Author Topic: How do telcos identify devices connected to 4G/LTE cellular networks?  (Read 825 times)

0 Members and 1 Guest are viewing this topic.

Online Halcyon

  • Super Contributor
  • ***
  • Posts: 3420
  • Country: au
I need to be careful what I write here as to not have certain companies names and key words pop up in Google searches nor get anyone in trouble. Rest assured that I'm not contemplating anything illegal*, immoral or otherwise dodgy.

Here's the scenario: A certain telco is offering unlimited 4G/LTE data at full speeds but get a bit funny about putting SIM cards attached to said accounts in modems and other such devices.

Basically there have been reports of users removing their SIM cards from the mobile handsets that are provided with the above-mentioned services and inserting them into LTE modems/routers and connecting them to their LAN, then having the telco involved calling the customer and telling them to quit it. I should also point out at this point that telcos in Australia no longer lock handsets to their networks or accounts to particular IMEIs and allow customers to use whatever handset they like, whether it came from them or not. It's fairly common practice.

I understand in a general sense how cellular networks and telcos work and how devices are identified on the network by their IMEI and accounts/billing is tied to the ICCID of the SIM. However are there any other attributes sent over the network which identifies what kind of device (make/model/type etc...) the end-user is using, other than relying on the IMEI?

Let's say theoretically I bought a brand new mobile phone off the shelf, but never used it. Instead, I obtained another device (a modem for example) and managed to input the IMEI from the bought phone into the modem and used that instead. Would the carrier be able to tell that I'm not using a mobile phone or would it see the IMEI, recognise that it belongs to a pool of IMEI's assigned to say, Samsung and be none the wiser?

* I will point out that in Australia under Section 474.7 of the Crimes Legislation Amendment (Telecommunications Offences and Other Measures) Act 2004, it's unlawful to modify or otherwise interfere with the operation of a "telecommunications device identifier" (e.g.: An IMEI that is "installed" in the device by the manufacturer). However the law seems a bit vague and untested regarding this point. For example: What if you could purchase a device that had no default IMEI? I'm not advocating that anyone starts breaking the law. But if you're reading this and going to experiment, do so within the law..
« Last Edit: October 31, 2018, 08:12:30 pm by Halcyon »
 

Offline firehopper

  • Frequent Contributor
  • **
  • Posts: 367
  • Country: us
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #1 on: October 31, 2018, 09:54:39 pm »
they would prolly use the data flow history to determine that would indicate approximately what kind of device it is, as a phone has one type of data flow, a computer a different type, also what was accessed and for how long also indicates what kind of device, thats how some carriers detect your tethering when your not supposed to. if your plan doesnt include that.
 

Online Rerouter

  • Super Contributor
  • ***
  • Posts: 3975
  • Country: au
  • Question Everything... Except This Statement
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #2 on: October 31, 2018, 10:37:13 pm »
There is an IMEI, and a IMSI, they have a whitelist of sorts. either refusing, or flagging if a mismatch happens,

Currently just got over quite the fight with Optus in regards to ~1500 connections, If you have a 3 way break out "Data share" sim, your in for some fun :)

Put it in a phone: data works intermittently with up to 14 hour gaps,
put it in a 3g modem: sim is dead (no network pairing success)
put in a 4g modem: some brands work, most dont
put in a telematics modem: sim is dead

To make things even better, a sim that has been in one of those telematics modems, work just fine until either the sim is seen on the network with another Imei, or has not past data for more than 40 days, at which point it is bricked for everything except a mobile handset

The only thing I have not yet tried at this point is a old 3G phone breakout kit to try and send some data, But its definitely down to IMEI ranges, and certain IMSI ranges its applied against.
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2054
  • Country: ca
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #3 on: October 31, 2018, 10:55:11 pm »
Best bet might be to keep it in the phone but set it up as a tether.  Can then use a wireless bridge (acts as client) to provide internet to the router.

I think they can tell the type of device the card is in, maybe via the IMEI or other identifier. 

I've heard that some just look at the actual traffic, ex: if the browser user agent is a computer OS.  But that seems like a dirty way of doing it as it's very application specific.
 

Offline glarsson

  • Frequent Contributor
  • **
  • Posts: 807
  • Country: se
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #4 on: October 31, 2018, 11:11:49 pm »
They can use the position of the SIM as reported by the cell towers. If it doesn't move, then it's likely not a phone.
 

Offline cat87

  • Regular Contributor
  • *
  • Posts: 216
  • Country: nl
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #5 on: November 01, 2018, 12:34:00 am »
Besides the usual network identification things,  the SIM itself is also in effect a feee running micro-computer. At least modern ones are.
And they can also have small apps or bits of code running on them so  the operatot that issues them can have a lot of things going on on the Sim without anyone knowing about it. Not even the phone the Sim is in.

That might be what's actually going on



I found that talk really illuminating and scary at the same time

Online Halcyon

  • Super Contributor
  • ***
  • Posts: 3420
  • Country: au
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #6 on: November 01, 2018, 08:28:17 am »
they would prolly use the data flow history to determine that would indicate approximately what kind of device it is, as a phone has one type of data flow, a computer a different type, also what was accessed and for how long also indicates what kind of device, thats how some carriers detect your tethering when your not supposed to. if your plan doesnt include that.

They can use the position of the SIM as reported by the cell towers. If it doesn't move, then it's likely not a phone.

