I am clueless but I thought having the same IMEI was effectively cloning the device? Clearly that can’t be the case there must be something else they use because of problems like this?
Initially I felt the same way, the IMEI is basically the phones ID and plays a role in cellular providers ability to track individual customers. You’d think if many many (13,557) folks had the same IMEI, it would increase security/privacy…
The issue arises due to the fact the IMEI is vital for the carriers not only for tracking but also for routing calls/text to the proper device. The SIM and IMEI together are what dictate what calls or text will be received on a specific device. This means if you attempted to call me and I was using one of these phones, you’d almost certainly be routed to someone else. Plus with the more recent uptick in account text message 2FA, this could prevent users attempting to get these text from accessing their account. Thankfully without the account username and/or password, the text 2FA would nearly be just an inconvenience but it would drastically lower online account security and prevent account logins from being possible.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !security@lemmy.ml
I am clueless but I thought having the same IMEI was effectively cloning the device? Clearly that can’t be the case there must be something else they use because of problems like this?
Initially I felt the same way, the IMEI is basically the phones ID and plays a role in cellular providers ability to track individual customers. You’d think if many many (13,557) folks had the same IMEI, it would increase security/privacy…
The issue arises due to the fact the IMEI is vital for the carriers not only for tracking but also for routing calls/text to the proper device. The SIM and IMEI together are what dictate what calls or text will be received on a specific device. This means if you attempted to call me and I was using one of these phones, you’d almost certainly be routed to someone else. Plus with the more recent uptick in account text message 2FA, this could prevent users attempting to get these text from accessing their account. Thankfully without the account username and/or password, the text 2FA would nearly be just an inconvenience but it would drastically lower online account security and prevent account logins from being possible.
Someone has some explaining to do!!!
Yet another reason never to use SMS for 2FA.
nice.jpg