PTA’s Cell Crime Combat Effort Expected To Fail

PTA is telling us that their new initiative to curb cell phone crime will be active from 30th September 2006.

Chairman PTA said that the mobile operators have already been directed to install Equipment Identity Register (EIR) system which enables a stolen or snatched cell phone to be blocked through its International Mobile Equipment Identity (IMEI) which is a unique number of every cell phone in the world. The Chairman said that once this system starts functioning, the magnitude of this menace will be decreased significantly.

Given the extent of the problem, the media is also building high expectation of this announcement which needs some scrutiny. The effort relies on two concepts:

  • That everyone will press *#06# and will record the unique IMEI number of his/her cell number and that he/she shall be able to retain it in a safe place and report it to the police when/if the phone gets stolen
  • That everyone owning a cellular phone is comfortable in registering his/her cell phone loss with the local police
  • That the IMEI is something that cannot be changed on the phone

International Mobile Equipment Identity or IMEI for short is supposed to be unique on each of the GSM phone in the world. However, as it turns out, IMEI can be forged. Given the expertise of the local cell phone market wizards, the EIR set up is going to be of little use.

An old entry of Setp 2004 of ITU Daily, an article titled ‘Crime Prevention for Mobile Networks’ makes interesting reading. While noting that SIM cards are hard to replicate (i.e. reproduced illegally) because of the advanced encryption algorithms employed in the formation of SIM, IMEIs can be re-programmed and forged easily.

When an attempt is made to connect a stolen phone to any network, the IMEI can be interrogated and, if the operator is connected to the CEIR, it will register as stolen and the handset barred from making or receiving any calls. However, a major weakness of this approach has been the fact that some IMEIs are are neither unique nor as secure as they could be.

BBC’s news archive of 2002 record comments from all top cellular companies (BT, Vodafone, Organe, Virgin Mobile etc) confirming that we should not bind high expectations from the EIR (or the CEIR as it is called elsewhere) set up. The BT-Cell rep says “New IMEIs can be programmed into stolen handsets and 10% of IMEIs are not unique.”

Because of the way the IMEI is stored on cell phones (permanent vs writable memory space), phones may or may not be reprogrammed to change their original IMEI. Bad news: Most of the models from Nokia (most popular brand in Pakistan) can be re-programmed.

Nokia phones that can be unlocked: 1100, 1101, 1110, 1600, 2100, 2300, 2600, 2650, 2652, 3100, 3120, 3200, 3220, 3210, 3230, 3300, 3310, 3330, 3410, 3510, 3510i, 3650, 3660, 5100, 5110, 5130, 5140, 5146, 5210, 5510, 6020, 6021, 6030, 6100, 6101, 6110, 6111, 6130, 6150, 6170, 6210, 6220, 6230, 6230i, 6250, 6260, 6310, 6310i, 6510, 6600, 6610, 6610i, 6650, 6670, 6800, 6810, 6820, 6822, 7110,  7200, 7210, 7250, 7250i, 7260, 7270, 7280 7600, 7610, 7650, 7700, 7710, 8210, 8310, 8800, 8810, 8850, 8890, 8910, 8910i, 9110, 9110i, 9210, 9210i, 9300, 9300i, 9500, and N-Gage, N-Gage QD

Someone please show PTA the worldwide marketplace of GSM Phones Programming and Reverse Engineering.


14 Responses to “PTA’s Cell Crime Combat Effort Expected To Fail”

  1. Shakeel Says:

    I remmember back few two years, when i did some nagging of PTA’s directors of forwarding me wrong information of their website via email – they threatened my CTO to hold the tranfer of a DCNS license that these emails should not be going forth again — from that time i know what is the caliber of PTA’s poor mind old beucrates..

  2. M.Khurram Siddiqui Says:

    A great review on the flaws to be expected after the EIR system. This has already built up a high expectation among subscribers and regular Telecom professional due to media & Govt. hype on the issue.

  3. Abdul Sami Says:

    Countries where this system is operational have upto 2 years of imprisonment.

  4. Abdul Sami Says:

    I guess, if Mobile dealers registers all new Mobiles IMEI with EIR, the chances of getting IMEI reprogrammed will be zeroed. As new IMEI wud not be in the EIR, if it is it must be registerd to some other Guy.

  5. Zeeshan Haq Says:

    Nice pick!

    well…this is not as easy as it seems. At the begining of creating mobile technology and standards it was not created for people to identified and trace across the globe! its for providing ease but tuche to culprits they aloow us to always think aboutthe burning bushes…anyhow! lets see what PTA can made a difference!

