This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
“measures have proven insufficient to combat this i llicit industry”
� Introduce blacklisting of stolen devices in individual countries� Exchange blacklist data regionally using solutions such as IMEI Database� Raise public awareness of handset theft and the need to buy from reputable sources� States to criminalise IMEI changing or other circumvention of blacklisting� States to better control important and movement of mobile handsets� Sellers of handsets to only buy and provide for sale those with a secure IMEI� Operators to report instances of IMEI security weakness for investigation
“criminal organizations profiting from this busines s take advantage of the absence of information exchange and of block age at the
Why does the Industry need to share IMEI information of stolen devices on a regional basis?
� Crime related to handset theft is growing at high pacein the region.
� These issues have high impact due to crime and murder derived in government involvement.
� Latin American countries committed to act against handset theft in their country but with a regional approach (CITEL- PCC.I/RES. 189).
� Some countries have signed bilateral agreements to share stolen IMEI information.
� The region needs to avoid fragmentation , and commitment from all parties, public and private.
� 13 Groups of mobile operators signed the Latin American Mobile Operators commit to combat mobile device theft. All operations to be connected by Mar 13
Many regulators and governments have
requested GSMA LA support to share stolen IMEI information on a
What is the GSMA IMEI DB?Centrally located database of valid and stolen handset IMEIs to which operators may connect to upload and download data to control mobile device access on their networks
Why Share Data Nationally /Regionally?� Isolated EIRs on individual networks
are of little use as a deterrent � Lack of data sharing across networks
allows stolen handsets to migrate from one network to another
� Sharing of IMEI data can result in a substantial reduction in handset theft
� Sharing of IMEI data on a national/regional level is most effective way to combat handset theft
Benefits of Sharing Data?� National/regional databases allow operators agree their
own blacklisting code of practice to preserve data integrity.� Volume of data to be uploaded, downloaded and
maintained is more manageable� Data uploaded to a regional database is also placed in a
‘global’ database thereby preserving master database� The sharing of data on a national/regional level ought to
be sufficient to satisfy the requirements of law enforcement agencies, governments, etc.
Why use GSMA IMEI Database?� Scale – maximize value by sharing with more operators� Non competitive - operators agree blocking rules� Free - hosted by GSMA for benefit of all stakeholders� Flexible - facilitates national and regional data sharing� Easy - File formats, procedures, tests etc. available� Stable - in existence since 1996 supported by all EIRs� Suitable - meets needs of all stakeholders
Effective management requires one global black list
� Black list information reported by operators� Global black list distributed back to operators by GSMA� IMEI database is Central Equipment Identity Register (CEIR)
� Need to preserve integrity of IMEI is critical to support the various uses of the identifier
– IMEI differentiates between genuine and black/grey market devices– Legitimate IMEI ranges ensures spurious IMEIs can be identified– IMEI integrity necessary to provide confidence in stolen handset barring
� Much progress made by industry to enhance integrity of IMEI implementations:
– Industry agreed technical security design principles– IMEI security weakness reporting and correction process established– Contract in place with third party to proactively report security weaknesses
1. Uploading, downloading and storage of executable code and sensitive data
2. Protection of components’ executable code and sensitive data3. Protection against exchange of data/ software between
devices 4. Protection of executable code and sensitive data from external
attacks 5. Prevention of download of a previous software version 6. Detection of, and response to, unauthorised tampering 7. Software quality measures 8. Hidden menus 9. Prevention of hardware substitution
� Co-operative spirit between all stakeholders� Mutual recognition of the need to combat handset theft� Voluntary undertakings avoided need for regulation� Need to focus and target devices - not users � Measures must be consumer friendly� Focus on effective solutions only
– Improved IMEI security– Supportive legislation– Blacklisting and not whitelisting
� Theft levels and solution effectiveness need to be measured
� Theft is a global problem and requires an international solution to combat cross border trafficking of devices
� National databases result in fragmentation & an incomplete solution� Industry and government must work together and align with
international initiatives and best practice� Focus must be on devices and not negatively impact legitimate users,
circulation of devices and competition� Resources must be focussed on workable and effective measures � Self regulatory initiatives can go beyond what regulation can achieve� Absolute elimination of theft is unachievable but holistic measures
can significantly reduce theft levels� Sufficient technical capabilities exist in global standards and via
� Regarded as a trusted knowledge source on handset theft matters having worked with operators and governments in over 80 countries
� Provide IMEI Database functionality free of charge for whitelisting and blacklisting purposes
� Assist network operators with their data sharing initiatives by facilitating discussions on agreeing the rules and processes in a memorandum of understanding
� Provide IMEI number range data to national authorities that may require it