IMEI (International Mobile Equipment Identity)
What is IMEI (International Mobile Equipment Identity)?
IMEI (International Mobile Equipment Identity)A 15-digit number that uniquely identifies a mobile device on a cellular network, allocated by the GSMA and used by carriers to block stolen handsets.
IMEI is burned into the device's modem and is exchanged with the network during attach so the carrier can authorize the equipment independently from the SIM. The structure includes a Type Allocation Code (TAC) identifying make/model, a serial number, and a checksum. National and regional CEIR (Central Equipment Identity Register) services blacklist IMEIs reported as stolen; legitimate carriers refuse to provide service to blacklisted devices. Although IMEI itself is not an authentication secret, it is sensitive: leaks enable device tracking, fraud against insurance, and reprogramming of cloned phones. Many jurisdictions criminalize IMEI reprogramming, and modern modems make it harder by tying the IMEI to secure-boot-protected modem firmware.
● Examples
- 01
After reporting a stolen phone, the carrier adds its IMEI to the national CEIR so no SIM works in it.
- 02
Dial *#06# on most phones to display the IMEI directly from the modem.
● Frequently asked questions
What is IMEI (International Mobile Equipment Identity)?
A 15-digit number that uniquely identifies a mobile device on a cellular network, allocated by the GSMA and used by carriers to block stolen handsets. It belongs to the Mobile Security category of cybersecurity.
What does IMEI (International Mobile Equipment Identity) mean?
A 15-digit number that uniquely identifies a mobile device on a cellular network, allocated by the GSMA and used by carriers to block stolen handsets.
How does IMEI (International Mobile Equipment Identity) work?
IMEI is burned into the device's modem and is exchanged with the network during attach so the carrier can authorize the equipment independently from the SIM. The structure includes a Type Allocation Code (TAC) identifying make/model, a serial number, and a checksum. National and regional CEIR (Central Equipment Identity Register) services blacklist IMEIs reported as stolen; legitimate carriers refuse to provide service to blacklisted devices. Although IMEI itself is not an authentication secret, it is sensitive: leaks enable device tracking, fraud against insurance, and reprogramming of cloned phones. Many jurisdictions criminalize IMEI reprogramming, and modern modems make it harder by tying the IMEI to secure-boot-protected modem firmware.
How do you defend against IMEI (International Mobile Equipment Identity)?
Defences for IMEI (International Mobile Equipment Identity) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IMEI (International Mobile Equipment Identity)?
Common alternative names include: IMEI, International Mobile Equipment Identity.
● Related terms
- mobile-security№ 520
IMSI (International Mobile Subscriber Identity)
A 15-digit identifier stored on the SIM or eSIM profile that uniquely identifies a subscriber on a cellular network, made of MCC, MNC, and MSIN fields.
- attacks№ 1047
SIM Swapping
A fraud technique in which an attacker tricks or bribes a mobile carrier into transferring a victim's phone number to a SIM the attacker controls.
- mobile-security№ 694
Mobile App Security
The practice of designing, building, and testing iOS and Android applications to protect user data, prevent reverse engineering, and resist runtime tampering.
- mobile-security№ 085
Baseband Attack
An exploit against the cellular modem (baseband processor) of a phone, abusing protocol parsing bugs in 2G, 3G, 4G, or 5G stacks to gain code execution before the application OS sees the traffic.
- mobile-security№ 697
Mobile Device Management (MDM)
Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console.
- mobile-security№ 700
Mobile OTP Interception
Attacks that capture one-time passwords delivered to a phone, undermining SMS- or app-based two-factor authentication.