This document discusses issues with mobile device theft and strategies for addressing it. It notes that over 230,000 mobile phones were stolen in England, Wales and Scotland from 2010-2020, but only 1% were recovered. Existing solutions that blacklist stolen devices are ineffective at deterring theft as they are too slow. The document proposes a national mobile device registry that would automate data collection, analysis and enforcement across all mobile networks in a country. This would help deter theft, detect illicit devices and behaviors, and adapt to emerging threats over time through active management of device data. Consistent policies are needed across operators as well as data sharing to effectively address theft and other mobile security issues.

1. 1
National Mobile Device Registration:
Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
tjasionowski@iconectiv.com
+1 781 775 3080

2. 2
Device Identification by IMEI
International Mobile Equipment Identity
 GSM 03.03 standardized the
IMEI format to 15 digits
 Each TAC range should
represent a globally unique
device and configuration
 Identifies the device
throughout the supply chain
and in network deployment
2

3. 3
The Traditional C-EIR

4. 4
National IMEI Registries No Longer Deter Mobile Theft
“Police forces in England, Wales and Scotland have dealt with 230,000 street crimes
where a mobile phone was stolen since 2010, but recovered just 1pc of those stolen.
The true scale of the crime may be far higher than the official figures, as many thefts are
not reported.
LV= estimates that the overall number of stolen mobiles is more likely to be 400,000 for
this period, as four in ten mobile theft victims say they never reported the crime to the
police.”

5. 5
Traditional C-EIR Solutions are Ineffective Deterrent
Use Case: Sample Theft Reporting Scheme v. Theft Scenario
Existing reactive centralized
solutions are too slow to deter theft
 Illegal processes move faster than legal
ones
 Ownership of device established after
need, not before
 Block doesn’t impact the original thief,
only intermediaries and additional victims
 Relies on consistent timeline for
enforcement on individual operators

6. 6
Smartphone Self-Recovery: a Bright and Dark Side

7. 7
Sometimes It’s Not About Terminal Theft
 Increasing use of SIM cards in
M2M applications lead to crime
and fraud in unanticipated ways
 Illegitimate reporting can be used
to undermine these applications
with little paper trail and little
reprecussion

8. 8
Two Years Ago: 2G Knockoffs of Modern Devices
 Nokia E71
 Symbian 3.1
 Single SIM
 3G/2G
 801.11b/g
 Symbian Browser
 Mail for Exchange
 2012 Street Price: $260
 Chang Jiang E71
 Touch Screen
 Java Phone
 Dual SIM
 2G
 802.11b/g
 Opera Browser
 Facebook
 Analog TV
2012 Street Price: $40-60

9. 9
Sony Experia S: Modern 2012 Android Devices
 Released February 2012
 Aka Sony LT26i
 Qualcomm MSM8260 Snapdragon
Dual-core 1.5 GHz
 Single SIM
 GSM:850/900/1800/1900 MHz
 WCDMA:850/900/1900/2100 MHz
 Android 2.3 upgradable to 4.x
 GMSA TAC Assignment
 Type Allocation Code: 35171005
 Sony Ericsson
 IMEIs Pass Luhn Check
 Amazon Price: US$450

10. 10
Star X26i: Modern 2012 Android Counterfeit
 Purchased August 2012
 Sold as Star X26i
 MediaTek MT6575 1Ghz Chipset
 Dual SIM
 GSM:850/900/1800/1900 MHz
 WCDMA:900/2100 MHz
 Android 4.0.3 (Ice Cream Sandwich)
 Duplicates a Legitimate Device IMEI
 Claimed Type Allocation Code: 35626003
 Cheng Uwei Precision Industry
 Model OX-11
 GMS:900/1800 MHz
 IMEIs Pass Luhn Check
 Market Price in Hong Kong: US$150
 Wholesale Price: <$115 (estimated)

11. 11
IMEI-only Blocking Can Have Consequences
Use Case Example: Theft Involving Phone with Replicated IMEI