  6. GSM Engineer Says:

    Dear Tee Emm,

    I regret to say that most of the stuff that you have written in your blog regarding IMEI copying is incorrect. I am currently working in a GSM company and am involved in setting up of the EIR. Your blog is an attempt to misguide people unfortunately. For one, you cannot change the IMEI. This is for the simple reason that the memory type on which the EIR is burned is a ROM. Once the IMEI is burnt on the ROM then it is impossible to change the contents of it. Currently there are two major GSM DSP chips that are used on which the GSM RF Stack is loaded. On the Texas Instrument Chips the IMEI is loaded onto the main dye itself.

    The only way one can change the IMEI is maybe by changing the main DSP chip. But then, one will have to replace it with another chip carrying a WHITE IMEI. Now that wont be too east to have.

    One more thing that you should realize is the handling of the grey list on the EIR. If a correct regulatory framework is woven around the use of the EIR, we can get a lot of additional benefits from the 800K USD investments that all of us 5 GSM operators have made.


  7. Tee Emm Says:

    Ali (GSM Engineer): Technical corrections are always welcome on this blog. Thanks for your comment.

    If you see, the blog title uses the word ‘expected’. I did not say the PTA effort *will* fail.

    Also, there is more to this discussion than just the technical aspect – like the social issues around putting yourself in interaction with the local police for a Rs 5,000 mobile set that gets snatched.

    Finally, the correct comparison of the 800K USD ‘investment’ is to be seen in the backdrop of the (at least) 100 million USD that has gone in the handset market of Pakistan so far.

  8. Zainuddin Zafar\ Says:

    Tee Emm,

    I agree, the IMEI CANNOT be changed on except some old phones by Nokia. and, the phones that can be ‘unlocked’ are something totally different. Unlocking is required when a phone is locked to be used only on a specific Network. You unlock it and it works everywhere. And all new phones after the Nokia 6630 are BB5 phones which still cannot be unlocked. But thats not even the question, unlocking is of no siginifance in this crime scenario. The IMEI cannot be changed and i do hope to see a decline in snatching.


  9. absar Says:

    I think this is a good move towards the advancement of the telecom. But is there anybody who can think for a while , will it work successfully in Pakistan, where such people are living who can kill innocent people for just a worth of 5000 or so.
    I would say this is a better move from PTA, but it should be implemented effectively.

  10. AD Says:

    Much has been said on this topic, from tech aspects to regulatory issuues. While this step should’ve been taken long ago, given the fact that there was a provisioning for this since the early days of GSM deployment, we are still ignoring the fact that we exist in a different world.
    – Mobile snatching is a modern age example of street crime and needs to be adressed in a way which is more than just handset blocking. Our government, and the so-called LEAs, has/have still not produced a mechanism which proves to be an iron-fist for the criminals.
    -TM’s reference to BBC’s news article may be a technical aspect reference but why are we ignoring the fact that mobile-snatching, or sreet crimes in general, is not what happens every minute in UK. Even though all the GSM players over there have the handset-blocking mechanism right from the beginning, they have a different way to address street crime.
    -While I dont mean any offence to the GSM engr, I would only like to bring his attention to the news item shown by GEO telling that the techies in Karachi n Lahore’s mobile market have already come up with some software which plays with IMEI and makes the stolen handset re-usable, sigh of relief to the mobile snatchers.
    – I would like to ask the GSM operators, and PTA too, that what took so long to introduce this handset-blocking mechanism when there was a provisioning for it since day 2 if not day 1. Was it some regulatory issue or were the GSM gang reluctant to invest extra ‘money’ n ‘effort’ into it. Knowing about the law n order situation of Pakistan, esp Karachi, they [GSM Ops/PTA] should have introduced this long ago. I mean why cant we foresee things in advance. Till when would we continue to ‘react’ to issues after years n years of observing it.
    Last but not the least, I still appreciate PTA’s step to somehow handle this issue.

  11. raza Says:

    can i trace the place whwre my snatched cell phone is placed now i have its imei number

  12. raza Says:

    i m a poor person and need the location as soon as poss

  13. Ahmed Says:

    I want to open it

  14. How to Get Six Pack Fast Says:

    If you ever want to see a reader’s feedback 🙂 , I rate this post for 4/5. Decent info, but I have to go to that damn msn to find the missed bits. Thank you, anyway!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: