| User Info
| So NOW Cell Carriers Are Going To Block Stolen Phones? in forum [Market-Ticker]
|
Ckaminski
Posts: 1663
Incept: 2011-04-08
Online
|
I contemplated suing Apple and Nintendo for the same thing. A breakin a few years ago netted the robbers an iPod Touch and a Nintendo Wii. Which if ever plugged into iTunes or the Wii store, can be traced. If I had the stomach for paperwork you seem to have Karl, I would.
Nobody does the "right thing" in this country any longer.
|
Mpilar
Posts: 5814
Incept: 2009-01-05
Nashville, TN
Online
|
Quote:Carriers in Europe, nearly all of which are on GSM standards, have had an IMEI blacklist for ages. If your phone is ripped off over there and you report it the IMEI is put in the blacklist and that phone is not able to be used anywhere in Europe on a carrier that uses the blacklist -- which is nearly all of them. This has made stolen phones much less valuable and thus reduced the desire of thieves to steal them. This is very true from my experience over there...but practically, Europe is unable to stem the tide of phone thefts because there are a tremendous amount of people using prepaid cards which provide all the services of a contract...if you steal 3 phones, chances are excellent, that at least 1 will be prepaid and therefore, unable to be blacklisted as the IMEI isn't associated with any particular person and most don't keep track of it to be able to report it. Hell, in the Czech Republic, probably 90% of phone thefts are never reported to anyone...and I personally know maybe 1 person (aside from myself) that has not had a phone stolen. Additionally, the CR started IMEI blacklists in 2008 IIRC, maybe 2007...but I remember it making the news there. It's about time they started it here as well...not surprised it took them this long though, the US isn't exactly a pioneer in the cell phone market...
----------
- Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin to slit throats. H. L. Mencken
- These are the times that try men's souls. - T. Paine
|
Wineaux
Posts: 533
Incept: 2009-03-23
pure Liquid pleasure
|
There are big disconnects within the wireless providers IT shops between the POS systems and the systems required to do the blocking. It’s not a trivial operation to keep these systems in sync and not inexpensive to do so. Quote:Of course if the carrier can check the type of device off the IMEI it could also….direct all calls to the closest police department to the tower you're connecting to I’ve seen this type of triangulation conducted in cases of child abduction. It required a call/text to be placed by the device in order to do so. It am not aware that the HLR only could be used to do such triangulation.
----------
What wine goes with unemployment?
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
GSM phone blacklisting is a standard feature that comes on any GSM network just like they have an HLR and VLR. Most carriers in the America's don't turn the feature on. The second part is that this list is supposed to be sync'd with other global GSM operators but again, most don't bother to do this either and I can only imagine they do it for their own benefit.
I was sitting in the office of a large GSM operator in Latin and South America several years ago when he said turning this on would cause 40% of his phones to stop working.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
"big disconnects within the wireless providers IT shops between the POS systems and the systems required to do the blocking"
Bull****. This has nothing to do with the POS system. This is core GSM technology. The database is called an EIR and every GSM switch is designed to validate IMEI's against an EIR…. IF YOU ENABLE THE DAMN FEATURE.
I've heard operators say **** like "we don't want to devote IT resources to the EIR" or "we think it slows down network performance validating against the EIR". Those are bull**** excuses. They have no issue validating your phone against the HLR (to make sure you can use the service and they can bill you) or the VLR (if you’re from another network). It's horse****.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Tesla
Posts: 15560
Incept: 2008-04-03
State of Disbelief
|
Or this is the REAL reason: http://modernsurvivalblog.com/A stunning revelation tonight from CBS News with Scott Pelley who said, “Your cell phone will soon be a lot less appealing to a thief. The cell phone carriers reached an agreement today with the FCC to make it impossible to use a stolen phone. They’re going to set up a database of ID numbers for EVERY cell phone so the phone can be disabled when they are reported stolen.” I have a stupid question, why does the FCC, the Federal Communications Commission (a branch of the U.S. government), give a $h!t if your cell phone is stolen. Seriously. Especially to the extent at which they are mandating a unique ID tracking number for every single cell phone that there is? When I heard this brief news segment tonight, I nearly fell out of my chair while seeing right through the supposed rationale of establishing a new database of unique tracking ID’s for all cell phones (to help prevent theft), or ‘just in case they are stolen’. Last I knew, cell phones had their own phone numbers anyway… What’s up with the additional database? I don’t know about you, but giving ‘big brother’ the kill switch to my phone seems over the top. Sure, they say it’s all for our own good and they will only use it if the cell phone is stolen – but why not leave the issue of stolen phones to the cell phone carrier, or the individual who owns it… why involve the government? While the NSA clearly is recording all cell phone conversations anyway (check out the new Utah Spy Center), the new FCC mandate for a new database that tracks all cell phone ID’s will entirely close the loop between the words spoken on a cell phone, and the owner thereof. While many folks may not be concerned with the fact that their government is listening, recording and tracking everything they say on their cell phones, the fact is that this is a serious blow to the privacy and liberty that we once had as Americans. What’s next? A government kill-switch mandate for all vehicles, just in case one is stolen? How would you feel about some politician having control over that? Next thing you know they will be shutting down your vehicle if you’re late paying your taxes… Freedoms are removed incrementally – and they’ve done plenty of that lately. Thomas Jefferson is no doubt turning over in his grave tonight.
----------
"Even a dog knows the difference between being stumbled over and being kicked." -Justice Oliver Wendell Holmes
"Neither the wisest Constitution nor the wisest laws will secure the liberty and happiness of a people whose manners are universally corrupt." -Samuel Adams
|
Ripley
Posts: 96
Incept: 2010-09-26
|
I'm told that there is a ring of people in Colorado, where I live, that steals cell phones. The security guard at the local library had hers stolen, and the guy wanted $50 ransom for it. She called the police and they did a sting operation to get the phone back. The guy's in jail, and depending on how much in charges that he rung up while he had the phone, he'll be charged with some sort of theft.
|
Mpilar
Posts: 5814
Incept: 2009-01-05
Nashville, TN
Online
|
Quote:The database is called an EIR and every GSM switch is designed to validate IMEI's against an EIR…. IF YOU ENABLE THE DAMN FEATURE. How does that work with prepaid cards where the IMEI is basically irrelevant? I know next to nothing about cell phone technologies...
----------
- Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin to slit throats. H. L. Mencken
- These are the times that try men's souls. - T. Paine
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
On a GSM network, when you power on your phone, it contacts the network and sends its IMEI (phone serial number), IMSI (SIM serial number), and MSISDN (phone number). This group is called "the triplet". The network has a HLR (Home Location registry) that contains every MSISDN authorized on the network including the services you can use. If you're roaming, the network will query your remote HLR for this same information and put it into a VLR (Visitor Location registry). This is how they know what services you can use. During this validation, the network can optional use your IMEI to check against the EIR to see you're using a valid phone. Most operators skip this step.
So the operator knows what phone you have, what sim, if you move your sim into a new phone, etc. You can even parse the IMEI and know who made your phone and what model it is as that is controlled by the GSMA. On many GSM networks, they have a trigger in the system that fires anytime one of the three triplets changes so they know when you change phones with your sim and to what type of phone. They can run a report that shows every phone using the network and what type/model it is even if they didn't sell it.
Prepaid is a billing issue, not a GSM network layer issue. On GSM, the use of the service creates billing records. Those records feed into whatever billing system you want to use and the billing system determines how to bill you (free, monthly, prepaid, etc).
In the old days of GSM, a smart engineer could put his number into the GSM switch but not the billing system. You can see the advantage of that ļ
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Wineaux
Posts: 533
Incept: 2009-03-23
pure Liquid pleasure
|
Quote: I've heard operators say **** like "we don't want to devote IT resources to the EIR" or "we think it slows down network performance validating against the EIR". Uh-huh. What is the expense to manage and support the Equipment Identity Register for a large carrier? The POS captures the IMEI already. The carriers have it in a database already without any need for additional network overhead (i.e. EIR).
----------
What wine goes with unemployment?
|
Mpilar
Posts: 5814
Incept: 2009-01-05
Nashville, TN
Online
|
Thanks 86, that helps my understanding a bit :)
----------
- Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin to slit throats. H. L. Mencken
- These are the times that try men's souls. - T. Paine
|
Genesis
Posts: 131437
Incept: 2007-06-26
|
Quote:Bull****. This has nothing to do with the POS system. This is core GSM technology. The database is called an EIR and every GSM switch is designed to validate IMEI's against an EIR…. IF YOU ENABLE THE DAMN FEATURE.
Exactly. Quote:Uh-huh. What is the expense to manage and support the Equipment Identity Register for a large carrier?
The POS captures the IMEI already. The carriers have it in a database already without any need for additional network overhead (i.e. EIR).
Zero. The carrier already has it and uses it to authorize services. This is why you can't stick a SIM in a data stick and shove it in your computer. If you try you'll get a screen on your computer demanding a VISA card, even though you have data service on that SIM. The IMEI is matched and you didn't buy it from them and the type of device is known to be a data stick and thus the network says "oh yeah, we get to **** for you for $50 now!" IMEI blacklisting is part of the core GSM switch architecture and always has been. US carriers just refuse to use it as they make a lot of money selling replacement phones and if your stolen phone is useless it becomes much less likely it will be stolen.
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
Each time your phone connects to the network, the switch would have to query the EIR. For a large US telco, that's maybe 90M phones a day hitting the database say twice a day.
So what hardware is needed to hold maybe a 100M global blacklisted numbers, support maybe 180M sql queries a day, and do so fast enough not to decrease performance? It's been a while since I spec’d servers but it's not insignificant. Figure this has to be active-active geo redundant and you probably are looking at several million in initial hardware and software and a few hundred thousand a year in operational expense. For a large telco this is peanuts but I guess they figure…why add another failure point if we don’t have to.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
Oh and I'll tell you why I think they care all of the sudden....one word “ISIS”
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Wineaux
Posts: 533
Incept: 2009-03-23
pure Liquid pleasure
|
Quote:The carrier already has it and uses it to authorize services. It’s been a while, but I do not think the EIR authorizes services. I think that is done via the HLR. Also, “data” service via a stick and “data service via an iPhone are not the same. They traverse different APNs on the network and this is why in this case SIM swapping will not work.
----------
What wine goes with unemployment?
|
Genesis
Posts: 131437
Incept: 2007-06-26
|
Quote:So what hardware is needed to hold maybe a 100M global blacklisted numbers, support maybe 180M sql queries a day, and do so fast enough not to decrease performance? It's been a while since I spec’d servers but it's not insignificant. Yes it is. 180m SQL queries/day is a lot eh? 9,808,057,577,501 tuples returned That's Tickerforum. Stats reset on October 1st of 2011, incidentally and looked up just now by asking the stats collector for its current numbers. So call it 6-1/2 months. Let's divide that number by 200 (roughly number of days) 49,040,287,000 returned tuples a day (roughly.) Yes, that's 49 billion returned tuples per 24 hour period. Incidentally 4,560,537,234 (~4 billion) transactions have been committed to the database over the same period of time. 180m queries in a 24 hour period is peanuts and so is the infrastructure required to support it. In a fully-redundant, read-nearly-entirely SQL implementation this is literally a cheap commodity hardware deal with servers spread around for redundancy using Postgres or similar. IMEI blacklisting is a literal dirt-trivial undertaking.
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Genesis
Posts: 131437
Incept: 2007-06-26
|
Quote:Also, “data” service via a stick and “data service via an iPhone are not the same. They traverse different APNs on the network and this is why in this case SIM swapping will not work.
Bull****. APNs are user-selectable. You're talking to a guy who hacks on this stuff all the time. 
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
Again, the EIR is a separate database as it would presumably contain IMEI's that were known bad from around the world. Using it to authorize service is optional in most of the world.
Phone data and data cards mostly use the same APN so this is not accurate either. They just map an imei range to a data service.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
Gen - like I said...hardware is not my thing but from what i remember 5(9's) geo active-active stuff is still not cheap and neither is the database software you have to use to support that.
Running a sever bank with a database on a RAID array in a single location is fine and we all live if TF goes down for an hour like it has in the past but when 100M cell phones will not make a call because your EIR is down, then you need more juice.
In my experience, that meant:
1) Oracle RAC database only (no one else could do active-active geo)
2) Multiple servers all with dual power supplies, NICS, etc (not very expensive)
3) Some high tolerant disk/NAS/SAN
4) A fat pipe to data center #2
5) The whole **** over again
6) Good people and change control so you don’t screw it up.
This will allow a nuke to be dropped on the first data center and not a single sql transaction will fail.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Genesis
Posts: 131437
Incept: 2007-06-26
|
86, point being it's trivial to query it. TF does a couple of orders more in magnitude in query volume daily on plain-jane commodity hardware.
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
Ok...yeah I don't buy the "this will impact perfromance ****". We're talking about a baby simple SQL statement here on a table that could be as simple as a single indexed column of IMEI's.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
Ckaminski
Posts: 1663
Incept: 2011-04-08
Online
|
Quote:So what hardware is needed to hold maybe a 100M global blacklisted numbers, support maybe 180M sql queries a day, and do so fast enough not to decrease performance? It's been a while since I spec’d servers but it's not insignificant. Quote:from what i remember 5(9's) geo active-active stuff No need for 5 9's or a centrally accessed fault-tolerant DB here. Geographically distributed master->slave pgsql or mysql setup. You could afford to put one in every single tower on earth for $200/unit. An Intel-based Atom with a gig of ram and a terabyte hard drive could handle this job and run a differential update overnight in about 20 minutes. Only if you wanted to do a full restoration would you need a fat pipe. You could even do a full restore of the PCs over the network if you wanted with PXE and a tool like Kickstart. 1 guy. Maybe two if he likes vacations. |
Genesis
Posts: 131437
Incept: 2007-06-26
|
86, that's crap nowdays.
TF is doubly-redundant. Every transaction posted to the system is replicated to Niceville within a few milliseconds. I can configure it to hot-swap over to here if I want to but my upbound gets buried instantly if I hot-failover to here (I don't happen to have a gigbit-size pipe at the house!) so I don't.
But I could, easily, if I decided to. And the existing infrastructure handles 100x the load you believe would be necessary. There's no SAN requirement for this as the data is tiny and low-entropy; ****, stick it on an ordinary SLC-style (industrial, not consumer-grade) SSD if you want and now you could build the entire thing on "Football" size boxes with no moving parts and MTBFs measured in the tens of years. I wouldn't bother with that myself; I'd be happy to put in enough redundancy and just grab a new appliance off the rack and toss the old one if one broke.
We're talking about LITERALLY a couple of grand a location for the equipment (in carrier-grade gear, not consumer PCs) that would easily keep up with this sort of load and having it spread to however many places you want for redundancy purposes is easy. I wouldn't bother with multi-master in this application since inserting new stolen numbers can wait for a bit if the primary goes down but you wanted to you could multi-master Postgres easily enough with Bucardo.
Oracle Schmoracle and SANs and such are gross overkill for this. We're talking about a trivial application that requires nothing special at all.
----------
I don't care if it makes sense -- only if it makes money. -- Me
Bank (n): See scam, fraud and theft. Eat a bankster -- they're low-carb.
What part of "shall not be infringed" was unclear?
|
Eighty6thebs
Posts: 4206
Incept: 2007-06-26
It's contained to sub-prime!
|
I think it could be done on the cheap. Most telco's already have the big monster geo thing I described and could simply add another table to an existing DB.
The tower's don't query this, it's done at the switch level which means a DB failure would impact millions not just those on a tower. For that I think it does have to be 5 9's geo but that's me and you could always take the RIM approach where a failure shuts down the whole US for half a day a couple times a year.
----------
"Sounds to me like you guys a couple of bookies" - Billy Ray Valentine
"No I am not scared, and neither should you be!" - Iraqi Information Minister
|
