Stolen Cellphone Databases Switched On In US 165
alphadogg writes "U.S. cellphone carriers took a major step on Wednesday toward curbing the rising number of smartphone thefts with the introduction of databases that will block stolen phones from being used on domestic networks. The initiative got its start earlier this year when the FCC and police chiefs from major cities asked the cellular carriers for assistance in battling the surging number of smartphone thefts. In New York, more than 40 percent of all robberies involve cellphones and in Washington, D.C., cellphone thefts accounted for 38 percent of all robberies in 2011."
Welcome (Score:5, Informative)
Welcome to the 21st Century.
The EU has had this for over a decade.
Re: (Score:3)
So has Verizon Wireless.
Doesn't prevent someone from flashing new software and using it on another carrier, but VZW uses CDMA. That limits your options to Sprint, Cricket, and a handful of regional carriers.
Re: (Score:3)
Re: (Score:2)
Re:Welcome (Score:4, Insightful)
Regardless, what if someone typos your ESN over another. How does one prove they should not be on the list?
Simply calling the carrier and telling them it's your phone and you did not steal it would probably suffice.
If you bought it on craigslist or ebay, then it probably is stolen, and maybe the police will take it off your hands and return it to the rightful owner.
If you bought it new from the carrier and somebody just fat-fingered the ESN, you'll just show them the receipt (or your carrier will provide proof) that you did buy it and it's not stolen and they'll fix it. It may be that only phones purchased new from the carriers will be so entered anyways, so they're not likely to make such mistakes (as they'll have a record of exactly what phone you bought and have been using.)
Certainly, I would not expect thieves and people who know they have stolen phones to contact the carriers about their phones being disabled (as it's a good way to go to jail), so anybody who contacts them and says the phone wasn't stolen probably could be reasonably trusted. The only exceptions will be people who bought used phones -- and in that case, the serial numbers and ESNs could be verified and if it's the stolen phone, return it, and if not, fix the database.
Re: (Score:2)
You're not thinking like Kevin Mitnick.
Nope, probably not.
"How could one game the system?"
Well, I guess we'll soon find out, won't we? (I don't expect large problems, but we'll see ...)
Re: (Score:2)
I thought Verizon only used that list for people who did not pay their bill?
I don't think they use it for stolen phones.
Re: (Score:2)
Certainly in the UK, it is a common database used by all 4/5[*] carriers, and I believe the database is shared with other countries around the world.
[*] Orange and T-Mobile are now the same company. I'm not sure if they have fully merged their networks yet, if not, they plan to very shortly.
Re:Welcome (Score:4, Interesting)
You can and I used to have a phone reprogrammed to give me a random IMEI each time I started it. It's just harder to change IMEI and there are also laws against it.
Re: (Score:2)
Not EU, UK maybe.
Re: (Score:2, Offtopic)
Welcome to the United States. If it inconveniences Corporate America, it's bad for America.
Re: (Score:2)
Hell, welcome to the 20th century. Some countries had IMEI blocking across GSM networks in the 90s...
Re: (Score:2, Informative)
The US will leapfrog over the chip and go directly to NFC, which not coincidentally is the same as "smart card" technology, just with a wireless interface instead of the gold plated electrical contacts.
Re:Welcome (Score:4, Informative)
The NFC chip is powered by an induction coil in the reader. In London, the Oyster card is a pre-paid NFC card that can be used to access public transport. There are similar systems elsewhere in the world, including some US cities. We also have some NFC credit cards in circulation, and some places that take them, such as McDonalds, though they are not yet in widespread use.
Re: (Score:2)
Re: (Score:2)
The main advantage is that it is much quicker.
Re: (Score:3)
Wear.
Contact chips used in chip and pin cards have to be regularly replaced. Contactless cards last... I'd nearly even say indefinitely. I've had my current Oyster card for 8 or so years now (Lost my last one when I lost my wallet) my chip based cards need replacing at least every 2 years.
Re: (Score:2)
When did that happen? Or is this a marketing aspiration? What is this "cool" thing anyway (I don't think that you're referring to a thermodynamic comparison), and what self-respecting nerd ("News for Nerds ; stuff that matters") gives a shit about it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Except 2degrees, who because of their American owner insist they don't need an IMEI blacklist because "stolen phones aren't a problem".
Re: (Score:2)
There is a cost of change.
The UK banks are a prime example, there is so many inter-dependant systems, not only within the bank, but also with everyone who they interact with. This all needs to change; in NZ with a smaller population, smaller number of customers and subsequently smaller systems and interactions it's a LOT easier to be more nimble.
Re: (Score:2)
Re: (Score:2)
(I grew up in an overspill town ; if London is so great, how come millions are struggling to get out of the place?)
Re: (Score:2)
You miss the point.
The EU has had this for ten years and there's never been any problem enough to generate a reputation like you're suggesting.
You think identity theft is any less common in Europe than the US? Don't talk insane. The fact is, mobiles reported as stolen to the police are put on the database and blocked (and thus can't be reused without shipping them to, say, a non-compliant country who don't care about stolen mobiles).
If you want to report a mobile phone as stolen, you think they don't chec
Why (Score:2)
The cellphone is less of the cost than the service.
Re:Why (Score:5, Interesting)
The cellphone is less of the cost than the service.
Because they can sell the phone at just below "off contract" prices. Remember, the cost of cell phones if you purchase them outright is about 2-3x what it is if you buy them on contract. If you are on contract and lose your phone, the replacement is full price. Or, people can buy these phones and use them on non-contract networks that tend to be cheaper since they usually don't offer phone discounts.
Re: (Score:2)
Nonsense. The cost of a cell phone you buy on contract is usually more, as you repay the subsidy discount and then some in the service fees over the duration of the contract. Losing your phone only means they get to bone you harder.
Re: (Score:3)
Re: (Score:2, Insightful)
Re:Why (Score:5, Insightful)
I sold an iPhone 3s for $175 on eBay, just after the 4s came out. I was due for an upgrade, so I sold my old phone.
I would get the same $$ if I stole yours and sold it. The cost of the service is irrelevant the the thief, as long as he can get good money for a stolen phone.
Re: (Score:2)
Not really - the service includes a large premium used to amortise the cost of the handset. This becomes quite plain when you look at the comparative costs of the handsets and service in other countries where people tend to buy phones outright/don't use contracts/BYO phone.
For instance, an iPhone or higher-end Android device costs typically $500-$1000 outright in most countries. A lot of people buy them outright then put them on a relatively cheap plan (e.g. $15 a month). Losing the handset is a big deal in
Great! Until.... (Score:5, Insightful)
Carriers decide to start using the exact same technology to block users from re-selling used phones.
Re:Great! Until.... (Score:5, Insightful)
They do care (Score:3, Interesting)
Carriers want you to sign a new two-year contract. They also aren't entirely thrilled that you can get an inexpensive second-hand phone and activate it on a prepaid plan. T-Mobile already does block a phone's IMEI if the the original owner abandoned their account with an unpaid balance (a matter that should be left to collection agencies, not handled by blacklisting a phone). Worse, T-Mobile is known to block a phone after it's already been sold and is in use by a new owner who had no way of knowing the
Hello? (Score:1)
Yes, hi this is Jonny Law. You can pull over with your hands-free up!
ebay should join in (Score:1)
Why block them? (Score:3)
Re:Why block them? (Score:5, Insightful)
That is a ton of "man hours" for the police to track someone down for stealing a $100 device. In most states, they can't prove the current holder of the phone stole it, so the best they can do is confiscate the stolen goods. By making them not work at all, it should make the market for stolen phones dry up..
Re:Why block them? (Score:4, Interesting)
Unsubsidized smartphones easily cost $600+, which constitutes grand larceny (often a felony) in most states.
I agree that the current holder of the device is probably not the person who stole it, but over a few data points it probably wouldn't be terribly difficult (yet) to track it back to the original thief, what with everything being location-aware these days. That said, you're right - if we just shut the devices off immediately, the desire to steal phones should drop to nearly zero overnight.
Re: (Score:2)
1. The IMEI can be changed
2. Blocked phones can be exported.
Europe has a brisk trade in phones that are country-blocked, but will work anywhere else in the world.
Re: (Score:2, Interesting)
I am not a lawyer, but I had someone break into my car and steal a phone. Months later cops arrested someone they suspected, but couldn't prove, was guilty of a ton of break ins. They found my phone on him and traced it back to me even though I never even reported it stolen. I was asked to come in and fill out paperwork and to provide the retail replacement cost of the phone. The in subsidized new retail price was used and he was charged with a felony. All because he wanted to "look like money" walking
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Because the person who has the phone while it's on may not be the party that took it? Yeah you can try to pop them for receiving stolen property, but that requires proving intent which can be difficult and doesn't stop the theft from happening. Now if you take away the profit motive the theft is much less likely to occur.
Re:Why block them? (Score:4, Interesting)
Re: (Score:3)
Do you really think cops give two sh*ts about a stolen cell phone? Or stolen anything for that matter? Have you ever had anything stolen? Unless the thief literally falls into their laps, I guarantee they're not going to do anything about it.
It depends how wealthy the location is. Think of minor fender bender parking lot-style car accidents. I or my family members have had the following experiences in the last decade:
Very well off "law and order republicans" suburban area: Cop dispatched, takes pics and makes report onsite before we're allowed to leave. Pulls up with lights on but at least left the siren off. Take statement from both parties, breathalyzer both parties (even though both obviously 0.0%) etc.
So so literally borderline area:
cop response (Score:2)
Re: (Score:2)
Suburban law enforcement is a whole different creature from urban law enforcement. A friend threw a party in the Burbs years ago and a neighbor complained about the noise. Three cop cars showed up.
My GF managed a downtown chain store and cops could hardly be bothered to come pick up the shoplifters they caught. And, even if they did show up for them, they'd often be right back on the street and sometimes come BACK to the store within days to shoplift AGAIN!
Re: (Score:2)
38% of crime (Score:4, Interesting)
What I don't understand is why that much crime is going uninvestigated. Why aren't there dedicated law enforcement units working in major metropolitan areas to recover these phones? In most jurisdictions, they are valuable enough to qualify the theft as grand larceny. What's more, each cell phone has a built-in tracking device accurate to within a few meters, and have microphones and cameras built in! These aren't exactly difficult crimes to solve.
Re: (Score:2)
What I don't understand is why that much crime is going uninvestigated.
It would depend on your definition of investigated for one, if the cops know about it, there is at least a record/report and the cop asked you some questions...
The other issue, it that most cell phone thefts are likely considered petty theft (which is why the theft of my iPods will never be investigated) and they are not likely to dust for fingerprints or do other than take a report and update their stats for a petty theft.
Re:38% of crime (Score:5, Informative)
Re: (Score:3)
Thy already took the resources from those for Copyright infringement enforcement.
Re: (Score:2)
Should have done so a while ago. (Score:1)
They already blacklist imei but it's only on a per carrier basis which is obviously easy to get around simply by using a different carrier with the blacklisted phone. Having a global blacklist database is definitely a great improvement. The only two question is, will phone re-sellers also use the blacklist (like many prepaid companies that rely on the major companies network) and when can we have a global database to prevent sales to out of the country as well.
Re: (Score:2)
Re: (Score:2)
still limits the resale value, even criminals don't want to walk around with an phone that doesn't work as a phone
iPod touch (Score:2)
even criminals don't want to walk around with an phone that doesn't work as a phone
Then explain why the iPod touch still sells.
Re: (Score:2)
because it is what it is, and if the phones where being stolen and never used as phones again then your comment would be fully valid and they wouldn't even need to do this because well they arn't being used as phones. But the stolen phones are being used as phones, not ipod's, sure you could use it as such and i'm sure some would, but based on past usage my bet is that if a stolen phone could no longer be used as a phone, it's less likely to be stolen for that purpose.
Re: (Score:2)
sure you could use it as such and i'm sure some would, but based on past usage my bet is that if a stolen phone could no longer be used as a phone, it's less likely to be stolen for that purpose.
In other words, it appears you're claiming that stupid criminals will remain stupid and not learn to cover their tracks by flashing a build of, say, CyanogenMod with all references to "phone" removed onto a stolen Android phone. Do I understand you correctly?
Re: (Score:2)
and sell it as what? hey i got the new Samsung Galaxy XYZ tablet, looks like a phone but isn't.
There are few devices out there that are the same visual and label device that are sold in phone and non phone versions.. closest i can think of is the iphone and ipod touch both of which are clearly marked and are noticeably different.
while the criminals might be smart enough to flash it, the device physically would look line a phone, and only an idiot would buy it thinking it wasn't.
Re: (Score:2)
Galaxy Player (Score:2)
and sell it as what?
The Galaxy Player came out in October 2011. It looks like a Galaxy S and works like a Galaxy S, except for no cellular radio. It's very much like an iPod touch, and it's what I would have bought had it come out a year earlier. (Instead, I bought an Archos 43 Internet Tablet, which is the same thing with no GPS and no multitouch.)
the device physically would look line a phone
Excuse: factory second.
Re: (Score:2)
didn't realize that.
Wrong: IMEIs are no longer unique (Score:5, Informative)
The new database blocks the IMEI number, a unique identification number in the cellphone akin to a VIN (vehicle identification number) in a car. The ID number remains with the cellphone no matter what SIM card is used.
10% of IMEI numbers are not unique [bbc.co.uk] according to British Telecom. That being said in the UK at least, if your phone gets blocked by accident, there is a procedure to get it unblocked - so all is not lost for you.
Re: (Score:2)
You're right. Here is a document [gsma.com] dating back from July 2011 (the emphasis in bold is mine).
GSMA has launched an initiative to fight mobile theft, and has worked on IMEI security best
practice. GSMA and DIGITAL EUROPE members drafted and approved 2 common
documents:
Technical Principles: intended to strengthen the security of the International Mobile
Equipment Identity (IMEI)
* GSMA Doc Reference: Security Principles Related to Handset Theft 3.0.0
* DIGITAL EUROPE CCIG Doc Reference: DIGITAL EUROPE Doc: 04cc100
Process in place: GSMA and DIGITAL EUROPE have agreed on a process to report alleged
breaches of IMEI integrity and on the introduction of counter-measures to correct and
improve IMEI security.
* GSMA Doc Reference: IMEI Weakness and Correction Process 3.0.0
* DIGITAL EUROPE CCIG Doc Reference: DIGITAL EUROPE Doc: 04cc101
Apparently to the drafters of that document, IMEI integrity and security (whatever that means to them) is something that must be constantly monitored and maintained. And while this does not prove my original point.
As a mobile software developer, until I know what those "counter-measures" are supposed to be in the first place, I'm just going to assume that what was true 10 years ago can still be true today, and I can n
Re: (Score:2)
Re: (Score:2)
You can probably rely on the IMEI being set by the manufacturer is globally unique. The number is made up from a combination of manufacturer number, a model number, a serial number and a check digit. The ones that come from the grey market and those that have had their IMEI illegally reprogrammed, are the problem causing duplicates.
I don't believe that's the case.
From what I remember, the problem stems from IMEI spec being changed. At first they had to be unique, then they no longer needed to be unique after a certain year. Now they need to be unique again.
I realize what I'm saying sounds weird, but that's what I remember happened.
Re: (Score:2)
http://www.gsma.com/newsroom/ts-06-6-0-imei-allocation-and-approval-guidelines/ [gsma.com]
Re: (Score:2)
I know. I'm the one who linked to that document. That document is dated July 2011, and it has been changed many times.
You don't have to believe my claim below if you don't want to. After all, I don't have the original source for what I'm claiming, so I wouldn't believe myself either if I were you, but the original document had attached an initial expiration date to the requirement of keeping those numbers unique. And for a while, devices with non-unique IMEI number were coming out of Chinese factories, and
Re: (Score:2)
Several countries have already blocked all duplicate IMEI numbers. Kenya did it last month and Dubai did it in May
iPods Next (Score:2)
This is great and has been too long in coming, I'd guess most of the challenges were administrative vs. technical.
What's next? How about iPods?
Re: (Score:2)
iPod tethering (Score:2)
Re: (Score:2)
God help the man... (Score:2)
... whose phone gets on this list by accident. Suddenly a good customer becomes a dirty criminal. I'm sure there will be no way to rectify the mistake.
Still not enough. (Score:3)
Both android and iphone have the ability to be "rendered useless" by the OS maker. let me be able to set a "stolen flag" that locks the phone in a states that says "STOLEN PROPERTY CALL 1-800-XXX-XXXX to report and return" that cant be easily bypassed. I.E. restoring the iphone will not disable it, etc... this will make the street value of any stolen smartphone $0.00 instantly. THAT will fix the problem and apple could put that in place with a trivial amount of coding as they already have "find my iphone" as a part of the OS. Android on the other hand will take some work as it lacks that feature.
The phone OS makers refuse to put a simple system like this in place because stolen phones make them money.
Re: (Score:2)
The resale value will always be a significant portion of the value of a replacement screen/anything except the part that has been disabled
Misread the title (Score:2)
Thought someone had stolen some "cellphone databases", whatever those were, and had just gotten around to switching on the databases they'd stolen. Clicked because I was curious what a "cellphone database" was.
Re: (Score:2)
Instead of just blocking... (Score:2)
If these phone really are stolen, I see no problem if we could make them explode when turned on by the thief, fence or fence customer... When you buy a hot phone, expect to loose your hand, just like what would happen to thieves in Islamic countries...
Re: (Score:3)
I'd expect that cell phones stolen face-to-face would fall into the latter more than the former.
Re: (Score:3)
I think the point is more to prevent the phone from being resold on craigslist and the like. I don't think they care how it got stolen. Last time an article came up on slashdot about it, only the account owner could list the phone as stolen, and only the account owner could unlist it.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Don't forget the opposite purpose. What if any authentication is required to put a serial number or whatever in the DB as either a prank (ha ha cube mate) or the stereotypical insane spouse going after the other spouse during divorce or whatever?
If its just a web form somewhere, T minus x minutes until some goofball DDOSes the web form to add all serial numbers from 00000000 to 9999999 psuedorandomly to the stolen DB.
Re: (Score:3)
And how do you get your phone OFF the list if someone adds it maliciously or accidentally (types a 2 instead of a 3 when entering the identifier for a phone that's been stolen, for example?) Who do you need to contact (from a different phone or in person, naturally) and what proof do you need to give that you are the owner of the phone?
Re: (Score:2)
They required a police report because there was no easy way for them to remove the IMEI from the list, as it was periodically shared with other carriers internationally
Re: (Score:2)
You would think the list would be a simple REST API-backed site.
Carriers submit IMEI, Carrier, Police Report Number, CreatedOn. Upon activating service, their middleware would make a call to the API providing the IMEI. IMEI count > 0? NO SERVICE FOR YOU.
Re: (Score:2)
No, because it's not centralised. Some carriers share them overseas (with Vodafone, they likely share it with other Vodafone Group members and they then share them with other local carriers) but not all. And I imagine most cellphone carriers would be quite resistant to putting that much power in the hands of a third party too.
Re: (Score:2)
People put a whole lot of power/trust in third-party non-profits all the time. ARIN, ICANN, etc.
Re: (Score:2)
probably (hopefully) they will require a police report to be filed, as is required, say, for claims against bank card fraud. you'd have to be a total moron to file a false police report.
Re: (Score:2)
No, this is overkill.
I live in Australia and had a phone lost/stolen a few years ago (I say lost/stolen because it was my fault I lost it, but when I called the number, some random picked up and talked with me for a minute, until it became obvious that I was the owner of the phone and that I wanted it back, at which point they abruptly hung up). All I had to do was call my provider and report the phone lost and the IMEI was blocked on all Australian networks within a day or two.
Note though that YOU have to
Re:So it begins.. (Score:4, Interesting)
In Sweden you need to report the phone stolen to the police before blacklisting it. Works like a charm. No problems what so ever.
Re: (Score:2)
Except carriers typically subsidize a phone, so selling you a phone costs them money. They'd be much happier if you just keep using your old phone or buy second-hand phones.
Re: (Score:2)
Re: (Score:3)
you can never be sure that the used phone you bought today wasn't stolen yesterday and is on the row to be blocked.
Well this has a simple enough protocol. Ask for the IMEI, meet ya second thing tomorrow to make the trade, first thing tomorrow type in the IMEI and see if its stolen, if it is, don't meet.
Re:IMEI blacklist (Score:5, Informative)
The US didn't start using this blacklist until a few months ago.
I'm not sure why TFA says "Wednesday" - over on XDA, people with corrupt IMEIs started complaining 2-3 months ago.
(On Samsung devices, if the EFS partition gets corrupted, it'll be regenerated with a "test IMEI", which all European carriers block but US carriers allowed until recently. The test IMEI is blacklisted. Some shady characters were intentionally corrupting TO the test IMEI to prevent AT&T from detecting their device as a smartphone and all started whining when their hack caused their device to be 100% blocked as stolen.)
Re: (Score:2)
Once all the manufacturers move to sealed units with no battery replacement possible, I don't see why the quality of cells wouldn't mysteriously degrade slowly until they only last at most the two years of your contract.