What can someone do with my IMEI number?

603    Asked by AndreaBailey in Cyber Security , Asked on Apr 5, 2022

I have some questions regarding IMEI numbers and data and identity theft. While searching online I have found many conflicting answers regarding this topic and would like some clarification if possible.


Hypothetically, an enemy of mine gets a hold of the IMEI number and only the IMEI number of my smartphone. Can he steal or view my data with it?


As far as I know, with an IMEI number, you can report a phone stolen and it will get blocked. Or you can clone the IMEI on another device. What are the implications and consequences if someone clones my IMEI on another device other than the risk of getting the IMEI blocked?


I have also read that if a person has your IMEI number they can easily hack into your WhatsApp account, if they also have your phone number, since the IMEI is viewed as the password for WhatsApp.


My biggest concern is not that my phone would get blocked, it is that someone that has my IMEI number can view my personal data on my smartphone. Emails, pictures, texts, social media, eavesdropping etc... Can someone do that with just the IMEI number? And if so, why is this number so easily obtainable? You can find it on the box of the smartphone and numerous other ways to obtain it on the phone. Including some apps that make use of it. I also see people posting their IMEI on forums. How safe is that?

Answered by Anil Jha

Your question - what can someone do with my IMEI number, this is basic FUD. WhatsApp works over TCP and doesn't have anything to do with the phone network. You could run WhatsApp over Ethernet from your home network. WhatsApp only requires you to confirm the ownership of a phone number by entering a code they text you as they don't have usernames and rely on phone numbers to identify people, but once that's done, you can completely throw away your phone and use a computer for WhatsApp and it'll still work fine. Moreover, even if someone manages to intercept the number confirmation SMS (impossible with just IMEI spoofing) they will only be able to take over your phone number and receive future messages, but not read anything you've received so far. Even if the carrier's network is compromised beyond repair and the attacker is able to intercept your traffic, they won't be able to understand it as WA uses encryption to talk to their servers. Sure, at this point they would be able to intercept the number confirmation text message and take over your WA identity, but you would definitely notice (you'll just get logged out from WA) and they still won't be able to read your past messages. Any app that would upload your personal data (to a cloud for example) will do so over an encrypted connection and will use a carrier-independent username and password. They don't use the IMEI to identify you and IMEI spoofing alone doesn't even give the attacker a way to eavesdrop on your traffic (not that it'll help them much because of encryption).



Your Answer

Interviews

Parent Categories