Restricted - Confidential Information

© GSM Association 2009

All GSMA meetings are conducted in full compliance with the GSMA’s anti-trust compliance policy

Sep 2009 JEM MeetingDevice Security Update

James Moran, GSMA

Document Number

Meeting Date 29 Sep 2009

Meeting Venue London, UK

For Approval

For Information X

Version 1.0

Security Restrictions Confidential

© GSM Association 2009 2

Handset theft considered to be a major social issue with claims that it constitutes 52% of street crime

Handset theft has increased 500% in recent years and handsets of the future will be more attractive

Significant global media coverage since 2003 - most of it negative against the industry

Onus placed on the operator community to demonstrate social responsibility and implement counter measures

Problem not of industry’s making but there is an obligation to help combat it

Handset theft - the issue

© GSM Association 2009 3

Consumer need to replace stolen handsets a significant churn factor

Thefts of subsidised handsets for use on networks in other markets

Handset theft insurance underwriting costs

Manipulated handsets impact network quality of service

Handset theft – commercial issue

© GSM Association 2009 4

TCAM Involvement

Dec 2002 - Request from Industry to consider regulation submitted in Dec 2002

Sep 2003 – industry agreed objectives and commitments to increase blacklisting and enhance handset security levels

Feb 2004 – technical security principles agreed and reporting and correction process submitted to TCAM

Oct 2004 – industry progress reports to TCAM initiated – 9 submitted to date

Mar 2007 – industry formally rescinded request for regulation based on progress made with industry initiatives

Mar 2008 – France agreed that regulation is unnecessary and has now shifted focus to m-commerce

Matter is still not closed

© GSM Association 2009 5

Industry Cooperation

Co-operative spirit between GSMA and EICTA

Mutual recognition of the need to combat handset theft

Significant progress made in short period of time– Agreed technical solutions for first time– Formal reporting process put in placed for first time– Improved communications to educate industry

Initiatives designed to tackle handset theft on a number of fronts

Regular progress reports provided to TCAM

© GSM Association 2009 6

Voluntary Efforts Undertaken by Industry

Blacklisting of Stolen Handsets

New IMEI Database developed and deployed to replace CEIR

Concerted drive to extend EIR use and extensive communications undertaken for operators to connect

Significant increase in IMEI Database connectivity across Europe

Access to stolen handset data opened up to third party stakeholders

© GSM Association 2009 7

Voluntary Efforts Undertaken by Industry

Tackling Black Market

Identification of black market hotspots around the world

Taxation initiative undertaken to reduce tax levels and associated black market opportunities in identified markets

Additional technical countermeasures to prevent the re-use of stolen handsets

© GSM Association 2009 8

Voluntary Efforts Undertaken by Industry

Enhanced IMEI Security

Technical security design principles agreed with manufacturers

Formal IMEI security weakness reporting and correction process developed to deal with compromised products during production life

Proactive identification of IMEI security weaknesses ensured with launch of outsourced detection service

© GSM Association 2009 9

Participating Manufacturers

      

                            

© GSM Association 2009 10

“[Mobile theft] is the dark underbelly of our great success," Craig Ehrlich, chairman of the GSM Association, a mobile industry group, said at the 3GSM World Congress here last week.

"

Wireless: Thieves take noteMonday, March 1, 2004

Cell phone Makers Ally To Combat Handset Theft27 February 2004

CANNES, France -- Seven of the world's biggest mobile-phone makers have agreed to make changes to handset designs to combat soaring rates of wireless-related crime… the GSM Association said Tuesday.

Crackdown on mobile phone theft9 February 2004

Mobile operators and handset makers are to announce a crackdown on mobile theft in a move that will render handsets stolen in one country useless in another…. Under the latest initiative led by the GSM Association, a global industry body for mobile operators, IMEI numbers will be stored on an international register that can be accessed by all global operators running networks on GSM.

International Recognition of Initiatives

© GSM Association 2009 11

Need for IMEI integrity

Operators

• Identifies terminals to support value added services• Facilitates market research on user base• Determines which terminals may be responsible for technical faults• Identifies misuse in fraud detection systems• Used in criminal trials• Critical to the success of EIR

Manufacturers

• Identifies grey market terminals.• Identifies and targets terminals that may need software updates over the network• Allows operators to recall terminals on behalf of manufacturers• Helps introduce special functions to support terminals that may not work correctly.• Discourages theft in their production and delivery processes

Regulators Allows exclusion of non-approved terminals which is a license obligation in some markets• Identifies handsets for lawful interception and criminal prosecution

Consumers• Allows consumers stolen handset checks and upholds integrity of used handset market• Facilitates proof of purchase for warranty purposes

© GSM Association 2009 12

Technical principles to secure IMEI’s

Necessary to educate operators and manufacturers on technical ways to protect IMEI

Nine technical principles agreed to ensure and strengthen handset integrity

Technical principles have been published for the guidance of operators and manufacturers

Principles provide operators with technical criteria to assess IMEI security levels when purchasing handsets

Handsets compliant with the technical requirements will emerge by end 2005

© GSM Association 2009 13

Technical principles

1. Uploading, downloading and storage of executable code and sensitive data

2. Protection of components’ executable code and sensitive data

3. Protection against exchange of data/ software between devices

4. Protection of executable code and sensitive data from external attacks

5. Prevention of download of a previous software version

6. Detection of, and response to, unauthorised tampering

7. Software quality measures

8. Hidden menus

9. Prevention of hardware substitution

© GSM Association 2009 14

IMEI weakness reporting

Process designed to facilitate reporting and correction of identified IMEI security weaknesses

Process notifies operators and manufacturers of identified weaknesses and engages with manufacturers centrally

Further example of accelerated cooperation with manufacturers on security levels

Manufacturers invited to participate by signing participation agreement and non-disclosure agreements

Supported by World’s leading manufacturers

Scheme launched in June 2004 and operators could submit reports

© GSM Association 2009 15

Reporting Process

Report of IMEI compromise submitted to GSMA by operator

Report logged and initial assessment carried out by GSMA

Report passed to manufacturer for acknowledgement & response within 42

days

Manufacturer reports on findings & indicates when secure product will be

shipped

Subsequent resolution will result in withdrawal of notification

Failure to respond/rectify results in notification to GSMA members

1

2

3

4

5

6

Op

erators

info

rmed

via In

foC

entre

© GSM Association 2009 16

Motivation for Development of Outsourced Service

Problem IMEI is fundamental enabler for value-add services IMEI security is indicative of overall level of handset security Security levels provided to date are insufficient Security breaches and weakness are not reported and are

unresolved Operators are ill equipped to identify and report problems

Proposed Solution Establish an outsourced service where GSMA will be provided

with IMEI security reports for distribution to GSMA members and manufacturers

Overall Objective Improve handset security levels by having faults corrected Ensure lessons learned from hacks feeds into future design

© GSM Association 2009 17

Timeline

Nov 07 – EMC approved TG1

Dec 07 – Funding requirements submitted in GSMA 2008-09 Business Plan

Jan 08 – Contractual arrangements and commercial terms agreed

Feb 08 – Funding availability confirmed following budget approval

Mar 08 – Contracts signed with Phonesec and launch announced

Apr 08 – Service launched

© GSM Association 2009 18

Service Components

Detection of security compromise claims– Proactive identification of claims from public and non-public sources– List of devices submitted to GSMA on monthly basis – IMEI security

and SIM lock Validation of security compromise claims

– Selected handsets notified to Phonesec and the hacking tool is obtained

– Tests conducted on the device to change the IMEI– Detailed report submitted to GSMA for provision to device

manufacturer Evaluation of corrective measures

– Manufacturers propose solutions within 42 days and details are provided to GSMA

– GSMA requests a corrected handset and Phonesec check effectiveness of countermeasures

© GSM Association 2009 19

Handset Security Steering Group

Ensure IMEI Security are provided in accordance with contract and budget

Maintain documentation and identify and deliver ongoing improvements

Review list of handsets submitted on a monthly basis and select models for validation

Review and analyse IMEI security statistics supplied by the service provider

Promote and communicate the importance of enhanced IMEI security levels to all stakeholders

© GSM Association 2009 20

Observations to date

Service provided by Phonesec – 17 monthly reports received to date– 338 compromised devices reported – 78% attributable to 2 manufacturers– 6 new manufacturers signed up to reporting process this year– Only HTC and Research in Motion have refused to participate

32 validations requested to date– 22 resolved– 21 countermeasures proposed– 10 in progress– No countermeasures evaluated due to budget restrictions

Security levels increasing• 2008/09 saw 17% fewer comprised devices than previous year• Most recent quarter shows 51% decrease on the same period 1 year earlier

© GSM Association 2009 21

Thank you for your attention

Any questions ???

James Moran

GSMA Association

jmoran@gsm.org