Even with the global economic recession, the ritzy Chinese mobile phones have made an impact on the people in India. The cheap prices combined with the variety of features can allure even the executives and commoners alike. But what is alarming in these mobiles is the duplicity of IMEI numbers. This article explains the technical glitch of IMEI numbers in these mobiles and why the Government of India and security officials are opting to ban them.

In India, in recent years, we have seen an exponential growth in the mobile telephony sector. Apart from branded handsets from mainstream manufacturers, Chinese phones many of them fake, with little or no R&D going into their production have started flooding the market.

According to COAI (Cellular Operators Association of India), presently in India, approximately over 25 million mobile phone users own Chinese handsets. They account for about 13.3%, or Rs. 4,000 crore, of India’s total mobile market, which is about Rs. 30,000 crore a year. Every month, about 16.8 lakh Chinese and locally-assembled handsets are sold in India.

The prices of these classy mobile phone handsets loaded with the latest features are attractively low for every class of people in India. A GPRS-enabled (General Packet Radio Service) Chinese handset with advance features costs about Rs. 4,000, against at least Rs. 10,000 for a similar branded phone.

New Terror Tools

In the recent 26/11-Mumbai terror attacks, the Indian security officials claim that the terrorists used an array of commercial digital technologies—from Blackberries to GPS navigators to anonymous e-mail accounts to Chinese mobiles—to carry their heinous attacks. It would be note-worthy to know that how these modern gadgets could be misused to terrorize people.

Following the series of bomb blasts in India and also in the Mumbai attacks, the Intelligence Bureau (IB) have investigated and zeroed in on the handsets used in these terror strikes. As per their investigations, the security officials have concluded that the mobile handsets used by the terrorists were indeed Chinese mobile phones. Though most of us may be tempted to buy these cheaply priced mobiles, ultimately we all could pay a higher price in terms of security.

Missing or Fake IMEI Numbers

While most Chinese mobile phone imports have no IMEI (International Mobile Equipment Identity) numbers, these devices are said to be illegal in India. The handsets, recovered from some terror suspects and at the crime/terror scene, did not have the IMEI number and consequently gave no details of SIM (Subscriber Identity Module) cards used in it. Apparently, terrorists have switched over to such handsets which can be discarded without any hassles and without the fear of call transactions being traced.

The Bangalore City Crime Branch (CCB) officials, who have often raided the outlets selling Chinese handsets say that it is very difficult to extract details from such handsets. Though these mobiles are supposed to have some IMEI numbers, they are either fake or several phones have the same IMEI number, making it impossible to find out any details. In January 2009, when a reporter from the media checked for IMEI numbers on over 60 Chinese mobile phones at the National market in Bangalore, he found them all of them to be having the same number.

IMEI number and Security

Every branded mobile phone comes with a standard 15-digit or 17-digit IMEI number which helps uniquely identify the handset. This number is reflected in the service operator’s network whenever a call is made or received from any handset and therefore allows lawful interception of all calls. In other words, this number is registered with the GSM (Global System for Mobile communications) service provider once the handset becomes active when a SIM card is inserted in the mobile handset.

GSM mobile operators store these numbers in Equipment Identity Register (EIR). So if a handset is stolen, the mobile phone handset owner can provide the IMEI number to the service operator to ensure that all calls from this device is barred. The EIR blacklists the device in all operator switches so that it will, in effect, become unusable, making theft of mobile equipment a useless business. Even if the SIM card is changed, the police can block the handset by using the IMEI number and even retrieve details from recovered handsets. Through IMEI number, it is also possible to find out the caller’s identity from the SIM card registration details and the location from where the call is made.

Even CDMA (Code Division Multiple Access) mobile phones have an electronic serial number equivalent to the IMEI number.

Is IMEI Concept Fool-Proof?

Even though the action of blacklisting stolen mobile handsets through EIR by using IMEI numbers is seen as a deterrent to crime, this concept is not 100% fool-proof. Technically speaking, it is possible to change an IMEI with special tools and there are certain mobile networks that do not automatically blacklist handsets registered with the EIR. Current statistics state that approximately ten percent of IMEIs in use today are not unique or have been reprogrammed by the hackers.

However, one needs to realize that it is only a matter of time for the service operators to bar these handsets with manipulated IMEI’s from their mobile networks. But even a few minutes of using an IMEI manipulated handset can cause havoc on the security system. To prevent the technology from being misused, the security mechanisms in every system should always keep pace with the hackers.

In addition to the above, there are several laws globally, which acts as a deterrent to those who manipulate IMEI numbers. Many countries have strict laws of their own, against the misuse of IMEI numbers which helps in reducing the theft of mobile phone. For example, in the United Kingdom, under the Mobile Telephones (Re-programming) Act, changing the IMEI of a phone, or possessing equipment that can change it, is considered an offence under some circumstances. As in Latvia, such an action is considered a criminal offense.

IMEI Structure

Having known the significance of IMEI number with respect to security, let us study its structure along with the various technical parameters.

Figure 1: Dial Codes for retrieving IMEI number

The IMEI comprises of 15 decimal digits including the Check Digit (CD) at the end and the IMEI/SV (Software Version) Number comprises of 16 digits which includes information on the origin, model, serial number of the device, CD and the Software Version Number (SVN). The model and origin comprise the initial 8-digit portion of the IMEI/SV, known as the Type Allocation Code (TAC). The remainder of the IMEI is manufacturer-defined, with a Luhn check digit at the end (which is never transmitted). The Luhn check digit is computed by using Luhn algorithm and is a simple checksum formula used to validate a variety of identification numbers.

Figure 2: Finding IMEI number in a Mobile handset

As of April 1, 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D, although it may not always be displayed this way. The IMEISV drops the Luhn check digit in favour of an additional two digits for the Software Version Number (SVN), making the format AA-BBBBBB-CCCCCC-EE

Table illustrating the Structure of IMEI Number :-

Decoding IMEI

Prior to 2002, the TAC was six digits long and was followed by a two-digit Final Assembly Code (FAC), which was a manufacturer-specific code indicating the location of the device's construction.

For example, the IMEI code 35-209900-176148-1 or IMEI/SV code 35-209900-176148-23 tells us the following:

TAC: The TAC number is six digits comprising of 35-2099. The first two digits of the TAC, i.e. the number 35 is known as Reporting Body Identifier which says that it is issued by the BABT (British Approvals Board for Telecommunications) and the remaining four digits, 2099 is the allocation number or the Type Identifier number defined by BABT.
FAC: The rest of the two digits is 00, which means it was numbered during the transition phase from the old format to the new format which is described below.
SNR: 176148 is the Serial sequence number uniquely identifying a unit of this model.
CD: 1, so it is a GSM Phase 2 or a higher number.
SVN: 23 - The “Software Version Number” identifying the revision of the software installed on the phone. The SVN, 99 is a reserved code number.

The format changed as of April 1, 2004, when the Final Assembly Code ceased to exist and the Type Approval Code increased to eight digits in length and became known as the Type Allocation Code. From January 1, 2003 until that time the FAC for all phones was 00.

The Reporting Body Identifier is allocated by the Global Decimal Administrator; the first two digits must be decimal (i.e., less than 0xA0) for it to be an IMEI and not an MEID.

The new CDMA Mobile Equipment Identifier (MEID) uses the same basic format as the IMEI.

Significance of Check Digit

The Check Digit is calculated according to Luhn formula. The Check Digit shall not be transmitted to the network. The Check Digit is a function of all other digits in the IMEI. The Software Version Number (SVN) of a mobile is not included in the calculation. The purpose of the Check Digit is to help guard against the possibility of incorrect entries to the CEIR and EIR equipment [registries]. The presentation of the Check Digit (CD), both electronically and in printed form on the label and packaging, is very important. Logistics (using bar-code reader) and EIR/CEIR administration cannot use the CD unless it is printed outside of the packaging, and on the ME IMEI/Type Accreditation label. The check digit is always be transmitted to the network as "0".

