[kictanet] Stolen phone blocking - A short story about CA vs MNOs

Adam Lane adam.lane at huawei.com
Thu Apr 2 09:27:18 EAT 2020


Barrack
Honestly I don’t know, but usually these issues need to be addressed as an industry, through various official standards bodies (like 3GPP or ITU) or other industry entities like GSMA. It does sound like something GSMA might be able work on.
Regards
Adam

From: Barrack Otieno [mailto:otieno.barrack at gmail.com]
Sent: Wednesday, April 1, 2020 10:59 AM
To: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Subject: Re: [kictanet] Stolen phone blocking - A short story about CA vs MNOs

@Wash
Interesting Security Conundrum that requires input from a device manufacturer. Maybe Adam, can give us a Huawei Perspective

Regards

On Wed, Apr 1, 2020 at 10:47 AM Odhiambo Washington via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
@simiyu,

What I meant to say (based on an assumption though) is that in the database, when a device connects, the system captures the IMEI number and the device name, i.e. Samsung Galaxy S10|0123456789
Assuming another device with an implanted/overwritten IMEI connects, the system then captures Samsung Galaxy S7|0123456789. The IMEI is supposedly unique so there is a discrepancy here - which one is the actual device that should be having this IMEI? Is it the S10 or S7? And that is where proof is now required.


On Tue, 31 Mar 2020 at 19:11, simiyu mse <kensimiyu at gmail.com<mailto:kensimiyu at gmail.com>> wrote:
If they picked the IMEI from a dead phone then it wouldn't register twice anywhere.  Even having another db keeping track of IMSI associations with IMEIs. But that is highly inefficient for this use.

On Tue, 31 Mar 2020, 14:57 Odhiambo Washington via kictanet, <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
AHK,

It would appear that the crooks destined the BLOCKING database the dodo way.
I am told that they do it on the cheap (less than KES 500) by picking an IMEI from any dead phone and writing it in the ROM of the stolen ones.
If CA could filter for duplicate IMEIs on the system, they will find several - with some being shared across manufacturer devices.

At the end of the day, the blocking service is supposed to be offered as a public service by who (CA? MNOs?)

Because I need whoever is responsible to help me recover my phone. I am willing to work together with them if need be.


On Tue, 31 Mar 2020 at 12:57, Ali Hussein <ali at hussein.me.ke<mailto:ali at hussein.me.ke>> wrote:
Ndugu Washington

Let me give you a short (very short) Kenyan story:-

Waki Advance...Nasisi tuna Advance.

End of story. :-)


Ali Hussein



Tel: +254 713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim





Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with.


On Mon, Mar 30, 2020 at 12:17 PM Odhiambo Washington via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Once upon a time, when your mobile phone got stolen, you'd report to the police who'd issue you with their famous "Police Abstract".
You would present that form, together with proof of purchase of your mobile phone to your preferred MNO - Safaricom, Kencell, etc who
would then verify your identity and ownership of the said phone and proceed to BLOCK it from being used.
During those days, the MNOs used to have a central shared database of all BLOCKed phones and those phones would be rendered almost
useless unless unBLOCKed. It was possible to recover your stolen phone then - should a buyer of a BLOCKED phone end up at one of the MNOs offices to ask
why "their phone" wasn't working.

Las cosas cambiaron.

These days, when technology has advanced, if your phone gets stolen, the MNOs don't block it.
The last time I had such an unfortunate incident, Airtel told me that they no longer block such phones because when stolen, the thieves go to some crooks who
then write a new set of IMEIs to the phones, which then keep on being used by the new owners.
However, if I needed that form to show that the MNO blocked my phone, I can get it :-(

Now, it seems that crooks beat CA to their game, or who was it who had control/supervision and enforcement of this process???

And me here in my naivety was thinking that with the advancement of technology and regional integration in EA, the CA of KE, CA of UG, CA of TZ, Sudan, Rwanda, Burundi
would come together and ensure compliance from the regional MNOs, such that a phone stolen in EA Region becomes unusable due to the MNOs sharing the BLOCKage database.

End of story. Not sure it was short as initially intended.

CA, are you listening?

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kensimiyu%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.


--
Barrack O. Otieno
+254721325277
+254733206359
Skype: barrack.otieno
PGP ID: 0x2611D86A



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20200402/356ce08a/attachment.htm>


More information about the KICTANet mailing list