On 12/29/21, Steven Schear <schear.steve@gmail.com> wrote:
Although hardware IMEI may be difficult to change, GrapheneOS (and perhaps others) have a way of intercepting system service calls which enable users to supply the values.
Consider that similar to ethernet/wifi HW mac addresses... Except for a hands-on check, it wouldn't strictly have to be a power cycle permanent IMEI change (some ethernet/wifi HW can be hard reprogrammed like that with software tools), but if it's not power cycle permanent then it must never listen to nor transmit on the original IMEI, all listen and especially transmit must not happen until the radio (interface) is soft configured with the new IMEI and brought up. Soft config can therein be a problem because, similar to ethernet/wifi which has wake-on-lan AMT and other top secret insecure always on side channel management features, IMEI baseband has been said to be similarly listening, and perhaps transmitting in reply, all the time too. In that case the window between hands-on power up and soft config would be a problem. Also, other than "regulatory" requirements, "airplane mode" may similarly be always-listening-to-reply baseband suspect. People would have to investigate all that. And without crowdfunding and starting up #OpenFabs , #OpenHW , #OpenAudit which is the better way forward, and which you can now easily startup via the global crypto crowd (over 2.5T mktcap, go spend 0.5%, ending secret closed HW better than hodling), you're just not ever going to know what's inside.