SlideShare ist ein Scribd-Unternehmen logo

Handset Theft - A Case Study

Ministerio TIC Colombia
Ministerio TIC Colombia

Matias Fernandez Diaz, Regulatory Manager, GSMA LA James Moran, Security Director GSMA

1 von 21
Downloaden Sie, um offline zu lesen
Handset Theft - A Case Study Matias Fernandez Diaz, Regulatory Manager, GSMA LA James Moran, Security Director GSMA Restricted - Confidential Information © GSMA 2011 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
Restricted - Confidential Information © GSMA 2011 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
CITEL Recommendations “measures have proven insufficient to combat this illicit industry” Introduce blacklisting of stolen devices in individual countries Exchange blacklist data regionally using solutions such as IMEI Database Raise public awareness of handset theft and the need to buy from reputable sources States to criminalise IMEI changing or other circumvention of blacklisting States to better control important and movement of mobile handsets Sellers of handsets to only buy and provide for sale those with a secure IMEI Operators to report instances of IMEI security weakness for investigation “criminal organizations profiting from this business take advantage of the absence of information exchange and of blockage at the international level” © GSMA 2011 3
Why does the Industry need to share IMEI information of stolen devices on a regional basis? Crime related to handset theft is growing at high pace in the region. These issues have high impact due to crime and murder derived in government involvement. Latin American countries committed to act against handset theft in their country but with a regional approach (CITEL- PCC.I/RES. 189). Some countries have signed bilateral agreements to share stolen IMEI information. Many regulators and governments have The region needs to avoid fragmentation, and requested GSMA LA commitment from all parties, public and private. support to share stolen 13 Groups of mobile operators signed the Latin IMEI information on a American Mobile Operators commit to combat regional basis. mobile device theft. All operations to be connected by Mar 13 © GSMA 2011 4
Handset Theft in United Kingdom A Case Study © GSMA 2011 5
Handset Theft - The UK Problem Handset theft considered to be a major social issue with claims that it constituted 52% of street crime Handset theft had increased 500% and emergence of smart phones raised second hand value Every stolen phone causes misery, possible violence and psychological and life changing consequences Onus on industry and governments to work together to introduce effective countermeasures Problem not of industry’s making but it was willing to play its part to help combat theft Need to work together to combat the problem © GSMA 2011 6
Collaborative Approach to Combat Theft Handset theft is a challenge but presented industry and government with an opportunity to show leadership Local legislation needed to specifically outlaw the changing of IMEIs, importation of spurious devices, etc. Improved levels of handset security needed to provide a more robust IMEI that is less vulnerable to change Deployment of EIRs by network operators to blacklist stolen handsets on local networks Agreement between operators to share data and blacklist stolen handsets across networks via IMEI Database © GSMA 2011 7
The GSMA IMEI Database What is the GSMA IMEI DB? Benefits of Sharing Data? Centrally located database of valid and National/regional databases allow operators agree their stolen handset IMEIs to which operators own blacklisting code of practice to preserve data integrity. may connect to upload and download Volume of data to be uploaded, downloaded and data to control mobile device access on maintained is more manageable their networks Data uploaded to a regional database is also placed in a ‘global’ database thereby preserving master database Why Share Data Nationally The sharing of data on a national/regional level ought to /Regionally? be sufficient to satisfy the requirements of law enforcement agencies, governments, etc. Isolated EIRs on individual networks are of little use as a deterrent Lack of data sharing across networks Why use GSMA IMEI Database? allows stolen handsets to migrate Scale – maximize value by sharing with more operators from one network to another Non competitive - operators agree blocking rules Sharing of IMEI data can result in a Free - hosted by GSMA for benefit of all stakeholders substantial reduction in handset theft Flexible - facilitates national and regional data sharing Sharing of IMEI data on a Easy - File formats, procedures, tests etc. available national/regional level is most Stable - in existence since 1996 supported by all EIRs effective way to combat handset theft Suitable - meets needs of all stakeholders © GSMA 2011 8
Global Black List Ecosystem Black List Info GSMA IMEI DB (CEIR) Black list information reported by operators Global black list distributed back to operators by GSMA IMEI database is Central Equipment Identity Register (CEIR) © GSMA 2011 Effective management requires one global black list 9
