To proceed effectively, mobile devices need to be identified by the make, model, and service provider. If the mobile device is not identifiable, photographing the front, back, and sides of the device may be useful in identifying the make, model, and current state (e.g., screen lock) later. Individuals may attempt to thwart specialists by altering the mobile device to conceal its true identity. Device alteration may range from removing manufacturer labels to filing off logos. In addition, the operating system and applications may be modified or, in rare situations, completely replaced, appear differently, and behave differently than expected. These modifications should be taken into consideration on a case-by-case basis.
If the mobile device is powered on, the information appearing on display may aid in mobile device identification. For example, the manufacturer’s or service provider’s name may appear on display, or the screen layout may indicate the family of operating systems used. Information such as the manufacturer’s label may be found in the battery cavity (e.g., make, model, IMEI, MEID). Removing the battery from the cavity of a mobile device, even when powered off, may affect its state, particularly the contents of volatile memory. Most mobile devices keep user data in non-volatile memory (i.e., NAND). If the mobile device is powered on, battery removal will power it off, possibly causing an authentication mechanism to trigger when powered back on.
Other clues that allow the identification of a mobile device include manufacturer logos, serial numbers, or design characteristics (e.g., candy bar, clamshell). Overall, knowing the make and model helps limit the potential service providers by differentiating the type of network the device operates over (i.e., GSM, non-GSM) and vice versa. Synchronization software discovered on an associated computer may also help to differentiate among operating system families.
Further means of identification include the following:
- Device Characteristics – The make and manufacturer of a mobile device, may be identified by its observable characteristics (e.g., weight, dimensions, and form factor), particularly if unique design elements exist. Various websites contain databases of mobile devices that may be queried based on selected attributes to identify a particular device and obtain its specifications and features(15). Coverage is considerable but not extensive nor complete and may require consulting more than one repository before making a match.
- Device Interface – The power connector can be specific to a manufacturer and provide clues for device identification. With familiarization and experience, the manufacturers of certain mobile devices may be readily identified. Similarly, the size, number of contacts, and shape of the data cable interface are often specific to a particular manufacturer and may prove helpful in identification.
- Device Label – For mobile devices that are inactive, information obtained from within the battery cavity may be of assistance, particularly when coupled with an appropriate database. The manufacturer’s label often lists the make and model number of the mobile device and unique identifiers, such as the Federal Communications Commission Identification Number (FCC ID) and an equipment identifier (IMEI or MEID). The FCC and equipment identifiers may be found on mobile devices sold in the U.S. domestic market. For all mobile devices that use a UICC, the identity module is typically located under the battery and imprinted with a unique identifier called the Integrated Circuit Card Identification (ICCID). The International Mobile Equipment Identifier (IMEI) may be obtained by keying in *#06# for powered on GSM and UMTS phones. Similar codes exist for obtaining the Electronic Serial Number (ESN) or Mobile Equipment Identifier (MEID) from powered-on CDMA phones. Various sites on the Internet offer databases that provide information about the mobile device based on an identifier, such as the following:
- The IMEI is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The initial 8-digit portion of the IMEI, known as the Type Allocation Code (TAC), gives the model and origin. The remainder of the IMEI is manufacturer-specific, with a check digit at the end [GSM04]. A database lookup service is available from the GSM numbering plan Web site(16).
- The ESN is a 32-bit identifier recorded on a secure chip in a mobile device by the manufacturer. The first 8-14 bits identify the manufacturer, and the remaining bits represent the assigned serial number. Many mobile devices have codes that can be input into the handset to display the ESN. Hidden menus may also be activated on certain mobile devices by placing them in “test mode” through the input of a code. Besides the ESN, other useful information such as the phone number of the device may be obtained. Manufacturer codes may be checked online at the Telecommunications Industry Association Web site(17).
15 For more information, visit http://www.phonescoop.com/phones/finder.php, http://www.gsmarena.com/search.php3, and http://mobile.softpedia.com/phoneFinder., http://www.gsmarena.com/search.php3, and http://mobile.softpedia.com/phoneFinder.
16 For more information, visit http://www.numberingplans.com/?page=analysis&sub=imeinr..
17 For more information, visit http://www.tiaonline.org/standards/resources/esn/codes.cfm..
The ICCID of the UICC may be up to 20 digits long. It consists of an industry identifier prefix (89 for telecommunications), followed by a country code, an issuer identifier number, and an individual account identification number. The ICCID determines the country and network operator name. If the ICCID does not appear on the UICC, it may be obtained with a UICC acquisition tool. The GSM numbering plan Web site supports ICCID queries for this information(18).
- The first 3 characters of the FCC ID are the company code; the next 14 are the product code. The FCC provides a database lookup service to identify a device manufacturer and retrieve information about the mobile device, including photos, user manuals, and radiofrequency test results(19).
- MEID consists of a set of characters 56-bits in length (14 hex digits). It contains three fields, including an 8-bit regional code (RR), a 24-bit manufacturer code, and a 24-bit manufacturer-assigned serial number. The check digit (CD) is not considered part of the MEID. The MEID was created to replace ESNs, as all ESN’s were exhausted by November 2008.
- Carrier Identification – The carrier for a mobile device may have its logo printed on the exterior. This is traditionally displayed prominently to allow for advertising and branding. This may provide the examiner with insight on which carrier the mobile device operates. Mobile devices may be unlocked and possibly re-flashed to operate using a competing carrier. One method to make this determination is to examine the UICC if present. Most carriers imprint their logo on the front of the UICC. Additionally, extraction and analysis of the ICCID provide further confirmation.
- Reverse Lookup – The Number Portability Administration Center (NPAC) provides an automated phone system for law enforcement agencies to determine the current service provider assigned to a number and obtain contact information(20). This service covers both U.S. and Canadian phone numbers. If the telephone number of the mobile device is known, use a reverse lookup to identify the network operator and the originating city and state. For example, FoneFinder™ is a service to obtain such information(21). The network operator’s website typically contains lists of supported devices to use to narrow down and possibly identify the mobile device in question. Because phone numbers get ported among service providers, they require more up-to-date information in many situations.
18 For more information, visit http://www.numberingplans.com/?page=analysis&sub=simnr.
19 For more information, visit http://transition.fcc.gov/oet/ea/fccid/..
20 For more information, visit: http://www.npac.com/the-npac/access/law-enforcement-agencies-psaps..
21 For more information, visit http://www.fonefinder.net/..