Access code: all mobile devices will be included in one database
The Russian Federation plans to create a unified database of mobile devices to combat cybercriminals. The authorities will take control of the use of identifiers (IMEI), they also intend to introduce blacklists of unique numbers that were used to flash gadgets. The Ministry of Finance intends to consolidate the impossibility of manipulating IMEI at the level of the law. This will prevent fraudsters from deceiving security systems by changing the code, and will also allow you to block stolen phones by IMEI.
Who changes gadget identification numbers and why
Users will be prohibited from changing the identification numbers of mobile devices (IMEI) linked to their numbers, as follows from the amendments to the law "On Communications" developed by the Ministry of Digital Affairs (Izvestia has reviewed them). These amendments are part of a large draft law aimed at combating cybercrime, which is currently being worked out in the department. In addition, it is planned to create a single database of mobile devices and introduce blacklists of unique numbers.
"If there are signs of unreliability of information about the identifier or the commission of illegal actions, the specified information is sent to the state information system for countering offenses," the document says.
The mobile device identification number is a unique 15-digit code that manufacturers assign to all gadgets. With its help, operators determine which device is on their network and can track its location. They use IMEI and bank security services to determine that, for example, a customer is logging into a mobile application, and not a fraudster who replaced a SIM card, explained Karen Ghazaryan, director of the Institute for Internet Research.
— IMEI substitution is one of the tools of cybercriminals, which allows, for example, to hide a device that has served as a fraud tool. In addition, the owners of SIM boxes used for spam calls, mailing lists, and again used in fraudulent contact centers are also changing IMEI. After this procedure, the device from which the suspicious traffic originated, operators and banks "see" a completely new gadget, he explained.
The materials of the Ministry of Finance do not provide specific sanctions against persons who change their IMEI. But the bill is currently being finalized, it is possible that in the near future there will be amendments to the Code of Administrative Violations and the Criminal Code with penalties for violating the ban, Karen Ghazaryan does not exclude. It is important that the ban will appear in the legislation in principle, so far the manipulation of identification numbers has not been regulated in any way, he points out.
Izvestia sent a request to the Ministry of Finance.
The legislative ban on IMEI substitution correlates with other proposals to combat cyberbullying and illegal manipulation of gadget identification codes, market participants say. For example, it became known earlier that in May, Deputy Prime Minister Dmitry Grigorenko held a meeting to discuss the development of anti-fraud measures, in particular, the unified IMEI registry.
According to experts, the presence of a state information system, in particular, will allow smartphones stolen or illegally imported into Russia to be blocked using these numbers.
"The creation of such an information system, its functioning and the mechanism of information exchange with mobile operators is an organizationally complex undertaking," Megafon believes. — Before that, it is necessary to analyze the practice of applying current standards, within which the IMEI of foreign citizens' phones is monitored.
Will the ban on changing IMEI stop scammers?
In principle, it is not difficult to change the IMEI of a mobile device using special software, Igor Bederov, director of the T.Hunter Investigations department, told Izvestia. The main problem is that such a gadget is virtually impossible for operators and security services of different organizations and levels to figure out — if the unique number is constantly changing, then they are dealing with a "new" device every time, he explains. The situation is aggravated by the fact that fraudsters are increasingly using gadgets without SIM cards (for example, they access the Internet via Wi-Fi and communicate with victims via messengers), and with a SIM card it is easier to identify the person behind the call or message, the expert states.
— A ban on changing IMEI would be one of the most effective tools to combat cybercrime. It is also important to create a state—owned IMEI database of mobile devices of citizens and organizations and the mandatory registration of gadgets in it, similar to how it is now done with phone numbers," says Igor Bederov.
According to him, it is technically difficult to understand that the IMEI has been changed, but it is possible, in particular, with the help of artificial intelligence. Each device has its own "digital footprint" — you can track where it is located, where and how long people are calling from it, writing to which Internet resources they access from it, and the like. If the device's IMEI is constantly changing (and at the same time, the SIM card in it), the owner may be suspected of suspicious activity, the expert believes.
Rostelecom is aware of the preparation of initiatives regarding IMEI substitution as part of the anti-fraud package.
— These amendments logically fit into a set of measures to combat fraud and protect users. The restriction of IMEI substitution is aimed at removing telephone fraudsters from the legal field. This will primarily affect the owners of so-called SIM boxes, which allow the massive use of SIM cards for mailing, spam, calls and fraudulent activities," said Mikhail Saveliev, director of the Information Security Methodology Department at the company.
The bill is currently under discussion, but its adoption may be an important step in tightening liability for telephone fraud, and amendments to the Administrative Code and the Criminal Code of the Russian Federation can be expected in the future to make such actions administratively and criminally punishable, he agrees.
— In matters of IMEI regulation, it is important to adhere to an integrated approach regarding the need to control the entire IMEI application chain, including when importing telephones into the country. It is necessary to create a centralized database and ensure the uniqueness of the IMEI for each mobile phone, according to Vimpelcom.
The IMEI database and the ban on changing them will be able to resolve issues related not only to fraud — operators can block the import of contraband phones and the use of stolen devices, says Eldar Murtazin, a leading analyst at Mobile Research Group. In many countries, such practices are already being applied — for example, in the UK, criminal liability is provided for IMEI modification, the expert concluded.
Переведено сервисом «Яндекс Переводчик»