It has nothing to do with the type of data or location of the device. Monitoring data would be inaccurate as most of what goes over the air is encrypted anyway. There would be no way of telling whether it's a mobile application or something running on a desktop just by looking at the data going over the air.

Also, just because a device doesn't move, doesn't mean it's not a phone. I can think of several scenarios where this would be the case. Besides, most staff at telcos don't have access to location information of customer devices. Not only would it be a massive invasion of privacy, it would probably break and handful of laws too if they were to just access that information. Even Police and security agencies can't just access mobile location information whenever they feel like it, there is a whole process to go through to ensure it's not being abused.

There is an IMEI, and a IMSI, they have a whitelist of sorts. either refusing, or flagging if a mismatch happens,

Currently just got over quite the fight with Optus in regards to ~1500 connections, If you have a 3 way break out "Data share" sim, your in for some fun :)

Yeah Optus do some weird and wonderful things. As far as I know, the other telcos don't. For example, Telstra lets you use any SIM in any phone. They don't maintain a whitelist, but they do maintain a blacklist of stolen devices. Another thing Optus like doing; if you use your own mobile phone repeater (like the Cel-Fi devices), Optus will lock those devices to a particular cell tower (or towers) so you can't move it without submitting a request.
 

Offline glarsson

  • Frequent Contributor
  • **
  • Posts: 807
  • Country: se
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #7 on: November 01, 2018, 08:52:08 am »
Besides, most staff at telcos don't have access to location information of customer devices. Not only would it be a massive invasion of privacy, it would probably break and handful of laws too if they were to just access that information.
I don't know how they do it, but you can figure out if the SIM is moving without giving staff access to information about the actual location, e.g. number of cell tower changes.
 

Online Halcyon

  • Super Contributor
  • ***
  • Posts: 3420
  • Country: au
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #8 on: November 01, 2018, 09:13:14 am »
Besides, most staff at telcos don't have access to location information of customer devices. Not only would it be a massive invasion of privacy, it would probably break and handful of laws too if they were to just access that information.
I don't know how they do it, but you can figure out if the SIM is moving without giving staff access to information about the actual location, e.g. number of cell tower changes.

It would be highly inaccurate though. Depending on your location, leaving a phone on a desk would cause it to bounce between multiple towers/bands.
 

Offline glarsson

  • Frequent Contributor
  • **
  • Posts: 807
  • Country: se
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #9 on: November 01, 2018, 09:42:33 am »
Sure, but that's easily fixed by a filter that ignores neighboring cell towers and only count changes between towers a suitable distance away.
 

Offline TheSteve

  • Supporter
  • ****
  • Posts: 2853
  • Country: ca
  • GHz or bust
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #10 on: November 01, 2018, 10:02:27 am »
There are providers here that lock sim cards to specific devices so you can't use data only or voice only plans in alternate devices. They also know the IMEI of every device they have sold so they know what it is. If you bring your own device they can still roughly tell what it is and who made it from the IMEI prefix anyway. One provider registers the IMEI of your device so only that device will work with your account. So all in all it is very easy for them to tell if that is information they want to look at.
VE7FM
 

Online Halcyon

  • Super Contributor
  • ***
  • Posts: 3420
  • Country: au
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #11 on: November 01, 2018, 10:17:45 am »
It'll probably be easier just to USB tether the handset to a pfSense router. It's not ideal, but it would work.
 

Offline MrMobodies

  • Frequent Contributor
  • **
  • Posts: 413
  • Country: gb
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #12 on: November 01, 2018, 01:44:21 pm »
I use a Netgear Wnap210 which is set in bridge mode to join my phone in tethered mode.
 
The Netgear Wnap210 is connected to a machine running PfSense and set it at the last tier in gateway groups just for if the two VDSL lines drop out.
Very handy and flexible as I can route anything to it if I wanted to.

I got a job lot of Wnap210's but I have to replace the capacitors inside as they are old and most use the cheapest.

How do they know of tethering:
Some years ago I read some articles and it was at the time when they were trying to get people off unlimited mobile contracts in the states and they threatened them with being throttled or having their grandfathered plan cancelled. In the articles they thought it was to do with the phone's browser user agent being read by the ISP's proxy server which is how they detect and some people were even falsely accused back then just for using a different browser than the ones that came with the phone. I know most mobile phone companies use a proxy for all sorts of reasons.

I also got one of these that I take around:
https://www.gl-inet.com/products/gl-ar300m/

I attach it to a battery using some veclro and I can join or create other wifi networks and it is handy for my label printers without any changing the wifi keys and so on.
It uses Openwrt and it can bridge okay as well
« Last Edit: November 01, 2018, 02:01:55 pm by MrMobodies »
 

Offline Lord of nothing

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: at
Re: How do telcos identify devices connected to 4G/LTE cellular networks?
« Reply #13 on: December 12, 2018, 04:28:54 am »
Hmm here in my Country its easy to get a Prepaid Flat. Yes Flat mean Flat.
If not "Cable" is avaiable it could be faster to Book an LTE Flat than DSL.
Even the big Telco use LTE + DSL Bonding to allow the Enduser to have a higher Bandwith.  :wtf:
Nope its no Joke...
Made in Japan, destroyed in Sulz im Wienerwald.
 
The following users thanked this post: tooki


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf