IMEI changing kit for GTA02

Wed Feb 19 13:44:04 CET 2014

On Wed 19 February 2014 12:21:00 Christoph Pulster wrote:
> Hi,
> 
> its nice to see, outlaw Michael's activities cause some life in this
> list.
> 
> @Nikolaus: damn to UK laws, Michael is providing a tool to change IMEI,
> no more no less. Besides legal issues, I miss the thanks to Michaels
> effords. Of course he wrote a lot strange/non tolerable things in this
> list in the past, but concerning technical effords, he was very
> insistant and pushed it as far as writing a tool for easy change of IMEI
> without having full access to NDA-infos.
> 
> 
> @Joerg: "changing IMEI...will not improve your privacy, au contraire"
> please explain this to me again.
> If I buy a Openmoko and use a non-registered prepaid card with it,
> change the IMEI before first usage, who can track my real ID ?
> 
> Christoph

I knew this will come up again. We had been through all this a month or two 
ago. Whatever...:

who can track you? everybody who already tracked you and noticed you did a 
call before to same far end number from roughly same geo-location. When you do 
TWO calls to TWO (normal) numbers, not even geo-location is needed (unless 
both numbers are of the class "gets 500000 calls per day").
And so far we didn't even consider any implications from fingerprinting of your 
mobile equipment's GSM stack and physical transceiver. Buzzword nmap "guess 
OS" to give you an idea of how that works.

Honestly, changing your IMEI doesn't mean you magically get invisible, you 
rather stand out as one of maybe 5 guys in your wider area - read town, 
country - using a *new* fake IMEI. Even when you change your IMEI (and discard 
your SIM and get a new one) after every single call you do, you will stand out 
even more as THE only guy who is known to do that in your whole country.

Then add on top true eavesdropping on calls and speaker recognition.

And when things go really haywire, you pick a "random" IMEI that's actually 
already in use by somebody else, or is blacklisted.

Oh, and make sure you did pay your SIM with real money, not any credit card or 
whatever.

So let's sum up: you find a carefully selected fake IMEI, switch your phone to 
that, insert that new SIM you just purchased for 10 bucks at a gas station 
where you popped up disguised as Benjamin Franklin and registered it in 
internet under Benjamin's identity to enable it, then you do one phonecall and 
discard the SIM immediately after call. Right?

Better use a phonebooth! ;-)

cheers
jOERG
-- 
()  ascii ribbon campaign - against html e-mail     
/\  www.asciiribbon.org   - against proprietary attachments
(alas the above page got scrapped due to resignation(!!), so here some 
supplementary links:)
http://www.georgedillon.com/web/html_email_is_evil.shtml          
http://www.nonhtmlmail.org/campaign.html
http://www.georgedillon.com/web/html_email_is_evil_still.shtml    
http://www.gerstbach.at/2004/ascii/ (German)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openmoko.org/pipermail/community/attachments/20140219/d0e4a378/attachment.sig>