one case, but not another. Why is that? SSNs only became damaging because they proliferated beyond the one database they were created for (as IMEIs have).

    Sure they can. Your IMEI (coupled with a span of time it's used) is as much your identity as your SSN. Even more so, because your finances are less about your identity than your social life.. where you sleep, work, eat, who you talk to, what you say, etc. And SSNs and IMEI are linked together so either can be obtained from the other. Your SSN is on your bank accounts, and thus electronic transactions, which are then linked to your phone purchase and your mobile phone payments, your mobile phone banking transactions, and ultimately your IMEI.

    One case is orthoganal to the other. Many people and relationships in the world are potentially damaging. To say that one is not the single most damaging (as far as you can imagine) and then concluding that another case must be harmless is to create a false dichotomy. You have far more protection from banking damage than what can be done with information about where you live, along with social information to fuel the fire. Your bank doesn't generally know who your latest lover is, or what's being said to who -- pretty boring information for an emotional stalker, compared to Google's treasure trove of intimately personal data. Money is also protected by Regulation E. What's protecting you from physical attack by a nut case bent on destroying you, for example?

    And look at the corporations. Anything damaging done to your finances through misuse of information is generally illegal, and is recoverable with some effort. But when your personal/social information is traded without a data protection act, it can be used in countless damaging (but legal) ways.. you have no recourse.
     
  20. rui-no-onna

    rui-no-onna Android Enthusiast
    Rank:
    None
    Points:
    93
    Posts:
    685
    Joined:
    Jul 19, 2011

    Jul 19, 2011
    685
    104
    93
    Seriously, if you're that paranoid, you shouldn't be using the internet or a smartphone.
     
    Graffen likes this.
  21. novox77

    novox77 Leeeroy Jennnkinnns!
    Rank:
    None
    Points:
    413
    Posts:
    3,965
    Joined:
    Jul 7, 2010

    Jul 7, 2010
    3,965
    3,257
    413
    I can see all y'all's IP addresses. Be afraid.
     
    alostpacket likes this.
  22. jerofld

    jerofld Fixing stuff is not easy
    Rank:
    None
    Points:
    313
    Posts:
    7,687
    Joined:
    May 10, 2011

    May 10, 2011
    7,687
    4,269
    313
    Male
    I fix stuff
    Over there <points>
    I'd imagine one could with terminal emulator and enough initiative to find the right command. CDMA Workshop may be another avenue for those with CDMA based devices.

    But changing IMEI would probably cause your device to not be able to send or receive any calls, texts, or data. Making it into a media player instead of a cell phone.
     
  23. MyNamesTooLong

    MyNamesTooLong Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    826
    Joined:
    Jan 17, 2011

    Jan 17, 2011
    826
    51
    78

    Cause paranoia and force him to post about you knowing on the internet?:D
     
  24. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    967
    213
    Fair enough. Can you offer specific directions of where I need to go? You're alleging that people can track me via my IMEI that Google has on file. I'm very interested in looking up my IMEI to see exactly how much info I can get from it.

    And banks have fired people for doing the same thing. So I shouldn't trust them either?

    It's needless paranoia IMO.

    No one tracks people by their IMEIs. No one does. Again, the reason is simple - phones are not tied to people. SSNs are. You are issued one SSN. It belongs to you until the day you die. IMEIs are no more unique to people than MAC addresses on computers or VINs on your car or the MAC on your BT headset. Why in the world would someone track you by your IMEI when there are things far more easily available and far more unique like your name/DOB, your SSN, your phone number or even your email address?

    Can you point me to a place where I can look up my SSN and find the IMEI of my phone? Otherwise I call BS on this. It's paranoia.

    You know what I'm going to do if I want to find your address? I'll follow you home one night. Why? Because on a scale of 1-10 with 1 being easy and 10 being difficult, following you home undetected is probably a 3. Setting up a complex system to track your IMEI for a period of time so I can find you is a 10.

