NSA spying: What’s the best phone encryption & IMEI random number generator?

I never understood WHY people say that the IMEI number matters to the
telco. I put different SIM cards in my phone all the time, and thereby
use either tw mobile companies and I haven’t explicitly registered the
cell phone with either company.

The only thing the telco cares about is the SIM card.

They don’t care what phone you put it in. So, for example, if I borrowed
your phone, and put my SIM card in it, then I’d have the same service
as if I had that same SIM card in my cell phone.

The IMEI number was immaterial to the phone company (yes, I know it’s
transmitted to them – but it’s meaningless to them from the standpoint
of my service). [Yes, I know about the mobile companies policy of smartphones having
to have a data plan – that’s a *policy* issue that only clouds the issue
so let’s ignore that unless it actually matters, bearing in mind that
T-Mobile doesn’t have that problem so it’s not a technical issue.]

And, the argument that you have to have a “similar” IMEI number was used
for MAC address changing also – but it’s really statistically a weak
argument. I doubt it would ever matter *what* IMEI number you used, since
the chance of actually colliding with another duplicate IMEI is
vanishingly small. Let’s say I’d have a better chance of winning the
lottery, so, IMEI collisions are a tiny issue that can easily be averted
but since the chances are so slim, they’re not even worth the effort.

And, while my argument has nothing to do with stolen phones, it’s my
understanding that in the USA, there is no stolen phone list. Certainly
I’ve had *my* phone stolen (well, ok, I left it on a cafe table and it
was gone when I returned) – and the telcos did absolutely NOTHING about
it except replace my SIM card. So I don’t think, in the USA and Europe, matching
an IMEI of a stolen phone is also something to worry about.

The thing that confuses me is that the IMEI is nearly meaningless from
the standpoint of the contract between the owner and his telco. I, for
one, have a SIM card from GIFFGAFF, and they just shipped me that SIM
card. That’s it. I never gave them *any* IMEI, and I used that SIM card
in multiple phones. They never cared.

The *only* effect, it seems to me, of randomizing the IMEI, is to keep
the NSA off base, in that their meta data will be off by a tiny amount.
Of course, if they were DIRECTLY observing me (which I hope they’re not,
then that slight inconsistency would be meaningless); but if they’re
on a fishing expedition, if EVERYONE changed their IMEI daily, it would
benefit us all, by adding just one more level of privacy to our daily
intrusions.

The procedure


This looks like what he did on his Android phone (with an iOS theme).

0. *#06# (reveals the old IMEI as 123456789012345 / 10)
1. root the device
2. install terminal emulation
3. start terminal application
4. su (switch to the super user)
5. echo ‘AT+EGMR=1,7,”546765676567656″‘ > /dev/pttycmd1
6. reboot
7. *#06# (reveals the new IMEI as 546765676567656 / 10)

Seems simple enough.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.