NSA spying: What's the best phone encryption & IMEI random number generator? - Page 2

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On Sun, 08 Sep 2013 20:10:16 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Hi Jeff,
Ah. I knew you knew what you were talking about, since I know you.
So I'm glad you clarified. I never think about Verizon, since I'm  
a GSM person nowadays. So what you're saying is that, for CDMA
telcos, they *need* the IMEI to verify the account.

But, for GSM telco's, the IMEI is a (nearly) meaningless number  
from the standpoint (only) of identifying the account.

The IMEI, as you noted, is certainly a predictor of the telephone
capabilities though - but that's not the reason for my concerns so
I won't worry about data plans and software upgrades.

My Android phone isn't rooted (and I'm not really sure what that
even means) so, my first order of business is to figure out how
to ROOT the Android phone. Then I can worry about installing
the terminal emulator. And then I can change the IMEI.

On T-Mobile GSM, do you predict any negative repercussions from daily  
changing the IMEI number (assuming I generate a valid IMEI number)?


Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

I wouldn't say meaningless because if your fone is stolen  and you
know the IMEI they can block any fone with this EMEI from registering
on to their network.  Of course there is nothing stopping them from
going to another GSM / WCDMA carrier and  using it unless there is a
common stolen fone database running between carriers..

Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

Such databses exist between carriers in some countries, but I don't
think there is an international shared database of stolen phones.

Casper

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On Tue, 10 Sep 2013 08:01:22 +1200, Mutlley wrote:

Quoted text here. Click to load it

The record will show that, at least in the USA, the carriers have  
absolutely no interest in blocking stolen phones.

They won't do anything - as you can see from mine and other posts.

So, from _that_ perspective, the IMEI is a meaningless set of numbers.


Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it



I a number of countries in Europe, they are being forced by the
government.

Casper

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On Fri, 13 Sep 2013 07:52:59 +0000, Casper H.S. Dik wrote:

Quoted text here. Click to load it

It does seem that GSM IMEI numbers are more meaningful in the UK and in  
other European countries (and India, I believe, based only on anecdotal  
information from friends) than in the USA.

But, in the USA, GSM cellphones are so plentiful, I guess, that the two  
key GSM carriers don't do a thing if you call them to tell them yours was  
stolen. Nor does one of those two GSM carriers ever care what IMEI number  
you are using (from their service standpoint).

So, the point is that randomly changing IMEI numbers every day (which is  
the stated goal) should have virtually no meaning to my GSM carrier (T-
Mobile), so, if I accidentally goofed up, and created an IMEI number that  
turned out to be from a stolen phone, nothing bad would happen (AFAICT).

The only thing I'm not sure of is whether something bad would happen if I  
had the dastardly bad luck of choosing an IMEI number of a cell phone in  
the same cell as I was currently in.

Would *that* IMEI then cause a problem?


Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 13 Sep 2013 08:12:43 GMT, Misha wrote:
Quoted text here. Click to load it

Or, if you had the bad luck of choosing an IMEI number of a cell phone that  
the NSA was targeting by a drone -- just to bring it back to the Subject:

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On Fri, 13 Sep 2013 14:15:38 +0000, Allodoxaphobia wrote:

Quoted text here. Click to load it

Good point!

This response made me laugh, as I had NOT even thought of that!


Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 9/13/2013 7:15 AM, Allodoxaphobia wrote:
Quoted text here. Click to load it
The non-removable batteries are also a potential trojan horse as they  
still might provide tracking power even if the phone is supposedly  
turned off.

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 9/13/2013 10:54 PM, cameo wrote:
Quoted text here. Click to load it

You have a point here. No vendor runs their batteries down to zero. It  
is bad for the battery for one thing. Then if you undervoltage lockout  
scheme isn't foolproof, you can brick the phone. This has happened with  
some Windows phones, though I forget which brand. [Probably not Nokia  
since they have excellent engineers.]

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 13 Sep 2013 08:12:43 GMT, Misha wrote:

Quoted text here. Click to load it

Oh, they care, all right. And you should care too, if you think you'll ever
want the SIM subsidy code (or SUK) (for unlocking the phone to work with
some other carrier's SIM) -- for the SUK is found in a look-up table the
original carrier has, with key entry being the handset's factory IMEI.

And, actually, far more plentiful than GSM handsets in the USA are the CDMA
handsets that Verizon, Sprint, and their resellers, provide: such handsets
don't have 15 digit IMEI strings, they have alphanumeric, hex or dec MEID
strings (that you *cannot* pry out of the phone with a *#06# key sequence).

