The International Mobile Equipment Identity (IMEI) works as a unique fingerprint for every smartphone in the world, mentioned experts in data destruction. This key is used by telecommunications companies to establish network connectivity on a SIM card, as the IMEI of two computers cannot be the same.
Because IMEI cannot be the same for two devices, this key is also used to track the activity or location of stolen or lost devices.
This does not mean that there are no failures in the use of this identifier. According to experts in data destruction, police in Uttar Pradesh, an India state, reported that more than 13,000 smartphones have been found to have been assigned the same IMEI number. In addition, most of these devices were sold by the Chinese manufacturer Vivo.
The find began with a local police sub-inspector who recovered his smartphone after taking it to maintenance a few months ago. However, the user continued to experience a failure of their device even after repairs; soon after, the user noticed that the IMEI of their device had changed.
The case was filed and some security alerts were sent to the company that made these devices; because Vivo did not respond to the constant requirements of the Indian authorities, a formal complaint was filed with the cyber investigation team. Uttar Pradesh police also notified Vivo about the more than 130,000 devices with the same IMEI key. Most users may not be familiar with the different applications that this key has, but this is a serious security issue that could hinder criminal investigations or lead law enforcement to the wrong user: “This failure could lead the wrong person to jail due to confusion,” said experts in data destruction.
A similar incident was reported in 2012, when it was discovered that more than 18,000 smartphones of users in India used the same IMEI. Although companies argue that this is just an oversight, lawmakers around the world try to turn the manipulation of an IMEI into a crime in search of reducing these incidents.
Vivo has received multiple notifications from authorities and questions from the cybersecurity community, although the company has not spoken out about it.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.