IMEI Integrity Need to preserve integrity of IMEI is critical to support the various uses of the identifier – IMEI differentiates between genuine and black/grey market devices – Legitimate IMEI ranges ensures spurious IMEIs can be identified – IMEI integrity necessary to provide confidence in stolen handset barring Much progress made by industry to enhance integrity of IMEI implementations: – Industry agreed technical security design principles – IMEI security weakness reporting and correction process established – Contract in place with third party to proactively report security weaknesses © GSMA 2011 10
IMEI Security Initiatives Technical security design principles agreed with manufacturers Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service © GSMA 2011 11
IMEI Security Technical Design Principles 1. Uploading, downloading and storage of executable code and sensitive data 2. Protection of components’ executable code and sensitive data 3. Protection against exchange of data/ software between devices 4. Protection of executable code and sensitive data from external attacks 5. Prevention of download of a previous software version 6. Detection of, and response to, unauthorised tampering 7. Software quality measures 8. Hidden menus 9. Prevention of hardware substitution © GSMA 2011 12
IMEI Security Reporting Recognises dual processes of reporting and resolution of product weaknesses Process allows operators to notify GSMA of identified weaknesses Process engages with manufacturers and operators centrally rather than locally Accelerates cooperation with manufacturers on security levels © GSMA 2011 13
Supporting Manufacturers © GSMA 2011 14
IMEI Integrity – Significant Progress Made 2010 - 11 number of allegations was 120 – down from 286 in the previous year - 58% decrease following a 17% decrease the previous year Hacking tools impact just 6 manufacturers – down from 11 in the previous year - 45% decrease Number of hacking tools is just 11 - down from 39 in the previous year - 72% decrease Only 6 of the hacking tools are new - other 5 were included in the 39 tools that emerged the previous year - new tools is down by 85% 83% of compromised device models pertain to just two manufacturers with whom GSMA is working 120 compromised models relates to just 0.01% of allocated TACs in the last year! Significant progress has been made © GSMA 2011 15
Outcomes IMEI blocking capabilities in place across all networks Connection established to the IMEI Database to share data locally and internationally Manufacturer commitment recruited for improved security of IMEI implementations Legislation introduced to combat IMEI reprogramming Significant public awareness campaigns undertaken to heighten awareness of blocking capabilities Dedicated police unit (National Mobile Phone Crime Unit) established to focus on mobile phone theft 42% reduction in theft levels in first year and steady decline since © GSMA 2011 16
Success Factors Co-operative spirit between all stakeholders Mutual recognition of the need to combat handset theft Voluntary undertakings avoided need for regulation Need to focus and target devices - not users Measures must be consumer friendly Focus on effective solutions only – Improved IMEI security – Supportive legislation – Blacklisting and not whitelisting Theft levels and solution effectiveness need to be measured © GSMA 2011 17
Lessons Learned Theft is a global problem and requires an international solution to combat cross border trafficking of devices National databases result in fragmentation & an incomplete solution Industry and government must work together and align with international initiatives and best practice Focus must be on devices and not negatively impact legitimate users, circulation of devices and competition Resources must be focussed on workable and effective measures Self regulatory initiatives can go beyond what regulation can achieve Absolute elimination of theft is unachievable but holistic measures can significantly reduce theft levels Sufficient technical capabilities exist in global standards and via GSMA © GSMA 2011 18
Available GSMA Support Regarded as a trusted knowledge source on handset theft matters having worked with operators and governments in over 80 countries Provide IMEI Database functionality free of charge for whitelisting and blacklisting purposes Assist network operators with their data sharing initiatives by facilitating discussions on agreeing the rules and processes in a memorandum of understanding Provide IMEI number range data to national authorities that may require it Continued work on IMEI security levels © GSMA 2011 19
Collective efforts can be effective … they just need to be aligned! © GSMA 2011 20
Thank you for your attention Any Questions? James Moran Security Director GSM Association http://www.gsma.com/technicalprojects/fraud-security/ http://www.gsma.com/latinamerica/gsma-latin-america/handset-theft-in- latin-america-the-gsma-imei-database/ © GSMA 2011 21

Empfohlen

Innovation Summit 2015 - 08 - gsma
Innovation Summit 2015 - 08 - gsmaInnovation Summit 2015 - 08 - gsma
Innovation Summit 2015 - 08 - gsma
Thibault Cantegrel
 
Internet of Things Software SIG
Internet of Things Software SIGInternet of Things Software SIG
Internet of Things Software SIG
Mohammad Khatib
 
Amol Jadhav: mAgri
Amol Jadhav: mAgriAmol Jadhav: mAgri
Amol Jadhav: mAgri
Centre for Global Equality
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Telecommunications Organisation
 
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
Future Cities Project
 
Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012
Adrian Treacy
 
DIA 2_01 mobile money_business_models_gsma
DIA 2_01 mobile money_business_models_gsmaDIA 2_01 mobile money_business_models_gsma
DIA 2_01 mobile money_business_models_gsma
Centro de Informação de Negócios - CIN Moçambique
 
Future Communications
Future CommunicationsFuture Communications
Future Communications
Valter Wolf
 

Empfohlen

Innovation Summit 2015 - 08 - gsma
Innovation Summit 2015 - 08 - gsmaInnovation Summit 2015 - 08 - gsma
Innovation Summit 2015 - 08 - gsma
Thibault Cantegrel
 
Internet of Things Software SIG
Internet of Things Software SIGInternet of Things Software SIG
Internet of Things Software SIG
Mohammad Khatib
 
Amol Jadhav: mAgri
Amol Jadhav: mAgriAmol Jadhav: mAgri
Amol Jadhav: mAgri
Centre for Global Equality
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Telecommunications Organisation
 
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
2014 Future Cities Conference / Craig Aldridge "GSMA Smart Cities"
Future Cities Project
 
Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012Mobile.Broadband Dan.Warren 101012
Mobile.Broadband Dan.Warren 101012
Adrian Treacy
 
DIA 2_01 mobile money_business_models_gsma
DIA 2_01 mobile money_business_models_gsmaDIA 2_01 mobile money_business_models_gsma
DIA 2_01 mobile money_business_models_gsma
Centro de Informação de Negócios - CIN Moçambique
 
Future Communications
Future CommunicationsFuture Communications
Future Communications
Valter Wolf
 
Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?
Dan Mårtensson
 
Learnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business valueLearnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business value
Dan Mårtensson
 
FirstPartner 2015 M2M & IoT Market Map
FirstPartner 2015 M2M & IoT Market MapFirstPartner 2015 M2M & IoT Market Map
FirstPartner 2015 M2M & IoT Market Map
FirstPartner
 
eCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
eCMO Conference 2013 - NFC Global Opportunity, Progress and ChallengeeCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
eCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
HKAIM
 
Embedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applicationsEmbedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applications
M2M Alliance e.V.
 
Views and practice on digital transformation
Views and practice on digital transformationViews and practice on digital transformation
Views and practice on digital transformation
Hau Chen Mike Lee
 
M2 m overview_18112013
M2 m overview_18112013M2 m overview_18112013
M2 m overview_18112013
Saida Yengui
 
Mobile Monday Jakarta - Machine-to-Machine
Mobile Monday Jakarta - Machine-to-MachineMobile Monday Jakarta - Machine-to-Machine
Mobile Monday Jakarta - Machine-to-Machine
PRASIMAX
 
KPN Innovation Playground webinar 2 sep 2020
KPN Innovation Playground webinar 2 sep 2020 KPN Innovation Playground webinar 2 sep 2020
KPN Innovation Playground webinar 2 sep 2020
Fabian van Prooijen
 
Internet of Things (IoT) Business & Technology & Patent Integrated Strategy
Internet of Things (IoT) Business & Technology & Patent Integrated StrategyInternet of Things (IoT) Business & Technology & Patent Integrated Strategy
Internet of Things (IoT) Business & Technology & Patent Integrated Strategy
Alex G. Lee, Ph.D. Esq. CLP
 
Machine-to-Machine Solutions (2011)
Machine-to-Machine Solutions (2011)Machine-to-Machine Solutions (2011)
Machine-to-Machine Solutions (2011)
Marc Jadoul
 
3. Peter Hermans - Stedin
3. Peter Hermans - Stedin3. Peter Hermans - Stedin
3. Peter Hermans - Stedin
Dutch Power
 
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operatorsMNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
3G4G
 
industrial IoT can monitor critical machinery
industrial IoT can monitor critical machineryindustrial IoT can monitor critical machinery
industrial IoT can monitor critical machinery
Dan Yarmoluk
 
Telecommunication trends in 2013 and beyond
Telecommunication trends in 2013 and beyondTelecommunication trends in 2013 and beyond
Telecommunication trends in 2013 and beyond
Ahmad Yokasano
 
EiTESAL 4G Technology Impact
EiTESAL 4G Technology ImpactEiTESAL 4G Technology Impact
EiTESAL 4G Technology Impact
EITESANGO
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021
paul young cpa, cga
 
Internet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from PatentsInternet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016
Paddy Collins
 
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Mahbubul Alam
 
Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
Ministerio TIC Colombia
 
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
Ministerio TIC Colombia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?
Dan Mårtensson
 
M2 m overview_18112013
M2 m overview_18112013M2 m overview_18112013
M2 m overview_18112013
Saida Yengui
 
industrial IoT can monitor critical machinery
industrial IoT can monitor critical machineryindustrial IoT can monitor critical machinery
industrial IoT can monitor critical machinery
Dan Yarmoluk
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021
paul young cpa, cga
 
Internet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from PatentsInternet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016
Paddy Collins
 
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Mahbubul Alam
 

Was ist angesagt? (20)

Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?Creating a Truly Global Connectivity Solution - Is It Even Possible?
Creating a Truly Global Connectivity Solution - Is It Even Possible?
 
Learnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business valueLearnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business value
 
FirstPartner 2015 M2M & IoT Market Map
FirstPartner 2015 M2M & IoT Market MapFirstPartner 2015 M2M & IoT Market Map
FirstPartner 2015 M2M & IoT Market Map
 
eCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
eCMO Conference 2013 - NFC Global Opportunity, Progress and ChallengeeCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
eCMO Conference 2013 - NFC Global Opportunity, Progress and Challenge
 
Embedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applicationsEmbedded SIM New opportunities for security sensitive IoT applications
Embedded SIM New opportunities for security sensitive IoT applications
 
Views and practice on digital transformation
Views and practice on digital transformationViews and practice on digital transformation
Views and practice on digital transformation
 
M2 m overview_18112013
M2 m overview_18112013M2 m overview_18112013
M2 m overview_18112013
 
Mobile Monday Jakarta - Machine-to-Machine
Mobile Monday Jakarta - Machine-to-MachineMobile Monday Jakarta - Machine-to-Machine
Mobile Monday Jakarta - Machine-to-Machine
 
KPN Innovation Playground webinar 2 sep 2020
KPN Innovation Playground webinar 2 sep 2020 KPN Innovation Playground webinar 2 sep 2020
KPN Innovation Playground webinar 2 sep 2020
 
Internet of Things (IoT) Business & Technology & Patent Integrated Strategy
Internet of Things (IoT) Business & Technology & Patent Integrated StrategyInternet of Things (IoT) Business & Technology & Patent Integrated Strategy
Internet of Things (IoT) Business & Technology & Patent Integrated Strategy
 
Machine-to-Machine Solutions (2011)
Machine-to-Machine Solutions (2011)Machine-to-Machine Solutions (2011)
Machine-to-Machine Solutions (2011)
 
3. Peter Hermans - Stedin
3. Peter Hermans - Stedin3. Peter Hermans - Stedin
3. Peter Hermans - Stedin
 
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operatorsMNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
 
industrial IoT can monitor critical machinery
industrial IoT can monitor critical machineryindustrial IoT can monitor critical machinery
industrial IoT can monitor critical machinery
 
Telecommunication trends in 2013 and beyond
Telecommunication trends in 2013 and beyondTelecommunication trends in 2013 and beyond
Telecommunication trends in 2013 and beyond
 
EiTESAL 4G Technology Impact
EiTESAL 4G Technology ImpactEiTESAL 4G Technology Impact
EiTESAL 4G Technology Impact
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021
 
Internet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from PatentsInternet of Things (IoT) Smart City Insights from Patents
Internet of Things (IoT) Smart City Insights from Patents
 
Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016Vodafone IoT Barometer 2016
Vodafone IoT Barometer 2016
 
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
Machine-to-Machine Services - E2E Architecture and A View to the Trillion End...
 

Andere mochten auch

Estrategia contra el hurto de celulares policía nacional
Estrategia contra el hurto de celulares policía nacional Estrategia contra el hurto de celulares policía nacional
Estrategia contra el hurto de celulares policía nacional
Ministerio TIC Colombia
 
Property insurance(finished)
Property insurance(finished)Property insurance(finished)
Property insurance(finished)
RandyBett
 
MMU: Results from the 2012 Global Mobile Money Adoption Survey
MMU: Results from the 2012 Global Mobile Money Adoption SurveyMMU: Results from the 2012 Global Mobile Money Adoption Survey
MMU: Results from the 2012 Global Mobile Money Adoption Survey
GSMA Mobile for Development
 
Optimising mobile signature v4
Optimising mobile signature v4Optimising mobile signature v4
Optimising mobile signature v4
moldovaictsummit
 
MMU Webinar: Agent Training (French) - Oct 10, 2012
MMU Webinar: Agent Training (French) - Oct 10, 2012MMU Webinar: Agent Training (French) - Oct 10, 2012
MMU Webinar: Agent Training (French) - Oct 10, 2012
GSMA Mobile for Development
 
Sebastian M. Cabello, 4G y el Dividendo Digital en América Latina
Sebastian M. Cabello, 4G y el Dividendo Digital en América LatinaSebastian M. Cabello, 4G y el Dividendo Digital en América Latina
Sebastian M. Cabello, 4G y el Dividendo Digital en América Latina
Ahciet
 
The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013
GSMA Mobile for Development
 

Andere mochten auch (20)

Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
Estrategia Nacional contra el Hurto de Celulares Política Nacional de Segurid...
 
