The theft or loss of smartphones, rather than an economic problem for owners, poses a severe information security issue. According to personal data protection specialists, any threat actor may be able to manipulate the IMEI number of a smartphone using little complex hacking tools.
The International Mobile Equipment Identity (IMEI) is a unique identifier for every existing smartphone in the world. This is a key formed by 15 digits and is necessary in cases of repair, guarantees, theft report, etc. This number is found on each device, regardless of manufacturer or mobile operator.
According to personal data protection specialists, the Indian government is planning to stop the theft of mobile devices with the creation of a Device Identity Center that will integrate all IMEI numbers from the smartphones operating in India’s territory in a single database.
The database will contain three different IMEI lists:
- The white list identifies devices that are enabled to receive and make calls
- The gray list identifies devices that can make and receive calls, but can be monitored to discover the identity of the smartphone user
- The blacklist identifies devices that have been reported stolen or with severe technical problems that prevent them from making or receiving calls
When this system is ready, the owner of a stolen smartphone can file a complaint with the Indian Telecommunications Department (DoT) which, in turn, will blacklist the reported IMEI, preventing the stolen smartphone from reading a card SIM, regardless of the provider company.
The authorities hope that by disabling the smartphones reported to the DoT the rate of theft will decrease and, eventually, the practice will reach minimum levels.
The International Institute of Cyber Security (IICS) personal data protection specialists believe that another reason the authorities have decided to implement a single IMEI key database is to facilitate the process for “IMEI-based legal interception”. Through this mechanism, the authorities or manufacturer companies can block a specific IMEI number, completely disabling the corresponding smartphone.
Besides India, authorities in other countries have already taken similar measures. The governments of Australia, Turkey, the United Kingdom, among others, already have central databases for IMEI registration, developed for the same purposes.