HTH. Cheers, -- tlvp
--  
Avant de repondre, jeter la poubelle, SVP.

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 9/13/2013 12:52 AM, Casper H.S. Dik wrote:
Quoted text here. Click to load it

The feds (I forget which flavor) are talking about cracking down on  
stolen phones in the US as well. You can google "apple picking". But the  
deal with apple phones is they can also be parted out due to a constant  
need for spare parts.

Maybe it is me, but I have an eye for people using iphones with cracked  
screens. Or maybe I attract them. Or maybe there are a lot of people  
with cracked iphones. That and broken home buttons.

Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

You can get new Apple iPhone parts out the back door from the same
vendors that supply Apple in China.  PCB's are another story.
Considering the difficulty of repairing the PCB's, I would expect
anything I buy "used" on eBay to have a fair chance of not quite
working correctly.

Believe it or not, but it's the FCC that's "cracking down" (or more
correctly, "cracking up").  
<http://www.pcmag.com/article2/0,2817,2402830,00.asp
<http://www.ctia.org/media/press/body.cfm/prid/2170
That was about 18 months ago, and predictably, nothing useful has
happened.

<http://www.attpublicpolicy.com/privacy/protecting-your-device-protecting-your-information/
    ... this summer, we’ll be launching a database that will enable  
    us to identify and disable stolen devices using a unique device
    identifier called IMEI and share that info with other GSM  
    carriers so any stolen device will be disabled on our network.
Note mention of AT&T using the IMEI number to disable the phone.

Quoted text here. Click to load it

You rang:
<http://www.11junk.com/jeffl/pics/repair/slides/Iphone4-cracked-screen-01.html
There's an interesting story here.  I found the iPhone 4 in the gutter
in downtown Boulder Creek, CA.  It had been run over by numerous
vehicles, resulting in the rather artistic display.  I could have been
evil, installed a replacement digitizer, and sold the phone.  Instead,
I needed a karma recharge, and decided to perform an un-natural act
and return it to it's owner.  I plug in the cable, and run iExplorer
on my PC.  That gave me the phone number, address book, and the call
history.  The 2nd to last called number turned out to be a mutual
acquaintance who gave me to the owners daughters phone number.  I
eventually talked the owner and arranged to return the phone.  It
seems the owner and his wife had both undergone hip replacement
surgery and really needed the phone to coordinate rides.  

I offered to fix the phone for the cost of parts ($30) plus about 30
minutes labor ($40) but the owner indicated that he had insurance from
Verizon.  So, I returned the phone with the cracked display.  Only
then did I looked up the terms of the Verizon (Asurion) iPhone
"replacement" insurance.  
<http://support.verizonwireless.com/support/features/calling_features/equipment_protection.html
$10/month with a $169 deductible.  The replacement phone is
refurbished, not new.  I can buy a used iPhone 4 on eBay for about
$250.  He's been paying the $10/month for over 2 years or $240 so far.
In effect, his replacement iPhone 4 just cost him at least:
  $240 + $169 = $409
which is hardly a bargain.  It would have been better and cheaper if I
had replaced the digitizer for about $70.




--  
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
Yeah, insurance on phones is a bad idea. By the time you break one, you  
can buy one on Craigs. Remember that you need to insure the phone is  
paid off.

I am assuming whatever iexplorer is can't work on a locked phone.



Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

Yep.  Several years ago, I found an iPhone 3G that had 1 month left on
a contract.  Verizon refused to activate it, even if I paid off the
remaining month of someone elses contract.  They consided my offer to
be reasonable, but their computer had no way to accept a payment on
someone elses account.  No clue if it's still the same today.

Quoted text here. Click to load it

<http://www.macroplant.com/iexplorer/
Correct.  You need the passcode.  The iPhone 4 that I found didn't
have the passcode set.

However, there are always work arounds and bug exploits:
<http://www.wikihow.com/Bypass-iPhone-Passcode



--  
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 9/15/2013 10:05 PM, Jeff Liebermann wrote:
Quoted text here. Click to load it

I am looking up douche bag in the dictionary. Ah, it says "see cellular  
provider."

Seriously, like you can't take over a contract? I mean there is still a  
credit check.

I only use Blackberries. You need to unlock the phone and the PC  
interface. Apple never got their 140-2 rating. Somehow Android managed  
to get fips rated. Their security is dubious at best.

It never occurred to me to use the emergency mode of the phone, but it  
makes sense because that is the one thing that isn't locked.




Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

Mostly correct.  In theory, the GSM vendor would not need to know the
IMEI number.  Reality is quite different:
1.  The SIM card identifies the owner and stores his data.  However,
if the phone is vendor locked, it ties the SIM ID to the IMEI,
effectively making it impossible to move the SIM card to a different
phone.  A less draconian vendor lock looks at only the vendor, model,
and service provider parts of the IMEI, and just locks the SIM to
those numbers.  That allows the dealer to replace one smartphone, with
a similar model, and not have to update the SIM.

2.  The IMEI defines the maker and model of the phone, and it's
features.  If those demonstrate that the phone is a smart phone, the
vendor tacks another $30/month onto the bill for data service, even if
it wasn't requested or ordered.  I did this by accident.  I picked up
a basic phone that someone had hacked with the IMEI for an iPhone 3G.
I didn't recognize the problem.  When I activated the phone for a
customer, I found a data service charge tacked onto their bill.  The
phone wasn't worth hacking, so I just changed to a phone, with a real
IMEI number.  However, the $30/month didn't disappear from the online
billing summary until after I called customer service three times.

Quoted text here. Click to load it

I don't do T-Mobile, so I have no idea what might happen.  Sorry.

--  
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: NSA spying: What's the best phone encryption & IMEI random number generator?

Quoted text here. Click to load it

That is not correct: the firmware in the phone checks whether the
SIM is from a particular operator; it is locked to the operator
and not to the SIM card.

Quoted text here. Click to load it

Interesting.  It is probably listed in the "small print" but that would
also mean that the operator will frowned upon change IMEIs.

Casper

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
On 10 Sep 2013 08:35:14 GMT, Casper H.S. Dik

Quoted text here. Click to load it

True.  There is no processor on the SIM card so that comparison has to
be done by the phone firmware.  However, my point was that the vendor
lock can be by the specific phone, by the cellular vendor, or by the
phone manufacturer, depending on how much of the IMEI number is used.
<http://en.wikipedia.org/wiki/SIM_lock
 - Mobile country code (MCC; e.g., will only work with SIM issued  
   in one country)
 - Mobile network code (MNC; e.g., AT&T Mobility, T-Mobile, Vodafone,
   Bell Mobility etc.)
 - Mobile subscriber identification number (MSIN; i.e., only one SIM
   can be used with the phone)

Quoted text here. Click to load it

Apple and AT&T were the first to require a mandatory data plan.  If
you activated an iPhone, you were required to have a data plan.  Since
there were few protests by those who didn't want the data plan, the
other vendors did the same thing almost immediately.  I complained on
the Verizon support site, and soon found both my postings and account
had been removed by VZW.  After about 6 months, Verizon extended the
mandatory data plan to newer smartphones, eventually dividing their
selection between "feature phones" and "smart phones".  Again, there
was little protest, so the other vendors did much the same thing.  The
Verizon MVNO's were more flexible and would activate smartphones
without data plans, so all was not lost.  However, this wasn't to
accommodate disgruntled users, such as myself, but rather because
Verizon would not allow the MVNO's to use their latest data service.
For example, Page Plus Cellular will only do 3G data, not 4G.  Before
Verizon built their 4G system and only had 3G, the MVNO's could only
use EVDO or 1XRTT.

However, soaking customers for a mandatory data plan wasn't sufficient
for VZW.  They often billed customers for accidental use of the data
service.  In the early days of smartphones, it was not unusual for
customer to not know that their phones had internet data service, much
less how to use it.  If I bought a smartphone with data capability,
but didn't subscribe to the monthly data plan, I would be charged some
rediculously high rate for moving a few bytes if the phone decided to
do a lookup or update check.  Many phones had no obvious way to
disable data service. Intitally, VZW also obfuscated the charges on
the bill and didn't properly explain the charges when the phone was
activated.  That resulted in lawsuits and FCC action:
<http://www.phonedog.com/2010/10/28/verizon-settles-with-fcc-will-cut-customers-a-52-8-million-check/
The continuation and expansion of the mandatory data plan was
allegedly a result of this action.  Never mind that it would have been
trivial for VZW to block all data traffic by IMEI and be done with the
problem.

--  
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: NSA spying: What's the best phone encryption & IMEI random number generator?
T-mobile took the opposite idea. Well sort of. They cuts the minutes  
down to nothing (100 min), but added a decent data plan (4G, but only  
half at the full LTE speed), the rest at their crappy 4G, all for $30.

The T-mobile 4G would be fast enough, but the latency is noticeable.  
Easily over 100ms. LTE is simply amazing. About 35mbps down and 15mbps  
up with no discernible lag.


Site Timeline