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
HURTO DE CELULARES: PROBLEMA DE SEGURIDAD PUBLICA - ICPO – INTERPOL
 
Estrategia contra el hurto de celulares policía nacional
Estrategia contra el hurto de celulares policía nacional Estrategia contra el hurto de celulares policía nacional
Estrategia contra el hurto de celulares policía nacional
 
Tuenti - tu entidad
Tuenti - tu entidadTuenti - tu entidad
Tuenti - tu entidad
 
Qué es Tuenti
Qué es TuentiQué es Tuenti
Qué es Tuenti
 
Tuenti
TuentiTuenti
Tuenti
 
Tuenti
TuentiTuenti
Tuenti
 
Property insurance(finished)
Property insurance(finished)Property insurance(finished)
Property insurance(finished)
 
Cover notes policy drafting
Cover notes policy draftingCover notes policy drafting
Cover notes policy drafting
 
Identity theft protection company keepmy id.org
Identity theft protection company keepmy id.orgIdentity theft protection company keepmy id.org
Identity theft protection company keepmy id.org
 
Ch 4 underwriting policy and practice
Ch 4 underwriting policy and practiceCh 4 underwriting policy and practice
Ch 4 underwriting policy and practice
 
CPCU 520 Chapter Five
CPCU 520 Chapter FiveCPCU 520 Chapter Five
CPCU 520 Chapter Five
 
MMU: Results from the 2012 Global Mobile Money Adoption Survey
MMU: Results from the 2012 Global Mobile Money Adoption SurveyMMU: Results from the 2012 Global Mobile Money Adoption Survey
MMU: Results from the 2012 Global Mobile Money Adoption Survey
 
Optimising mobile signature v4
Optimising mobile signature v4Optimising mobile signature v4
Optimising mobile signature v4
 
MMU Webinar: Agent Training (French) - Oct 10, 2012
MMU Webinar: Agent Training (French) - Oct 10, 2012MMU Webinar: Agent Training (French) - Oct 10, 2012
MMU Webinar: Agent Training (French) - Oct 10, 2012
 
GSMA mAgri Webinar: Designing & Marketing Mobile Information & Advisory Servi...
GSMA mAgri Webinar: Designing & Marketing Mobile Information & Advisory Servi...GSMA mAgri Webinar: Designing & Marketing Mobile Information & Advisory Servi...
GSMA mAgri Webinar: Designing & Marketing Mobile Information & Advisory Servi...
 
Sebastian M. Cabello, 4G y el Dividendo Digital en América Latina
Sebastian M. Cabello, 4G y el Dividendo Digital en América LatinaSebastian M. Cabello, 4G y el Dividendo Digital en América Latina
Sebastian M. Cabello, 4G y el Dividendo Digital en América Latina
 
Mobile Commerce
Mobile CommerceMobile Commerce
Mobile Commerce
 
The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013
 
mAgri Webinar: Mobile market information systems for farmers: requirements fo...
mAgri Webinar: Mobile market information systems for farmers: requirements fo...mAgri Webinar: Mobile market information systems for farmers: requirements fo...
mAgri Webinar: Mobile market information systems for farmers: requirements fo...
 

Ähnlich wie Handset Theft - A Case Study

7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum
kkvences
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
David Rogers
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011
CPPGroup Plc
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Siddharth Rao
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
Jacqueline Fick
 

Ähnlich wie Handset Theft - A Case Study (20)

National Mobile Device Registration
National Mobile Device RegistrationNational Mobile Device Registration
National Mobile Device Registration
 
7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum
 
Mobile phone cloning
Mobile phone cloningMobile phone cloning
Mobile phone cloning
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
V4I5201553
V4I5201553V4I5201553
V4I5201553
 
IoT security presented in Ada's List Conference
IoT security presented in Ada's List ConferenceIoT security presented in Ada's List Conference
IoT security presented in Ada's List Conference
 
Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...
Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...
Mavenir: Evolution of Real-Time Machine Learning (RRML) in Core Network Secur...
 
