This document discusses issues with mobile device theft and strategies for addressing it. It notes that over 230,000 mobile phones were stolen in England, Wales and Scotland from 2010-2020, but only 1% were recovered. Existing solutions that blacklist stolen devices are ineffective at deterring theft as they are too slow. The document proposes a national mobile device registry that would automate data collection, analysis and enforcement across all mobile networks in a country. This would help deter theft, detect illicit devices and behaviors, and adapt to emerging threats over time through active management of device data. Consistent policies are needed across operators as well as data sharing to effectively address theft and other mobile security issues.
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
National Mobile Device Registration
1. 1
National Mobile Device Registration:
Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
tjasionowski@iconectiv.com
+1 781 775 3080
2. 2
Device Identification by IMEI
International Mobile Equipment Identity
GSM 03.03 standardized the
IMEI format to 15 digits
Each TAC range should
represent a globally unique
device and configuration
Identifies the device
throughout the supply chain
and in network deployment
2
4. 4
National IMEI Registries No Longer Deter Mobile Theft
“Police forces in England, Wales and Scotland have dealt with 230,000 street crimes
where a mobile phone was stolen since 2010, but recovered just 1pc of those stolen.
The true scale of the crime may be far higher than the official figures, as many thefts are
not reported.
LV= estimates that the overall number of stolen mobiles is more likely to be 400,000 for
this period, as four in ten mobile theft victims say they never reported the crime to the
police.”
5. 5
Traditional C-EIR Solutions are Ineffective Deterrent
Use Case: Sample Theft Reporting Scheme v. Theft Scenario
Existing reactive centralized
solutions are too slow to deter theft
Illegal processes move faster than legal
ones
Ownership of device established after
need, not before
Block doesn’t impact the original thief,
only intermediaries and additional victims
Relies on consistent timeline for
enforcement on individual operators
7. 7
Sometimes It’s Not About Terminal Theft
Increasing use of SIM cards in
M2M applications lead to crime
and fraud in unanticipated ways
Illegitimate reporting can be used
to undermine these applications
with little paper trail and little
reprecussion
8. 8
Two Years Ago: 2G Knockoffs of Modern Devices
Nokia E71
Symbian 3.1
Single SIM
3G/2G
801.11b/g
Symbian Browser
Mail for Exchange
2012 Street Price: $260
Chang Jiang E71
Touch Screen
Java Phone
Dual SIM
2G
802.11b/g
Opera Browser
Facebook
Analog TV
2012 Street Price: $40-60
9. 9
Sony Experia S: Modern 2012 Android Devices
Released February 2012
Aka Sony LT26i
Qualcomm MSM8260 Snapdragon
Dual-core 1.5 GHz
Single SIM
GSM:850/900/1800/1900 MHz
WCDMA:850/900/1900/2100 MHz
Android 2.3 upgradable to 4.x
GMSA TAC Assignment
Type Allocation Code: 35171005
Sony Ericsson
IMEIs Pass Luhn Check
Amazon Price: US$450
10. 10
Star X26i: Modern 2012 Android Counterfeit
Purchased August 2012
Sold as Star X26i
MediaTek MT6575 1Ghz Chipset
Dual SIM
GSM:850/900/1800/1900 MHz
WCDMA:900/2100 MHz
Android 4.0.3 (Ice Cream Sandwich)
Duplicates a Legitimate Device IMEI
Claimed Type Allocation Code: 35626003
Cheng Uwei Precision Industry
Model OX-11
GMS:900/1800 MHz
IMEIs Pass Luhn Check
Market Price in Hong Kong: US$150
Wholesale Price: <$115 (estimated)
11. 11
IMEI-only Blocking Can Have Consequences
Use Case Example: Theft Involving Phone with Replicated IMEI
12. 12
Recent Experiences in Other Countries
Mexico
Law passed in 2009 requiring all handsets to register with operator
Intent was to deter drug-related crimes, kidnapping
After one year, only an estimated 60-70% of phones had registered
Rather than shut off 40% of domestic mobile devices, law rescinded in May 2011
India
Invalid IMEI devices prohibited from network in early 2010 in wake of 2008 Mumbai
attacks
15-20M handsets turned off by government in June 2010
Additional IMEI ranges banned after non-compliant handsets reprogrammed to use
other ranges
Automated central registry now in late planning phase
13. 13
Mobile Devices Increasingly Play in National Policies
Theft Smuggling
Rising mobile devices average
selling prices, social pressures
and fluid resale markets driving
device theft and, in many cases,
injury or death associated with the
act
Greymarket importation of mobile
devices, underground market
channels undermining government
collection of import duties and
GST/VAT
Terrorism and Organized Crime Uncertified Devices
Mobile phones increasingly used in
the planning and execution of
terrorist and criminal acts, including
kidnapping, money laundering and
improvised explosive device (IED)
triggering
Uncertified mobile devices displace
legitimate manufacturers,
undermine existing network
countermeasures, disrupt national
industrial policies, and impact
overall mobile network performance
14. 14
Best Practice: Proactively Deter, Detect Illicit Behavior
Make theft, counterfeiting, smuggling less lucrative by accerating action
Automate blocking of device rather than waiting for expensive
manual processes
Look for evidence of reprogramming, duplicate IMEIs and other
negative factors in operating device stock and use this knowledge
to better manage restrictions consistently across all national mobile
networks
Provide real-time theft data to law enforcement, customs to track
down, prosecute thieves and smugglers
15. 15
Best Practice: Automate Data Collection, Enforcement
Use Existing Industry and Operator Data Sources to Make Better Decisions
Broaden the data set by leveraging data already available or
collected by device manufacturers, operators, government and
industry consortiums
Reduce Overall Burden on Operators, Manufacturers and Point of
Sale
Eliminate human factors in data collection, when possible
16. 16
Best Practice: Move Beyond Device Blacklists
Compel Action through Messaging, Eoonomic Penalties and Timers
For devices sharing the same IMEI range or other illicit behaviors,
immediately blocking can be counterproductive
Industry needs to create broader economic disincentives for use of
illicit mobile devices
17. 17
iconectiv’s Device Registry
A unified, national infrastructure for management of mobile equipment
Applies a new economic operating model over a nation’s mobile equipment ecosystem
Cross-operator scheme to collect, analyze and act against a variety of mobile network-
based threats
Focuses on tracking, modifying and managing consumer behavior over time
Implements a common, automated data collection scheme across operators
Enables cross-Operator analytics and reporting while maintaining structural separation
of data
A flexible platform that adapts to new and changing threats
Tracks and correlates devices, subscribers and roaming mobiles across all mobile
networks on a common timeline
Provides a common enforcement regime to detect, react and discourage theft, smuggling
and counterfeiting
A source of new data to combat terrorism, espionage and organized crime
Adapts and evolves over time to address ongoing and emerging threats
18. 18
Lifecycle Management of the Mobile Device Ecosystem
Manage, Analyze and Enforce National Policy in a Single Framework
19. 19
Lifecycle of the Mobile Device from Entry to Exit
Use Case: Tracking the Mobile Device IMEI-IMSI-MSISDN Triplet
23. 23
Key Factors for Success in Market
• Consistent data collection, policy enforcement within all operators
• Sharing of domestic data generated and collected by device manufacturers,
operators, government, industry consortiums, other industry actors
• Flexible to Market-Specific Law Enforcement, National Security, Finance
Ministry needs
• Public Education
• Minimized Burden on Operators and Point of Sale
• Device Registries must be able to adapt to changing threats
24. 24
National Mobile Device Registration:
Issues, Strategies and Solutions
Timothy Jasionowski
Vice President,
Product Management
tjasionowski@iconectiv.com
+1 781 775 3080