@downey

Warning! A lot of acronyms ahead! Welcome to Telco land...

TLDR: Anyone with the "fake cellphone tower" device mentioned can track BOTH your SIMcard, AND your mobile device.

So you better leave them at home, or bring a burner1 phone with a burner1 SIM.

IMSI vs IMEI

The "#IMSI" in #IMSIcatcher is an identifying number tied to your SIM(card).

But what #IMSIcatchers can also capture is your device's #IMEI 2.

The supposed purpose of an IMEI is stated clearly in the official documentation:

"The main objective is to be able to take measures against the use of stolen equipment or against equipment of which the use in the PLMN3 can not or no longer be tolerated for technical reasons."4

Mobile device manufacturers are obligated to produce device unique IMEI's:

"The IMEI shall be unique and shall not be changed after the ME’s [Mobile Equipment] final production process. It shall resist tampering, i.e. manipulation and change, by any means (e.g. physical, electrical and software)."4

IMSIcatcher vendors state their equipment can also capture IMEIs.5 6

So, every phone in the neighborhood of IMSIcatchers in use by law enforcement, are certainly in a batch of "to be tracked".

Did I mention law enforcement (through a legal warrant, they'll need help from mobile operators) can track phones based on IMEI alone (so even if you remove the SIM)? Yes, I believe I did.

PS: a phone connecting to or connected to an IMSIcatcher, is not on the network. Not being able to reach emergency services could lead to physical harm, including death. Just saying.

1 https://ssd.eff.org/glossary/burner-phone

2 International Mobile Station Equipment Identity

3 Public Land Mobile Network: wireless communication services offered by a specific operator in a specific country.

4 https://www.3gpp.org/ftp/Specs/archive/22_series/22.016/

5 https://x-surveillance.com/imsi-stingray-device/

6 https://www.stratign.com/imsi-catcher-system/

Xiaomi 17T in arrivo: debutto globale previsto a febbraio
#Android #Android16 #Dimensity8500 #Dimensity9500 #HyperOS3 #IMEI #Leak #Novità #Rumors #Smartphone #TechNews #Tecnologia #Xiaomi #Xiaomi17T #Xiaomi17TPro

https://www.ceotech.it/xiaomi-17t-in-arrivo-debutto-globale-previsto-a-febbraio/

Nothing Phone (4a) Pro avvistato: debutto sempre più vicino
#IMEI #Leak #MidRange #Nothing #NothingPhone #NothingPhone(4a) #NothingPhone(4a)Pro #Novità #Rumors #Smartphone #TechNews #Tecnologia

https://www.ceotech.it/nothing-phone-4a-pro-avvistato-debutto-sempre-piu-vicino/

@BrodieOnLinux the same #Australia that bans #imported phones not allowlisted by #IMEI as #VoLTE-capable and which criminalizes #encryption on #Smartphones aka. "#CryptoPhones"?

• Why am I not surprised…

#Privacy warning on #Android:

#Whatsapp AND #Signal (including #Molly) want access to "Telephone" permission

This permission is the barrier between sentitive device data like #IMEI and hardware identifiers, that normal user apps cannot read (on modern Android)

Signal works fine without this permission, Whatsapp actively refuses to work!

You cannot use Whatsapp calls without this unneeded and invasive permission, as the app blocks you from calling. "Whatsapp cannot know of other calls" scary?

Como saber el IMEI de mi móvil📱
https://www.enfaseterminal.com/2025/09/imei.html
#IMEI #blogenfaseterminal #telefonia #movil #smartphone #telefoniamovil #robos #hurtos #policia

@iFixit #Apple is not just #AntiRepair, but actively #AntiRefurbisher and #AntiReuse with their weaponization of #iCloudLock which allows anyone with the knowledge of an #IMEI or #MAC or #SerialNumber to remotely #brick any #Apple device via #iCloud.

• Also these actions are literally felonious in several juristictions.

#NotLegalAdvice

#followerpower #smartphone #hacking #ccc

Was hat es mit der #IMEI von Smartphones auf sich?

Kann man mit dieser Nummer ein Telefon Klonen und Schindluder betreiben?

Nach lesen des Artikels (s.u) wurde ich stutzig. Und wenn es stimmt, dann muss man sich sorgen machen :-(

Nur soviel: heute 2025-08-16, Laden- Geschäft, neues Smartphone gekauft. Und hier fängt das Problem scheinbar an. !?

Freue mich auf Rückmeldungen & Unterstützung!

https://nsysgroup.com/de/blog/what-can-someone-do-with-my-imei-number/

@adisonverlice even if an #MVNO isn't demanding any #KYC whatsoever (i.e. #prepaid are offered OTC in most juristictions) it's NOT "#Anonymous" but merely #pseudonymous as it's trivial for governments to utilize existing and mandtory "#LawfulInterception" appliances to create that #PII chain.

#PhoneNumber <=> #ICCID (#SIMcard) <=> #IMSI (SIM profile) <=> #IMEI (Phone/...).

So if #Anonymity is important, NONE of these details have to be linked somehow even circumstantial.

• Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.

• Use the SIM in any device? Consider them circumstantially connected forever: #ICCID <=> #IMEI.

• Same applies to #eSIM|s: #EID <=> #ICCID <=> #IMEI.

Add to the fact that most places have #CCTV, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.

• I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing *104*1234567890123456# )...

So any #privacy-based service should never ever & under no circumstances demand a Phone Number!

• Instead any privacy-focussed service should use #OnionServices, host their own #OnionService or at least #DontBlockTor and allow users to use it via @torproject / #Tor to use and signup. (But don't forget circumstantial connections there either!)

• Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.

📡🕵️‍♂️ Controllo Totale sulle Reti Cellulari!

🔍 Cattura identità IMSI, IMEI e TMSI
📱 Individua telefoni cellulari nascosti
⛔ Blocca selettivamente comunicazioni indesiderate
🔄 Switch in GSM per attivare intercettazioni
🕶️ Ping invisibile del telefono target

Tecnologia avanzata per operazioni di intelligence e sicurezza pubblica. Massimo controllo, massima efficacia. 🔒📶

#IMSI #IMEI #TMSI #catcher #intercettazione
https://www.endoacustica.com/imsi-imei-tmsi-multi-catcher-dispositivi-mobili-cellulari.php

📲💾 Nessun dato è davvero perduto!

🔓 Estrazione fisica e bypass di PIN, password e blocchi
📞 Verifica e controllo del numero telefonico
📱 Controllo IMEI/ESN per identificazione del dispositivo
🗂️ Recupero file da qualsiasi dispositivo, anche danneggiato
🛰️ Estrazione dati anche da unità GPS e tracker

Perfetto per forze dell’ordine, investigatori digitali e aziende. Precisione, affidabilità, risultati. 🔍📱

#telefoni #cellulari #analisiforense #IMEI #GPS
https://www.endoacustica.com/analizzatore-estrattore-dati-cellulari.php

@xssfox @SnoopJ @pjf really?

Is #Australia that cyberfacist?

• Like I know one's not supposed to have stuff or rather is not allowed to use it for obvious reasons but criminalizing mere possession is just absurd.

• But then again #Australia also #IMEI-banned devices due to #VoLTE mandate and banned encrypted devices…

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

• These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

• And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

• Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

• And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

• I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

@LaF0rge @sysmocom I do agree on that one.

The main problem with some mandate in that regard is that such regulations then get flexed against consumers.

Notable examples are the:

• #IMEI-Blocking in #Turkey after 90 days and subsequent demand for #KYC even for #Roaming devices.
• #Australia's IMEI-Firewall because some morons decided they wanted to axe #2G & #3G despite millions of devices that can't do #VoLTE still being in use.

Now granted anyone who can manipulate the IMEI can circumvent that but that means 99,9% of all users aka. "#TechIlliterates" can't.

Новости кибербезопасности за неделю с 23 по 29 июня 2025

Всё самое интересное из мира кибербезопасности /** с моими комментариями. На этой неделе новости про то, как Минцифры предлагает запретить смену IMEI, WordPress снова под атакой, американцы запретили себе WhatsApp, clickfix перерождается в filefix, Brother такой Brother и другие только самые важные и интересные новости из мира информационной безопасности.

https://habr.com/ru/articles/922166/

#информационная_безопасность #imei #wordpress #microsoft #санкции #whatsapp #clickfix #mcp #brother #kaspersky

How Civilian Phone Civil Liberties are Violated

https://archive.org/details/DanielRigmaiden-AaronSwartzDay2017
#AaronSwartz #cut #suicide #AaronSwartzDay
#Feds #AdministrativeSubpoena #IMEI #NIC #BaseTransciever #CellSiteSimulator #Masquerade
DRT Inc. , Key/w --> #ThirdParty #CivilLiberties
#LEAP - Local Number Portability Enhanced Analytical Platform
#ISP #Cellular #PenLink #E911 #ACAB

https://archive.org/
subject:“Cell Phone Surveillance”
#Brax #Phone #iodeOS #HighWare

@GrapheneOS @fluffery @maumau @BryanGreyson @fairphone I.e. @BrodieOnLinux could not use any of those because they don't support #VoLTE (not just in #Australia) and thus would be blocked by the #IMEI-#Firewall!
https://www.youtube.com/watch?v=zIJavqEzEIw

@cryptgoat ja, nur ist es quasi illegal @signalapp / #Signal #anonym (also faktisch nur #pseudonym, weil stets korrelierbar qua #Rufnummer -> #ICCID -> #IMSI -> #IMEI -> #Location) zu nutzen.

• Seit 07/2017 sind anonyme #SIM-Karten faktisch illegal und ne SIM mir Rufnummer ist ne #Paywall die faktisch teurer ist als nen @monocles - Abo.

Allein die notwendigen #Workarounds sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...

• Von den Problemen die Signal hat ganz zu schweigen...

https://fedifreu.de/@cryptgoat/114705198216850106

Blocking stolen phones from the cloud can be done, should be done, won't be done

a snatched phone's IMEI can be blacklisted on cell networks, stopping the device from connecting. This means a stolen phone has little resale value and little attraction to thieves.

#mobilephone #smartphone #IMEI #theft #security #cybersecurity

https://www.theregister.com/2025/06/09/opinion_column_blocking/

@derekmorr

Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.

Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!

The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.

That's literally wrong!

• #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)

It’s been 30 years, and no one uses xmpp. Let it go.

Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)

It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.

You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.

• The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.

I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.

• I've literally been there and done that!

As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...

• So even if you think "#monocles is a #honeypot" that is mitigateable ciz unlike with Signal you can choose your own client, choose a different provider & exervise self-custody of all tue keys!