Phone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden historyPhone Hacking: A lucrative, but largely hidden history
Phone Hacking: A lucrative, but largely hidden history
 
Mobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermentedMobile cloning modified with images and bettermented
Mobile cloning modified with images and bettermented
 
mobile jammer ppt.pptx
mobile jammer ppt.pptxmobile jammer ppt.pptx
mobile jammer ppt.pptx
 
MOBILE CLONING- HOW TO PREVENT CELLPHONE CLONING IN CDMA ENVIRONMENT
MOBILE CLONING- HOW TO PREVENT CELLPHONE CLONING IN CDMA ENVIRONMENTMOBILE CLONING- HOW TO PREVENT CELLPHONE CLONING IN CDMA ENVIRONMENT
MOBILE CLONING- HOW TO PREVENT CELLPHONE CLONING IN CDMA ENVIRONMENT
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
Mobile cloning
Mobile cloningMobile cloning
Mobile cloning
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Why Managing Mobility Matters
Why Managing Mobility MattersWhy Managing Mobility Matters
Why Managing Mobility Matters
 

Mehr von Ministerio TIC Colombia

VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
Ministerio TIC Colombia
 

Mehr von Ministerio TIC Colombia (20)

Presentación - ComparTIC Octubre 2019
Presentación - ComparTIC Octubre 2019Presentación - ComparTIC Octubre 2019
Presentación - ComparTIC Octubre 2019
 
Avanza la subasta del espectro de 700, 1.900 y 2.500 MHz
Avanza la subasta del espectro de 700, 1.900 y 2.500 MHzAvanza la subasta del espectro de 700, 1.900 y 2.500 MHz
Avanza la subasta del espectro de 700, 1.900 y 2.500 MHz
 
Audiencia Pública de la subasta del espectro de las bandas 700, 1900 y 2500 Mhz
Audiencia Pública de la subasta del espectro de las bandas 700, 1900 y 2500 MhzAudiencia Pública de la subasta del espectro de las bandas 700, 1900 y 2500 Mhz
Audiencia Pública de la subasta del espectro de las bandas 700, 1900 y 2500 Mhz
 
Presentación de la Ministra TIC en Andicom 2019
Presentación de la Ministra TIC en Andicom 2019Presentación de la Ministra TIC en Andicom 2019
Presentación de la Ministra TIC en Andicom 2019
 
Presentación - ComparTIC Agosto 2019
Presentación - ComparTIC Agosto 2019Presentación - ComparTIC Agosto 2019
Presentación - ComparTIC Agosto 2019
 
Reglamentación Ley 1978 de 2019
Reglamentación Ley 1978 de 2019Reglamentación Ley 1978 de 2019
Reglamentación Ley 1978 de 2019
 
ComparTIC junio de 2019| ¡Así quedó la Ley TIC!
ComparTIC junio de 2019| ¡Así quedó la Ley TIC! ComparTIC junio de 2019| ¡Así quedó la Ley TIC!
ComparTIC junio de 2019| ¡Así quedó la Ley TIC!
 
ComparTIC de abril
ComparTIC de abril ComparTIC de abril
ComparTIC de abril
 
ComparTIC, marzo 15 de 2019
ComparTIC, marzo 15 de 2019ComparTIC, marzo 15 de 2019
ComparTIC, marzo 15 de 2019
 
ComparTIC: Logros año 2018
ComparTIC: Logros año 2018ComparTIC: Logros año 2018
ComparTIC: Logros año 2018
 
ComparTIC: Logros Octubre de 2018
ComparTIC: Logros Octubre de 2018ComparTIC: Logros Octubre de 2018
ComparTIC: Logros Octubre de 2018
 
ComparTIC: Logros Septiembre de 2018
ComparTIC: Logros Septiembre de 2018ComparTIC: Logros Septiembre de 2018
ComparTIC: Logros Septiembre de 2018
 
El Futuro Digital es de Todos #Andicom2018
El Futuro Digital es de Todos #Andicom2018El Futuro Digital es de Todos #Andicom2018
El Futuro Digital es de Todos #Andicom2018
 
TIC Day: Logros Final de Gobierno 2010-2018
TIC Day: Logros Final de Gobierno 2010-2018TIC Day: Logros Final de Gobierno 2010-2018
TIC Day: Logros Final de Gobierno 2010-2018
 
8° Summit de Transformación Digital 2018
8° Summit de Transformación Digital 20188° Summit de Transformación Digital 2018
8° Summit de Transformación Digital 2018
 
Estrategia Contra Hurto de Celulares
Estrategia Contra Hurto de CelularesEstrategia Contra Hurto de Celulares
Estrategia Contra Hurto de Celulares
 
VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
VI Conferencia Ministerial sobre la Sociedad de la Información de América Lat...
 
Derechos de Autor - DNDA
Derechos de Autor - DNDADerechos de Autor - DNDA
Derechos de Autor - DNDA
 
Regulación para Operadores - CRC
Regulación para Operadores - CRCRegulación para Operadores - CRC
Regulación para Operadores - CRC
 
Espectro para Operadores - ANE
Espectro para Operadores - ANEEspectro para Operadores - ANE
Espectro para Operadores - ANE
 

Handset Theft - A Case Study

  • 1. Handset Theft - A Case Study Matias Fernandez Diaz, Regulatory Manager, GSMA LA James Moran, Security Director GSMA Restricted - Confidential Information © GSMA 2011 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
  • 2. Restricted - Confidential Information © GSMA 2011 All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy
  • 3. CITEL Recommendations “measures have proven insufficient to combat this illicit industry” Introduce blacklisting of stolen devices in individual countries Exchange blacklist data regionally using solutions such as IMEI Database Raise public awareness of handset theft and the need to buy from reputable sources States to criminalise IMEI changing or other circumvention of blacklisting States to better control important and movement of mobile handsets Sellers of handsets to only buy and provide for sale those with a secure IMEI Operators to report instances of IMEI security weakness for investigation “criminal organizations profiting from this business take advantage of the absence of information exchange and of blockage at the international level” © GSMA 2011 3
  • 4. Why does the Industry need to share IMEI information of stolen devices on a regional basis? Crime related to handset theft is growing at high pace in the region. These issues have high impact due to crime and murder derived in government involvement. Latin American countries committed to act against handset theft in their country but with a regional approach (CITEL- PCC.I/RES. 189). Some countries have signed bilateral agreements to share stolen IMEI information. Many regulators and governments have The region needs to avoid fragmentation, and requested GSMA LA commitment from all parties, public and private. support to share stolen 13 Groups of mobile operators signed the Latin IMEI information on a American Mobile Operators commit to combat regional basis. mobile device theft. All operations to be connected by Mar 13 © GSMA 2011 4
  • 5. Handset Theft in United Kingdom A Case Study © GSMA 2011 5
  • 6. Handset Theft - The UK Problem Handset theft considered to be a major social issue with claims that it constituted 52% of street crime Handset theft had increased 500% and emergence of smart phones raised second hand value Every stolen phone causes misery, possible violence and psychological and life changing consequences Onus on industry and governments to work together to introduce effective countermeasures Problem not of industry’s making but it was willing to play its part to help combat theft Need to work together to combat the problem © GSMA 2011 6
  • 7. Collaborative Approach to Combat Theft Handset theft is a challenge but presented industry and government with an opportunity to show leadership Local legislation needed to specifically outlaw the changing of IMEIs, importation of spurious devices, etc. Improved levels of handset security needed to provide a more robust IMEI that is less vulnerable to change Deployment of EIRs by network operators to blacklist stolen handsets on local networks Agreement between operators to share data and blacklist stolen handsets across networks via IMEI Database © GSMA 2011 7
  • 8. The GSMA IMEI Database What is the GSMA IMEI DB? Benefits of Sharing Data? Centrally located database of valid and National/regional databases allow operators agree their stolen handset IMEIs to which operators own blacklisting code of practice to preserve data integrity. may connect to upload and download Volume of data to be uploaded, downloaded and data to control mobile device access on maintained is more manageable their networks Data uploaded to a regional database is also placed in a ‘global’ database thereby preserving master database Why Share Data Nationally The sharing of data on a national/regional level ought to /Regionally? be sufficient to satisfy the requirements of law enforcement agencies, governments, etc. Isolated EIRs on individual networks are of little use as a deterrent Lack of data sharing across networks Why use GSMA IMEI Database? allows stolen handsets to migrate Scale – maximize value by sharing with more operators from one network to another Non competitive - operators agree blocking rules Sharing of IMEI data can result in a Free - hosted by GSMA for benefit of all stakeholders substantial reduction in handset theft Flexible - facilitates national and regional data sharing Sharing of IMEI data on a Easy - File formats, procedures, tests etc. available national/regional level is most Stable - in existence since 1996 supported by all EIRs effective way to combat handset theft Suitable - meets needs of all stakeholders © GSMA 2011 8
  • 9. Global Black List Ecosystem Black List Info GSMA IMEI DB (CEIR) Black list information reported by operators Global black list distributed back to operators by GSMA IMEI database is Central Equipment Identity Register (CEIR) © GSMA 2011 Effective management requires one global black list 9
  • 10. IMEI Integrity Need to preserve integrity of IMEI is critical to support the various uses of the identifier – IMEI differentiates between genuine and black/grey market devices – Legitimate IMEI ranges ensures spurious IMEIs can be identified – IMEI integrity necessary to provide confidence in stolen handset barring Much progress made by industry to enhance integrity of IMEI implementations: – Industry agreed technical security design principles – IMEI security weakness reporting and correction process established – Contract in place with third party to proactively report security weaknesses © GSMA 2011 10
  • 11. IMEI Security Initiatives Technical security design principles agreed with manufacturers Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service © GSMA 2011 11
  • 12. IMEI Security Technical Design Principles 1. Uploading, downloading and storage of executable code and sensitive data 2. Protection of components’ executable code and sensitive data 3. Protection against exchange of data/ software between devices 4. Protection of executable code and sensitive data from external attacks 5. Prevention of download of a previous software version 6. Detection of, and response to, unauthorised tampering 7. Software quality measures 8. Hidden menus 9. Prevention of hardware substitution © GSMA 2011 12
  • 13. IMEI Security Reporting Recognises dual processes of reporting and resolution of product weaknesses Process allows operators to notify GSMA of identified weaknesses Process engages with manufacturers and operators centrally rather than locally Accelerates cooperation with manufacturers on security levels © GSMA 2011 13
  • 15. IMEI Integrity – Significant Progress Made 2010 - 11 number of allegations was 120 – down from 286 in the previous year - 58% decrease following a 17% decrease the previous year Hacking tools impact just 6 manufacturers – down from 11 in the previous year - 45% decrease Number of hacking tools is just 11 - down from 39 in the previous year - 72% decrease Only 6 of the hacking tools are new - other 5 were included in the 39 tools that emerged the previous year - new tools is down by 85% 83% of compromised device models pertain to just two manufacturers with whom GSMA is working 120 compromised models relates to just 0.01% of allocated TACs in the last year! Significant progress has been made © GSMA 2011 15
  • 16. Outcomes IMEI blocking capabilities in place across all networks Connection established to the IMEI Database to share data locally and internationally Manufacturer commitment recruited for improved security of IMEI implementations Legislation introduced to combat IMEI reprogramming Significant public awareness campaigns undertaken to heighten awareness of blocking capabilities Dedicated police unit (National Mobile Phone Crime Unit) established to focus on mobile phone theft 42% reduction in theft levels in first year and steady decline since © GSMA 2011 16
  • 17. Success Factors Co-operative spirit between all stakeholders Mutual recognition of the need to combat handset theft Voluntary undertakings avoided need for regulation Need to focus and target devices - not users Measures must be consumer friendly Focus on effective solutions only – Improved IMEI security – Supportive legislation – Blacklisting and not whitelisting Theft levels and solution effectiveness need to be measured © GSMA 2011 17
  • 18. Lessons Learned Theft is a global problem and requires an international solution to combat cross border trafficking of devices National databases result in fragmentation & an incomplete solution Industry and government must work together and align with international initiatives and best practice Focus must be on devices and not negatively impact legitimate users, circulation of devices and competition Resources must be focussed on workable and effective measures Self regulatory initiatives can go beyond what regulation can achieve Absolute elimination of theft is unachievable but holistic measures can significantly reduce theft levels Sufficient technical capabilities exist in global standards and via GSMA © GSMA 2011 18
  • 19. Available GSMA Support Regarded as a trusted knowledge source on handset theft matters having worked with operators and governments in over 80 countries Provide IMEI Database functionality free of charge for whitelisting and blacklisting purposes Assist network operators with their data sharing initiatives by facilitating discussions on agreeing the rules and processes in a memorandum of understanding Provide IMEI number range data to national authorities that may require it Continued work on IMEI security levels © GSMA 2011 19
  • 20. Collective efforts can be effective … they just need to be aligned! © GSMA 2011 20
  • 21. Thank you for your attention Any Questions? James Moran Security Director GSM Association http://www.gsma.com/technicalprojects/fraud-security/ http://www.gsma.com/latinamerica/gsma-latin-america/handset-theft-in- latin-america-the-gsma-imei-database/ © GSMA 2011 21