12. 12
Recent Experiences in Other Countries
Mexico
 Law passed in 2009 requiring all handsets to register with operator
 Intent was to deter drug-related crimes, kidnapping
 After one year, only an estimated 60-70% of phones had registered
 Rather than shut off 40% of domestic mobile devices, law rescinded in May 2011
India
 Invalid IMEI devices prohibited from network in early 2010 in wake of 2008 Mumbai
attacks
 15-20M handsets turned off by government in June 2010
 Additional IMEI ranges banned after non-compliant handsets reprogrammed to use
other ranges
 Automated central registry now in late planning phase

13. 13
Mobile Devices Increasingly Play in National Policies
Theft Smuggling
Rising mobile devices average
selling prices, social pressures
and fluid resale markets driving
device theft and, in many cases,
injury or death associated with the
act
Greymarket importation of mobile
devices, underground market
channels undermining government
collection of import duties and
GST/VAT
Terrorism and Organized Crime Uncertified Devices
Mobile phones increasingly used in
the planning and execution of
terrorist and criminal acts, including
kidnapping, money laundering and
improvised explosive device (IED)
triggering
Uncertified mobile devices displace
legitimate manufacturers,
undermine existing network
countermeasures, disrupt national
industrial policies, and impact
overall mobile network performance

14. 14
Best Practice: Proactively Deter, Detect Illicit Behavior
Make theft, counterfeiting, smuggling less lucrative by accerating action
 Automate blocking of device rather than waiting for expensive
manual processes
 Look for evidence of reprogramming, duplicate IMEIs and other
negative factors in operating device stock and use this knowledge
to better manage restrictions consistently across all national mobile
networks
 Provide real-time theft data to law enforcement, customs to track
down, prosecute thieves and smugglers

15. 15
Best Practice: Automate Data Collection, Enforcement
Use Existing Industry and Operator Data Sources to Make Better Decisions
 Broaden the data set by leveraging data already available or
collected by device manufacturers, operators, government and
industry consortiums
 Reduce Overall Burden on Operators, Manufacturers and Point of
Sale
 Eliminate human factors in data collection, when possible

16. 16
Best Practice: Move Beyond Device Blacklists
Compel Action through Messaging, Eoonomic Penalties and Timers
 For devices sharing the same IMEI range or other illicit behaviors,
immediately blocking can be counterproductive
 Industry needs to create broader economic disincentives for use of
illicit mobile devices

17. 17
iconectiv’s Device Registry
A unified, national infrastructure for management of mobile equipment
 Applies a new economic operating model over a nation’s mobile equipment ecosystem
 Cross-operator scheme to collect, analyze and act against a variety of mobile network-
based threats
 Focuses on tracking, modifying and managing consumer behavior over time
 Implements a common, automated data collection scheme across operators
 Enables cross-Operator analytics and reporting while maintaining structural separation
of data
A flexible platform that adapts to new and changing threats
 Tracks and correlates devices, subscribers and roaming mobiles across all mobile
networks on a common timeline
 Provides a common enforcement regime to detect, react and discourage theft, smuggling
and counterfeiting
 A source of new data to combat terrorism, espionage and organized crime
 Adapts and evolves over time to address ongoing and emerging threats

18. 18
Lifecycle Management of the Mobile Device Ecosystem
Manage, Analyze and Enforce National Policy in a Single Framework

19. 19
Lifecycle of the Mobile Device from Entry to Exit
Use Case: Tracking the Mobile Device IMEI-IMSI-MSISDN Triplet

20. 20
Learn from Each Use while Enforcing Policy

21. 21
Active Management of Corrupted IMEI Range
Use Case Example: Cloned Device Transfer Restriction

22. 22
Real Time Device Theft Prevention
Use Case: Blocking Stolen Devices

23. 23
Key Factors for Success in Market
• Consistent data collection, policy enforcement within all operators
• Sharing of domestic data generated and collected by device manufacturers,
operators, government, industry consortiums, other industry actors
• Flexible to Market-Specific Law Enforcement, National Security, Finance
Ministry needs
• Public Education
• Minimized Burden on Operators and Point of Sale
• Device Registries must be able to adapt to changing threats

24. 24
National Mobile Device Registration:
Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
tjasionowski@iconectiv.com
+1 781 775 3080