    A vindictive bank employee is far scarier than a vindictive Google employee because it's far more likely to happen and it's not even that likely. You are arguing that I should be extremely concerned about something that has next to no chance at all of happening to me. By that logic I should re-inforce the roof of my house with titanium just in case it gets hit by a meteor.

    An example of a possible damaging but legal use of my personal data please?
     
  25. libCivil

    libCivil Newbie
    Rank:
    None
    Points:
    15
    Posts:
    19
    Joined:
    Nov 9, 2011

    Nov 9, 2011
    19
    0
    15
    Why would I need to? The data is collected. Of course there are countless ways to attack a database, motivate someone else to attack a database, or simply buy access from a party willing to share for the right price.

    When you say "lookup", which database are you interested in? Start there.

    No, of course not - not with data they don't need. If your bank asks you who you are meeting for dinner, don't trust them -- they don't need that information to be a custodian of your bank account. Again, the rule of least privilege trumps.

    It's mitigation of needless information disclosure. Submitting a needless information disclosure is not street wise - it's naive from an information security standpoint.

    Except Google. Except your phone carrier. Except some other non-google apps that harvest the data, needlessly.

    Of course they are. These are single user devices. They supply data to their single user, who produces data. This data is linked to the IMEI of the device. The device is associated to the IMEI.

    Actually you are issued multiple different slave surveillance numbers potentially from one government and certainly from different other governments you have a relationship with. One SSN in the US, another number like an SSN in another country, just as you are issued one IMEI per device per person. Your point?

    Logs don't care whether you've died or not. A number can last till death, or it can last for a year, either way it's still a primary key linking you to data for a duration of time.

    Of course there is varying degrees of uniqueness. The SSN 078-05-1120 is used by many. Uniquely issued, but this can be manipulated. MAC addresses are also uniquely issued - no two are the same. MAC addresses can be altered, but what's issued is unique. Anyone can decide to start using uniquely issued MAC addresses as a primary key, and collect whatever data they want under that key. Same for VINs. These are unique numbers, and can be utilized to reference the data of an individual person (even if it perverts the original intent). You're letting intent control how you view the number, instead of understanding how utilitarians are making use of it.

    How do you figure "easier"? It depends on the context. It's far easier for google to harvest an IMEI from device they have code running on, than to surreptitiously harvest an SSN. With SSNs already the centerpiece of identity theft, it would be a stupid legal risk for Google, as opposed to simply re-purposing something else to creep in as their own kind of SSN.

    What part of the chain in the linked data are you having trouble accepting? We'll go from there.

    Actually what you're replying to is fact. It's verifiable. Paranoia is a mental state, not a defense for objecting to facts. The data is traceable, or it's not. Try not to rely on emotional arguments. Tell us why you think the traceability is absent, and we can go from there.

    You're presuming you've found your target to begin with. In some cases that's the end game, and the most difficult bit of information to get. Online stalkers start with much less than your present location.

    The system is can be complex, but the adversary needs not be. One can break into a WEP-secured wifi AP without knowing the first detail about the system. The work has been done by others.. insiders, or skilled hackers, those with more patience.. you just need to be able to use whatever mechanism is made available to you. Or hire someone else to go through the "level 10 difficulty" process.

    Frequency is only part of a threat assessment measurement. I might have a higher frequency for spilling coffee, that doesn't make it a greater damage. Getting hit by a train is pretty damaging, even though the probability is low. I'll favor 100 coffee spills over one single train hit.

    Not sure where you get "extreme" concern from. Should you lose sleep over it? No. But should you be foolish enough to needlessly disclose a unique number to all apps that ask, linking a significant portion of your social life to a number, of course not. It's just being street wise- just like you don't sign your messages on this forum with your real name and SSN.

    Now you're using appeal to probability logic, and failing to balance cost with risk. You can use this flawed logic to justify any number of security-naive choices.

    Someone who has pics of you drunk and nude while harassing someone posts them publicly with the caption "model employee of XYZ employer", and it gets a big spotlight. Perfectly legal, as is the termination of your job that follows.. yet quite damaging.
     

Share This Page

Loading...