Stolen phone blocking – A short story about CA vs MNOs

@Wash
Interesting Security Conundrum that requires input from a device
manufacturer. Maybe Adam, can give us a Huawei Perspective

Regards

On Wed, Apr 1, 2020 at 10:47 AM Odhiambo Washington via kictanet <
[email protected]> wrote:

> @simiyu,
>
> What I meant to say (based on an assumption though) is that in the
> database, when a device connects, the system captures the IMEI number and
> the device name, i.e. Samsung Galaxy S10|0123456789
> Assuming another device with an implanted/overwritten IMEI connects, the
> system then captures Samsung Galaxy S7|0123456789. The IMEI is supposedly
> unique so there is a discrepancy here – which one is the actual device that
> should be having this IMEI? Is it the S10 or S7? And that is where proof is
> now required.
>
>
> On Tue, 31 Mar 2020 at 19:11, simiyu mse <[email protected]> wrote:
>
>> If they picked the IMEI from a dead phone then it wouldn\’t register twice
>> anywhere. Even having another db keeping track of IMSI associations with
>> IMEIs. But that is highly inefficient for this use.
>>
>> On Tue, 31 Mar 2020, 14:57 Odhiambo Washington via kictanet, <
>> [email protected]> wrote:
>>
>>> AHK,
>>>
>>> It would appear that the crooks destined the BLOCKING database the dodo
>>> way.
>>> I am told that they do it on the cheap (less than KES 500) by picking an
>>> IMEI from any dead phone and writing it in the ROM of the stolen ones.
>>> If CA could filter for duplicate IMEIs on the system, they will find
>>> several – with some being shared across manufacturer devices.
>>>
>>> At the end of the day, the blocking service is supposed to be offered as
>>> a public service by who (CA? MNOs?)
>>>
>>> Because I need whoever is responsible to help me recover my phone. I am
>>> willing to work together with them if need be.
>>>
>>>
>>> On Tue, 31 Mar 2020 at 12:57, Ali Hussein <[email protected]> wrote:
>>>
>>>> Ndugu Washington
>>>>
>>>> Let me give you a short (very short) Kenyan story:-
>>>>
>>>> Waki Advance…Nasisi tuna Advance.
>>>>
>>>> End of story. πŸ™‚
>>>>
>>>> *Ali Hussein*
>>>>
>>>>
>>>> Tel: +254 713 601113
>>>>
>>>> Twitter: @AliHKassim
>>>>
>>>> Skype: abu-jomo
>>>>
>>>> LinkedIn: ke.linkedin.com/in/alihkassim
>>>> <ke.linkedin.com/in/alihkassim>
>>>>
>>>>
>>>>
>>>>
>>>> Any information of a personal nature expressed in this email are purely
>>>> mine and do not necessarily reflect the official positions of the
>>>> organizations that I work with.
>>>>
>>>>
>>>> On Mon, Mar 30, 2020 at 12:17 PM Odhiambo Washington via kictanet <
>>>> [email protected]> wrote:
>>>>
>>>>> Once upon a time, when your mobile phone got stolen, you\’d report to
>>>>> the police who\’d issue you with their famous \”Police Abstract\”.
>>>>> You would present that form, together with proof of purchase of your
>>>>> mobile phone to your preferred MNO – Safaricom, Kencell, etc who
>>>>> would then verify your identity and ownership of the said phone and
>>>>> proceed to BLOCK it from being used.
>>>>> During those days, the MNOs used to have a central shared database of
>>>>> all BLOCKed phones and those phones would be rendered almost
>>>>> useless unless unBLOCKed. It was possible to recover your stolen phone
>>>>> then – should a buyer of a BLOCKED phone end up at one of the MNOs offices
>>>>> to ask
>>>>> why \”their phone\” wasn\’t working.
>>>>>
>>>>> *Las cosas cambiaron.*
>>>>>
>>>>> These days, when technology has advanced, if your phone gets stolen,
>>>>> the MNOs don\’t block it.
>>>>> The last time I had such an unfortunate incident, Airtel told me that
>>>>> they no longer block such phones because when stolen, the thieves go to
>>>>> some crooks who
>>>>> then write a new set of IMEIs to the phones, which then keep on being
>>>>> used by the new owners.
>>>>> However, if I needed that form to show that the MNO blocked my phone,
>>>>> I can get it πŸ™
>>>>>
>>>>> Now, it seems that crooks beat CA to their game, or who was it who had
>>>>> control/supervision and enforcement of this process???
>>>>>
>>>>> And me here in my naivety was thinking that with the advancement
>>>>> of technology and regional integration in EA, the CA of KE, CA of UG, CA of
>>>>> TZ, Sudan, Rwanda, Burundi
>>>>> would come together and ensure compliance from the regional MNOs, such
>>>>> that a phone stolen in EA Region becomes unusable due to the MNOs sharing
>>>>> the BLOCKage database.
>>>>>
>>>>> End of story. Not sure it was short as initially intended.
>>>>>
>>>>> CA, are you listening?
>>>>>
>>>>> —
>>>>> Best regards,
>>>>> Odhiambo WASHINGTON,
>>>>> Nairobi,KE
>>>>> +254 7 3200 0004/+254 7 2274 3223
>>>>> \”Oh, the cruft.\”, grep ^[^#] πŸ™‚
>>>>> _______________________________________________
>>>>> kictanet mailing list
>>>>> [email protected]
>>>>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>> Twitter: http://twitter.com/kictanet
>>>>> Facebook: www.facebook.com/KICTANet/
>>>>>
>>>>> Unsubscribe or change your options at
>>>>> lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>>>>>
>>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
>>>>> platform for people and institutions interested and involved in ICT policy
>>>>> and regulation. The network aims to act as a catalyst for reform in the ICT
>>>>> sector in support of the national aim of ICT enabled growth and development.
>>>>>
>>>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>>>> online that you follow in real life: respect people\’s times and bandwidth,
>>>>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>>>>> not spam, do not market your wares or qualifications.
>>>>>
>>>>
>>>
>>> —
>>> Best regards,
>>> Odhiambo WASHINGTON,
>>> Nairobi,KE
>>> +254 7 3200 0004/+254 7 2274 3223
>>> \”Oh, the cruft.\”, grep ^[^#] πŸ™‚
>>> _______________________________________________
>>> kictanet mailing list
>>> [email protected]
>>> lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at
>>> lists.kictanet.or.ke/mailman/options/kictanet/kensimiyu%40gmail.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people\’s times and bandwidth,
>>> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>
>
> —
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> \”Oh, the cruft.\”, grep ^[^#] πŸ™‚
> _______________________________________________
> kictanet mailing list
> [email protected]
> lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people\’s times and bandwidth,
> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>