Figure 3: Retrieved IMEI number from *#06# codes

Why Chinese Mobiles have Fake IMEIs?

There is a misunderstanding amongst some regulators that the existence of a formally-allocated IMEI number range for a GSM terminal implies that the terminal is approved or complies with regulatory requirements. This is not the case. The linkage between regulatory approval and IMEI allocation was removed in April, 2000, with the introduction of the European R&TTE (Radio and Telecommunications Terminal Equipment) Directive. Since that date, IMEIs' have been allocated by BABT (acting on behalf of the GSM Association) to legitimate GSM terminal manufacturers without the need to provide evidence of approval. Specifically, the BABT is appointed by the GSM Association to allocate IMEI numbers to GSM terminal equipment manufacturers for use on GSM 900 and GSM 1800 networks. The allocation procedure is funded by the GSM Association (GSMA). The IMEI allocations made by BABT are confidential between the manufacturer holding the allocation, the GSM Association and BABT.

For the Chinese handsets to have genuine IMEI numbers, its manufacturers have to first register with the BABT and get updated in the IMEI Database. For this process to be positive, there are a whole lot of pre-conditions to be met by a manufacturer. According to the official records of BABT, it is certain that Chinese handset manufacturers have not been allocated genuine IMEI numbers by the BABT or GSMA.

The Ban

In October 2008, the DoT (Department of Telecommunications) of the Government of India (GoI) had asked all the telecom service providers to install EIR so that calls without IMEI or with IMEI consisting of all zeroes are not processed and are barred from the mobile service network. This was followed by investigations by security agencies. Looking into the bomb blasts in several Indian cities this year, the security agencies revealed that mobile phones used by terrorists were Chinese mobiles and did not bear valid IMEI numbers. Based on this, the IB recommended to the Union Home Ministry and DoT to ban them. In December 2008, a directive from the GoI had directed all telecom service providers to cut off services to all handsets that lack an IMEI number. The last date to implement this directive was supposed to be January 6, 2009.

Later on, in January 2009, the Government had to extend the deadline for the ban on Chinese mobile phones to March 31, 2009, as it will take some time for the directive to be implemented by the mobile service operators. Currently, while this deadline has been unchanged by the GoI, there are unconfirmed reports that some operators have sought time till July 2009.

Based on the DoT directive, one of the leading telecom service providers has already started sending out messages to their subscribers to use phones with IMEI number or face disconnection of its mobile service.

A Magical Solution

Meanwhile in December 2008, a new software update [security patch program] was jointly developed by the industry to patch up the already existing Chinese mobiles without genuine IMEI numbers. This software when uploaded to the Chinese mobile handsets would provide the device with a unique IMEI number. The COAI had approached the Government to seek an extension until the IMEI assigning software can be added into phones via the software update. This was a boon to the lakhs of non-IMEI type handset users who are already using the services.

Even though the IMEI generating software is tested on the Chinese mobile handsets, a few security experts have questioned the fool-proof concept of this software. However it cannot be ruled out that this software itself could be corrupted or tampered with to provide non-genuine IMEI numbers. Practically speaking, the patching up exercise using the IMEI generating software to provide genuine IMEI numbers to 25 millions of Chinese handsets in a specified time would be a huge challenge.

Legal Struggle

For the GoI, the issues under consideration are the large user base for these phones. The fact that the handsets would be rendered useless after implementation of the directive, resulting in a loss to its owners is also a concern. The COAI is planning a drive to make people aware about the dangers of using a non-IMEI handset and about the software update that is expected to cost Rs. 100 per phone, which is a nominal amount considering it can save a phone from becoming useless. The mobile service operators claim that they need some more time to install the software since the EIR equipment has to be imported from a foreign country.

The telecom companies have also asked the finance ministry to direct the customs authorities to ban the shipment of grey market handsets into the country. The telecom operators argue that if these handsets are illegal and pose a security threat, how the Government can allow these products into India. The operators are not to be blamed if these cheap handsets are available in the market. Besides, the various telecom companies have also demanded that the Government ban the import of handsets without IMEI numbers.

Technical Challenges

According to the Indian Cellular Association (ICA), the industry body for handset makers—the use of illegal IMEI handsets is possible because there is no validation of IMEI in mobiles entering India through the sea or air route. Also, there is no central mechanism to prohibit the Chinese phones from being used currently. The reality is that bulk of the grey market phones are operating without genuine IMEI numbers.

Technically speaking, it is not an easy task for all the mobile service providers to disable the 25 million Chinese mobile handsets from running on various networks in the country. Some operators have already expressed their inability in meeting the DoT deadlines due to technical reasons.

A senior official from the telecom industry said that—what the DoT is trying to do is to block all calls with zeroes as IMEI numbers or from blacklisted numbers. That adds extra load on networks. There are so many combinations of non-genuine IMEI numbers that it is extremely difficult to block them. Network up-gradation is required to block all such calls and not all of our multiple equipment vendors are equipped to do it.

Debating the Issue

The common people have their own reasons against the ban of Chinese phones by saying that given the cost and the features of the handset, it is really a boon to them. They further argue the ban on them is simply breaking their dreams of owning these swanky mobiles. Well, given the knowledge and information on the illegal sale of non-IMEI type mobiles, it is important to know that nothing is greater to us than the security of a nation. For those people who are still not aware of these security risks, one can only say that—Ignorance is Bliss!

Some people argue that since the 26/11-Mumbai terrorists used Blackberries, GPS navigators and anonymous e-mail accounts—So one cannot ban all these gadgets and services altogether. As a matter of fact, here, we are specifically addressing the Chinese mobile phones. In this case, the logic is that - there exists a serious technical glitch with the IMEI numbers and by default this makes the whole mobile handset an easy terror weapon of choice to a terrorist/criminal!

The agents and resellers of Chinese mobiles have often countered by saying that the ban is an ploy by the branded and mainstream mobile manufactures to stop the share of Chinese phones in the Indian market. Ultimately, what they do not realize is—the process of allocating the IMEI numbers in the manufacturing stage itself is flawed and hence the IMEI numbers are invalid in the Chinese mobiles. In simple words, we cannot take India’s security for granted!

The Ground Reality

Despite reports that Chinese mobile phones would be banned in India as most of them do not have unique IMEI numbers as is mandatory, Chinese companies have been flooding the country’s markets with lakhs of mobile phones. But what seems to be a profitable business to the business agents is a nightmare for the security agencies against terror.

According to a source in the Intelligence Bureau, which is investigating the recent terrorist strikes in India, the fake IMEI numbers in the Chinese mobiles makes it almost impossible for the law enforcement agencies and investigators to track down suspicious calls. That is why the GoI and security officials state that this problem can be overcome by simply stopping its further sales in the country. But by banning these mobiles, the crucial question to be asked is—how can one prevent the usage of millions of these existing mobile phones in India. Another challenge is—what practical steps one can be take to prevent them from being smuggled into the country by anti-social elements and terrorists through various other channels.

While the decision of the Government of India to ban the Chinese mobiles is based on the security factors, it should also make proper evaluation of the total scenario on pros and cons of all Chinese handsets available in the market and also the 25 millions users using these handsets.

Regardless of the Government ban, the hard reality is—today the society is divided on this issue with supporters and anti-Chinese mobile group users having their own justifications.

Let me conclude this article by asking all of you—What do you think on these issues? Do we need to ban Chinese phones completely or do we need to legalize these handsets by an innovative solution—as they claim to offer great value for money for the budget conscious user?

—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. ‘InfoSecurity’ Bureau.