Can change or alteration of IMEI number of a Cell phone be possible !!!

Now days, we hear hundreds of mobile snatching news daily in our daily newspapers. To stop this, Telecom Regulatory Authorities, ordered mobile operators to have a common EIR (Equipment Identity Register) at least. But is this enough? First we must have to know what is EIR, IMEI is and can this IMEI be altered?

EIR: The Equipment Identity Register is a database employed within mobile networks. The database holds records for 3 types of mobile; namely black, grey and white. When a mobile requests services from the network its IMEI (International Mobile Equipment Identity) may be checked against the EIR, to assess which category of mobile it falls into. Black mobiles are those reported stolen or whose operation on the network will adversely affect network operation. These mobiles will not be allowed to access the network. Grey mobiles are classed as non-conforming, but may be used on the network. White mobiles are those that conform to requirements set down by the network operator.

The EIR stores three IMEI classifications:

White: Valid GSM Mobile Stations

Grey: GSM Mobile Stations to be tracked

Black: Barred Mobile Stations

IMEI: The IMEI number is a unique number for every valid phone that the network uses to identify the phone. This number is factory preset. If your phone gets stolen you can block the IMEI number, rendering it useless.

Please note that this number is unique and you will not find phones with the same original number. Why we say original? Because you can change this number by special software and needed cable. New IMEIs can be programmed into stolen handsets and 10% of IMEIs are not unique." According to a BT-Cellnet spokesman quoted by the BBC.

If you want to check what is the IMEI number of your phone you may desolder battery and read number form there - it has 15 digits. Other way is to use keypad *#06# from keypad and you will see IMEI of your phone.

Changing of IMEI number is not common or you can say is required in Pakistan, as no operator is using EIR. On the pressure of PTA, may be this would become necessary to install EIR within the operator's network.

Structure of the IMEI

The IMEI is a 15 or 17 digit number which includes information on the origin, model, and serial number of the device. The model and origin comprise the initial 8-digit portion of the IMEI, known as the Type Allocation Code (TAC). The remainder of the IMEI is manufacturer-defined, with a Luhn check digit at the end (which is never transmitted).

As of 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may not always be displayed this way. This table explains what each part of the 15 digit IMEI is.

The format of an IMEI is AABBBB--CC-DDDDDD-E.

AA: Country Code

BBBB: Final Assembly Code

CC: Manufacturer Code

DDDDDD: Serial Number

E: Unused

Prior to 2002, the TAC was 6 digits long and followed by a two-digit Final Assembly Code (FAC), which was a manufacturer-specific code indicating the location of the device's construction. For example the code 35-209900-176148-1-23 tells us the following:
TAC: 352099 so it was issued by the BABT and has the allocation number 2099
FAC: 00 so it was numbered during the transition phase from the old format to the new format (described below)
SNR: 176148 - uniquely identifying a unit of this model
CD: 1 so it is a GSM Phase 2 or higher
SVN: 23 - The 'software version number' identifying the revision of the software installed on the phone.

The format changed from April 1, 2004 when the Final Assembly Code ceased to exist and the Type Approval Code increases to eight digits in length and became known as the Type Allocation Code. From January 1, 2003 until this time the FAC for all phones was 00.

The Reporting Body Identifier is allocated by the Global Decimal Administrator; the first two digits must be decimal ( i.e. less than 0xA0) for it to be an IMEI and not an MEID.

The new CDMA Mobile Equipment Identifier (MEID) uses the same basic format as the IMEI.

IMEI Manufacturer Codes include:

01: AEG

02: AEG

07: Motorola

10: Nokia

20: Nokia

40: Motorola

41: Siemens

44: Siemens

51: Sony, Siemens, Ericsson

Blacklist of stolen devices

When mobile equipment is stolen or lost, the operator or owner will typically contact the Central Equipment Identity Register (CEIR) which blacklists the device in all operator switches so that it will in effect become unusable, making theft of mobile equipment a useless business. The IMEI number is not supposed to be easy to change, making the CEIR blacklisting effective. However this is not always the case: IMEI may be easy to change with special tools and operators may even flatly ignore the CEIR blacklist.

So How Does Blacklisting Work?
Every mobile phone has a unique serial number. This serial number is called the IMEI number (International Mobile Equipment Identity). It can normally be found underneath the phones battery and it is 15 digits long.

Now each time you switch your phone on or attempt to make a call the network systems check the IMEI number of the handset you are using. At this point the IMEI number of your handset is cross referenced with the Central Equipment Identity Register. If the IMEI number of your handset is on the CEIR then the network will either:
1) Refuse to send a signal to your phone (No signal strength at all).
2) OR WILL supply a signal but will not allow any outgoing or incoming calls.

If your IMEI number is on the CEIR your handset is blacklisted and therefore useless. By spreading the word that "stolen handsets will not work" it is hoped that street crime can be reduced!

IMEI and the law

Many countries have acknowledged the use of the IMEI in reducing the effect of mobile phone theft, which has increased exponentially over the last few years. For example, in the United Kingdom under the Mobile Telephones (Re-programming) Act, changing the IMEI of a phone, or possessing equipment that can change it, is considered an offence under some circumstances.

There is a misunderstanding amongst some regulators that the existence of a formally allocated IMEI number range to a GSM terminal implies that the terminal is approved or complies with regulatory requirements. This is not the case. The linkage between regulatory approval and IMEI allocation was removed in April 2000 with the introduction of the European R&TTE Directive. Since that date, IMEIs have been allocated by BABT (acting on behalf of the GSM Association) to legitimate GSM terminal manufacturers without the need to provide evidence of approval.

Difficulties

v "New IMEIs can be programmed into stolen handsets and 10% of IMEIs are not unique." According to a BT-Cellnet spokesman quoted by the BBC.

v Facilities do not exist to unblock numbers listed in error on all networks. This is possible in the UK, however, where the user who initially blocked the IMEI must quote a password chosen at the time the block was applied.

The major handset manufacturers disagree. Nokia says that it is extremely hard to change the IMEI numbers on their phones and say that any duplication is rare, and usually occurs on phones shipped to different parts of the world. Sony Ericsson claims never issues duplicate IMEI numbers.

The issue is complicated by thieves reprogramming or "chipping" phones to change their IMEI numbers. "The problem is that the number is stored in the software, so a professional phone thief will reprogram the handset and alter the number to the number of a phone that is still registered as legitimate," explained Ms Perdita Patterson, editor of What Mobile magazine.

How Do Criminals Get Around The Blacklisting Scheme/CEIR?

So now that handsets are blacklisted on all networks what do the criminals do to get around this? They find ways to change handset IMEI numbers! Amazingly it is only recently that the altering/changing of IMEI numbers has become illegal! Home Secretary David Blunkett introduced a new law making re-programming IMEI numbers punishable by up to five years in jail. View / Download the Mobile Phones (Reprogramming) Act 2002 here! This new law became active on the 4th October 2002. (This new law does not affect handset unlocking).

Never the less it is possible to change IMEI numbers on certain handsets. So if an individual obtains a blacklisted handset, they can change the IMEI number and the handset will then work again!!

In my opinion the responsibility now lies with the handset manufactures. They need to make it as difficult as possible to change IMEI numbers. To be fair some manufactures are doing their bit (but some are not!). For example Nokia's older DCT 3 range of handsets has been well and truly cracked. Anyone that searches the Internet for a short period of time would be able to find an IMEI change solution. BUT Nokia's new DCT4 range of handsets remains unbeaten with regards to changing the IMEI. This is largely down to the type of memory used to store the IMEI number. Nokia have chosen to use OTP (one time programmable) memory, which by its very name indicates that data can't be over written. (Unless you change the UEM/memory chip - technically this is out of the realms of most criminals!)

The criminals do have an alternative to changing IMEI's, and this is to send the barred handsets overseas! The blacklist database (or CEIR) is only used by the UK networks. Therefore a handset that is barred in the UK will work fine in a different country! Apparently a large number of UK barred handsets find themselves in Italy, Spain and France etc. The Barred handset works fine in any country outside the home country!!

The solution to this exporting problem is simple. Rather than a national database the mobile industry is now looking to build an international database. If/when this is introduced blacklisted handsets will not work anywhere in the world! (The international database idea sounds good! But it does have obstacles to overcome, as many African networks claim that it would be too expensive to upgrade their equipment to support such a system).

What more: Within a few years, handsets that only work when they recognise the user's fingerprint or iris should be available. One firm has developed a chip that will permanently disable handsets even if Sim cards and IMEI numbers are changed.

But all these developments, of course, will involve consumers upgrading their phones yet again and paying even more for their handsets. And that means still more profits for the industry.