How Does Changing IMEI Affect Your Security?

ChatMail   |   February 1, 2021

How Does Changing IMEI Affect Your Security?

Does changing your phone’s International Mobile Equipment Identity (IMEI) help retain your privacy? A few mobile companies advertise this approach. The full story is a little more complicated.

People wondering what’s the big deal about encryption versus changing their IMEI are understandably confused. Let’s take a few moments to better understand what IMEI is, why people change their IMEI, and the limits to this approach.

Telecom Towers

Anytime you connect a mobile device to a wireless network, it registers and logs your IMEI and your IMSIA (Sim Card Identifier) together. This process allows the network carrier to know where to send your data.

“Flashing” is another word for changing your IMEI, and people do it so that their phone is as off-grid as possible, perhaps to use a different cellular network. However, if you don’t change your SIM card before registering to the network, the telecom carrier will already log the new IMEI with your old IMSI, undermining the benefits of flashing your IMEI.

In layman’s terms, you need to fully disconnect from the carrier’s radar before you re-connect with the telecom tower. Turn off all connections, change your SIM card, then flash your IMEI before connecting to the wireless network provider.

Illusion of Security

Taking such elaborate steps to protect your communications is liable to make you feel like you’re immune to a privacy breach. However, consider that if you ever lose your device, many tools can reverse every IMEI change you’ve ever made using the chip manufacturer’s software.

How could that be possible? If the point of flashing is to get the telecom towers off your scent, how are they able to make a connection between all the different IMEI numbers you’ve had even after you change them?

Unless you built the physical chipset, changing your IMEI isn’t a strong smartphone security feature.

Other IMEI Vulnerabilities

Devices known as “Stingrays” can capture your IMEI just by driving past your home or walking through the airport. To counter this would require flashing each week, which is a hassle that isn’t guaranteed to work.

Now, some privacy companies claim they can change your IMEI automatically every millisecond! This is a dubious claim: if it were true, your phone’s battery would be dead in hours, and it would still leave glaring vulnerabilities in your phone’s overall security.

The last thing you want is a security solution that poses security risks while also causing you headaches. Before even addressing the legal questions of changing IMEI in Canada, the bottom line is, it does not provide reliable security.

Industry-Leading Encryption

Trying to prevent the telecom towers from tracking your phone will always lead to security vulnerabilities. The good news is, you can take real security into your own hands by guarding your communications with encrypted phone services from ChatMail.

Our proprietary design ensures your confidential information will always remain private. The encryption security key is created by you, and it never leaves your Chatmail device.

Our one-of-a-kind integrated end-to-end encrypted messaging protocol, known as ChatMail Advanced Messaging and Parsing Protocol (CAMP), encompasses both our PGP and Elliptical Curve Cryptography. Key exchange uses the Double Ratchet Algorithm, which combines the cryptographic ratchet based on the Diffie-Hellman key exchange and a ratchet based on the key derivative function.

Security Made Easy

ChatMail’s system is designed so that anybody without technical knowledge of how encryption or cybersecurity works can use our phone for a wide range of purposes. In an industry first, ChatMail’s system identifies internal and external users automatically and defaults to the strongest security setting without requiring the user to do anything.

If you’re connecting to someone who is also using ChatMail, the system defaults to Curve25519 with the option to use PGP encryption as a fallback. External users default to basic PGP encryption. Effectively, ChatMail’s auto-security is always set to maximum, and it’s easy to operate.

Even the security features inside the phone are designed for ease of use. For example, you no longer need to toggle back and forth between apps — enjoy instant access to your notes, contacts, voice, picture message and groups with just a swipe.

Historically, truly secure phones were difficult for non-tech users to navigate. Thankfully, that is no longer the case.

Security Beyond Encryption

ChatMail ensures there’s no possible way for the contents of your phone to get leaked by plugging any potential vulnerability that isn’t completely guarded by encryption. For instance, our Tamper Proof feature lets users set optional duress passwords. If your phone gets stolen or misplaced and somebody tries to enter the wrong password too often, all your sensitive information will be deleted from the device instantly.

Self-Destructing Messages get destroyed on both devices. Messages and pictures marked to self-destruct can’t be favorited, forwarded, or saved. The Notebook Lock Screen lets users make a custom pin for two-factor authentication.

Tamper Proof Servers, No Plain Text

Because of ChatMail’s proprietary design, the question of server storage is a non-issue — your sensitive data is only ever stored on the device itself. Plus, your data is never stored in plain text.

Many companies that claim to offer “end-to-end encryption” but store your data on a server in plain text, meaning a hacker can breach your privacy by gaining access to the back-end server. What’s the point of end-to-end encryption if there is still an alternate route for hackers to exploit?

ChatMail is happy to show anybody the back-end of our system, so you can see in real-time that messages are encrypted as they’re sent. Nobody else in the industry is willing to pull the curtain back and show the full aspect of how their encryption really works.

We believe only this level of transparency demonstrates our full commitment to total security. After all, the point isn’t to merely get “end-to-end encryption”; it’s to manage smartphone security and data breaches so that you know your private information is confidential.

It’s understandable that in a world where companies can be undone by a hack, non-technical users put their faith in popular but insufficient security solutions. ChatMail has gone above and beyond to ensure our product provides total privacy. You can change your IMEIs all you want, but you won’t have a real bulwark against data breaches without ChatMail’s industry-leading platform.




Articles used for reference: Source 1, Source 2 and Source 3