Many blacklisted dual-SIM smartphones are still active on South African mobile networks, Cellucity owner Sean Joffe told MyBroadband.
Cellucity discovered a blacklisting loophole on dual-SIM smartphones while testing a device it had received for a trade-in.
Dual SIM smartphones can support two SIMs simultaneously or one physical card and an eSIM with a unique identifier or IMEI number.
Joffe said that more people in the mid- to lower-end of the market are buying dual-SIM devices.
“As part of the trade-in process, we establish the working condition of a phone and check its blacklist history through the ITC blacklisting database,” Joffe said.
Blacklisting is when mobile operators block an IMEI from connecting to their networks.
“Customers request this if their device has been lost or stolen, and mobile networks can blacklist devices due to fraud or failed payments.”
“In this case, the device had been blacklisted, but the customer was using the device with the SIM card placed in the ‘free’ second SIM slot,” Joffe said.
“Naturally, this did not pass as part of our trade-in program, and we have since modified the process to check both IMEI numbers on the device.”
Joffe emphasised that this loophole is likely already being exploited by criminals and insurance fraudsters.
As the number of devices with dual-SIM capability increases, it presents bad actors with lucrative opportunities.
“When a phone is reported as damaged or stolen to an insurer and is blacklisted, these companies seldom recover the salvage due to the hassle and costs of the reverse logistics.”
“I am very sure that insurance companies would be astounded to see how many of their blacklisted devices are still active and working on SA networks; they have not understood the technology and closed this gap.”
Correctly blacklisting a dual SIM device would therefore involve both IMEI numbers being reported to the SAPS and getting blocked on the networks.
MTN corporate affairs executive Jacqui O’Sullivan said both IMEIs of dual-SIM devices get blocked as part of blacklisting a smartphone on MTN’s network.
Cell C said this is also the case when they block devices.
“As part of the Cell C blacklisting process and to mitigate the loophole which was identified a couple of years back, … we confirm if the phone has a dual SIM and blacklist both IMEIs,” Cell C chief operating officer Andre Ittmann said.
Ittmann added that unapproved dual-SIM device imports could not use SIM slots since these devices lack unique IMEI allocations.
Joffe warned that even when both SIM slots in a phone are blocked, it doesn’t entirely prevent criminals from still using the device.
“While all local networks share blacklisting information, it can take weeks for blacklisting to be processed across the different networks,” Joffe said.
Joffe added that once a phone leaves South Africa, it will continue functioning on any external mobile network.
Joffe highlighted other significant flaws with the current blacklisting process.
“A common misconception by consumers, insurance companies, and even the SAPS is that blacklisting will affectively ‘brick’ a phone.”
“In practice, however, the device can still be connected to a Wi-Fi network and can access some functionality — it just cannot connect [to a mobile network] with a SIM card,” he said.
Joffe explained that rendering a device completely useless can only be done by activating its operating system’s remote locking and factory reset features.
“The only way to truly ‘brick’ your phone is to activate the iOS or Android security feature, allowing you to track your phone and then brick it remotely.”
“This will disable the phone hardware, rendering it dead on all mobile and Wi-Fi networks locally and internationally,” Joffe said.
You can view a dual-SIM smartphone’s IMEI numbers by checking the device’s general settings or by entering *#06# on your keypad. These identifiers are also printed on the side of the original packaging.
First Published 26/06/2022 on My Broadband
By: Rual de Vries