12

I have some questions regarding IMEI numbers and data and identity theft. While searching online I have found many conflicting answers regarding this topic and would like some clarification if possible.

Hypothetically, an enemy of mine gets a hold of the IMEI number and only the IMEI number of my smartphone. Can he steal or view my data with it?

As far as I know, with an IMEI number, you can report a phone stolen and it will get blocked. Or you can clone the IMEI on another device. What are the implications and consequences if someone clones my IMEI on another device other than the risk of getting the IMEI blocked?

I have also read that if a person has your IMEI number they can easily hack into your WhatsApp account, if they also have your phone number, since the IMEI is viewed as the password for WhatsApp.

My biggest concern is not that my phone would get blocked, it is that someone that has my IMEI number can view my personal data on my smartphone. Emails, pictures, texts, social media, eavesdropping etc... Can someone do that with just the IMEI number? And if so, why is this number so easily obtainable? You can find it on the box of the smartphone and numerous other ways to obtain it on the phone. Including some apps that make use of it. I also see people posting their IMEI on forums. How safe is that?

Improve this question
2
  • If you feel someone else is using your IMEI number and they are in your country report them. IMEI spoofing is highly illegal in most country's. As far as whatsapp I am not sure. I know you can spoof your IEMI and Phone number in a SMS thats about it. If a sms confirmation get sent to your phone with a code from whatsapp server. Then the only really practical way to hack this would be if someone got a 3g jammer and sat out the front of your house putting your cell reception back to 2g then they would need to break your cell encryption and intercept the sms confirmation.
    – Tim Jonas
    Jun 16, 2015 at 12:53
  • Thing is, how would I know if my IMEI is being used by someone else in my country? Regarding the whatsapp question, shouldn't the person also have a copy of my SIM card in order to duplicate my account? Is that even possible with todays SIM cards? Because if the IMEI is the password of Whatsapp, then everytime you sell a phone you are giving away your whatsapp password, and everytime you buy a second hand phone someone gives you their whatsapp password...
    – Bluebear
    Jun 16, 2015 at 13:09

2 Answers 2

Reset to default
6

IMHO the IMEI is a device identifier (International Mobile Station Equipment Identity). You can retrieve it from any device by dialling *#06#. So it´s not a real secret, and anyone borrowing your phone for a short moment can get hold of it. The IMEI is bound to the device, not your phone number or account. It could be used to track stolen phones, and to lock them out from networks (done in a few countries, but not across borders or carriers normally, they could not agree on a global DB). However, some phones apparently allow changing the IMEI, which is of course a bad idea (why hardware vendors allow such things BTW, is it too hard to burn in a number of bytes and then make them read-only?) and people could overwrite it easily.

If WhatsApp would use the IMEI for personal identity I could not change my phone anymore, if my old one breaks. The whole idea of GSM was and is that you are not bound to the phone, rather you are just bound to the SIM card, and that is what needs to be protected. The SIM is your key to your telephone number, that´s the reason why you got a PIN code and why it locks you out after 3 failed attempts...

I don´t believe there is any identity theft possible by knowing telephone number and IMEI. You need to get hold of the SIM card, somehow hack it and retrieve the IMSI. This is what identifies you against the mobile provider. Read this: https://www.quora.com/What-is-the-difference-between-ICCID-IMSI-and-IMEI-numbers

Even your telephone number does not need to be stored on the SIM. For example, my private datacard-only SIM displays an invalid phone number when asked, but on my invoice I can see a real one, which even accepts SMS.

Improve this answer
1
3

I have also read that if a person has your IMEI number they can easily hack into your WhatsApp account, if they also have your phone number, since the IMEI is viewed as the password for WhatsApp.

This is basic FUD. WhatsApp works over TCP and doesn't have anything to do with the phone network. You could run WhatsApp over Ethernet from your home network. WhatsApp only requires you to confirm the ownership of a phone number by entering a code they text you as they don't have usernames and rely on phone numbers to identify people, but once that's done, you can completely throw away your phone and use a computer for WhatsApp and it'll still work fine.

Moreover, even if someone manages to intercept the number confirmation SMS (impossible with just IMEI spoofing) they will only be able to take over your phone number and receive future messages, but not read anything you've received so far.

Even if the carrier's network is compromised beyond repair and the attacker is able to intercept your traffic, they won't be able to understand it as WA uses encryption to talk to their servers. Sure, at this point they would be able to intercept the number confirmation text message and take over your WA identity, but you would definitely notice (you'll just get logged out from WA) and they still won't be able to read your past messages.

it is that someone that has my IMEI number can view my personal data on my smartphone

Any app that would upload your personal data (to a cloud for example) will do so over an encrypted connection and will use a carrier-independent username and password. They don't use the IMEI to identify you and IMEI spoofing alone doesn't even give the attacker a way to eavesdrop on your traffic (not that it'll help them much because encryption).

Improve this answer
3
  • I think you need to do some reading into how WhatsApp uses the IMEI number for accounts. A quick Google search produces rich results on this topic: news.ycombinator.com/item?id=4480695
    – schroeder
    Jun 16, 2015 at 16:39
  • So basically, if someone knows your IMEI number and only your IMEI number they cannot do much damage. I am asking this because someone i know went through the about section of my Windows Phone and could see my IMEI and my SIM ID (which I changed since). So the only thing they have at their disposal now is the IMEI. Only with that they cannot eavesdrop me in any way?
    – Bluebear
    Jun 16, 2015 at 17:17
  • @BillyBear, I think that person would also know your phone number, since you have probably given it to him. And phone number + IMEI would be enough to impersonate you to WhatsApp.
    – Ángel
    Sep 22, 2015 at 9:48

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .