Hi I’m a Journalist and recently travelled to a sensitive country. When I arrived I was stopped and the authorities made me open my phone and took a photo of my IMEI number.
It’s never ever happened before and now I feel very insecure about my phone. Obviously I have sensitive information and contacts on my phone. Can anyone explain to me what security issues this could cause me ?
I’m not even sure if this is the correct place to ask, Thanks
Hi,
The authorities can’t do much with an IMEI, although it’s a profound breach of your privacy.
With an IMEI, the use lies mainly in tracking through cellular networks to identify your position relatively precisely. They can also track unencrypted communications such as calls, SMS and Internet usage (at the very least metadata, even when using https).
The authorities could also blacklist your device, blocking it and preventing you from accessing the network. The IMEI is just an identification factor that lets the government know where you are and what you’re doing on your phone (limited with https, but connection to a VPN service could be detected).
Ideally, you should use a disposable device when traveling. If this is not possible, consider using hidden VPNs (to simulate https or Tor traffic via a specific proxy), minimize device usage (switch off), encrypt all data (with plausible deniability if possible), encrypted applications and take only the necessary hardware with you. When you return to your home country, check that your device is still reliable and has not been tampered with (some built-in tools like GrapheneOS’ Auditor allow this).
It may sound extreme, but unfortunately you never know how certain authorities might react. Disguising your activity could save you a lot of trouble, especially if the authorities decide to cut off your access to the network.
Follow PrivacyGuides recommandations :
I don’t know the work you do as a journalist, but it’s surely essential and thank you for that.
1 Like
Another question if I buy a pixel and put grapheneOS on it can the authorities still track me with a compromised imei number ? My work involves travelling to countries with conflicts. Obviously I wouldn’t give details, but I be honest this has shaken me as I’ve always believed in freedom of the press. This is my work more than 20 years and now I’m going to change my view on security. Thank you for you quick response I’m still in shock tbh
Edit : GrapheneOS is the best solution for non-disposable equipment in conflict zones, although tracking by IMEI is still possible: Frequently Asked Questions | GrapheneOS
Thank you for your interest in security, it’s an important subject. Freedom of the press is under threat and you know it better than anyone, the problem is likely to get worse and oppressive governments will manipulate to prevent you from exercising.
A phone with GrapheneOS is a better solution, if not the best in terms of security. Nevertheless, I would stress that taking disposable equipment with you as much as possible greatly avoids the problems you may encounter, although this is not always possible.
Don’t forget that everything you do before, during and after your trip may be visible to the authorities in the conflict zone concerned. Protect yourself and take the time to inform yourself as you are doing now. I advise you to find out about the recommendations of Amnesty International which have one of the best protocols for journalists in sensitive areas. Perhaps even meet them in person if possible.
2 Likes
Unfortunately switching to GOS won’t prevent tracking via cell network. Though I am not aware of any zero click exploits that could be performed simply by knowing the IMEI. But it allows the authority to find out your phone number and potentially intercept your calls and traffic.
We a have thread discussing changing IMEI, but it could be illegal in some countries. And if you do it during your trip in that countries, it would make you seems suspicious and could put you at risk.
Depends on what you really do, I might wipe the device and stop using it altogether, but I would keep it connected to the netowrk. Then once I leave the country I will wipe it again and get rid of it.
2 Likes
If they know the IMEI is connected to you, and you connect to phone towers in their country then yes they can track your position with it.
also not sure if you used AI for that answer but, you should have been more clear here that GrapheneOS will do absolutely nothing to prevent that kind of tracking.
In the case you did use AI to formulate a response, please quit doing that.
@Gman burner phones, ones which are regularly changed is really the only way. The only way to prevent phone tracking whilst in a country like that is a RFID shielded/Faraday container. That of course will prevent any signals being received or sent from the device.
3 Likes
I think it would be risky as it is apparent that the authority think OP is kind of POI and would like to track his location and / or network traffic.
If OP’s device disappeared from the grid, it is likely to trigger escalation.
That is always a possibility, if you paid some cash at some store inside the country that locals use then that might be a problem. I wouldn’t do it with a device they know the IMEI of that has been through their border protection.
Yeah, with current global trends, travelling abroad really needs proper planning.
It is very unfortunate and I feel sorry for what OP is going through.
Where can I find the thread about charging imei numbers pls ?
I have to remind you again, PLEASE MAKE SURE YOU FULLY UNDERSTAND THE POTENTIAL LEGAL RISKS AND OTHER ISSUES BEFORE ATTEMPTING TO CHANGE THE IMEI.
1 Like
Or airplane mode.
Thank you for the reply, I’m just interested in reading the thread.
1 Like
Depending on what device you use, it might or might not work.
Also faraday bag requires testing before putting it into use, as not faraday bag performs the same when it comes to different spectrum. However testing the effectiveness of a faraday bag is not exactly easy.
Source? Has there been a known airplane-mode vulnerability in modern Android/iOS?
There are commercially tested, purchasable products like those from Silent Pocket.
They do work, you’ll see when you put it in, the device disconnects and when you pull it out it takes a few seconds to reconnect.
2 Likes
I know cape.co has done some research on changing smartphone identifiers, although their practices have not been without critique on this forum.
Still, I feel like all of their missteps have the potential to be corrected; Nym used to give me similar marketing vibes to Cape until this community gave them suggestions that they addressed.
Sorry I should be more specific, what I mean is, in OP’s situation, it might or might not work.
it is not a vuln in airplane mode itself, just for example stock android, the phone keeps logging location information even when you are in airplane mode and will upload to Google once it gets back online.
On the other hand Apple’s utilises BLE tracking for find my device service, if you authorised it.
It is also possible to use “targeted ads” to track down individual
Airplane modes stops only GSM signals but not Wifi / BT / GPS, unless OP remains offgrid for the whole time, the second OP turns on Wifi could already cause enough issues.
I don’t know what country OP went to, and I don’t know OP’s actual threat level, I will assume, in OP’s situation, the authority might either request big tech, or utilise other tools like ad network, to track down OP, if OP acts suspiciously.
I’m not using AI here. I use GrapheneOS myself and was responding to the basic topic, which was NOT about tracking of this type.
I did not claim that GrapheneOS was fighting this kind of tracking, but that it was “better” than another system in an area of conflict that represents far more problems than just “tracking”. Sorry if that wasn’t clear, but don’t suspect someone of using AI that much as soon as there’s a misunderstanding.
1 Like
It was only a guess on my part, based on some of the syntax.