GemiGuard Telegram: @GemiGuard +380 73 678 7777

Knowledge Base · IMEI · Mirage · Counter-surveillance

IMEI Obfuscation on the GL.iNet Mudi GL-E750V2 VPN Router

A detailed technical breakdown: what an IMEI is, where it is stored within a device, in which scenarios it is transmitted to the cellular network, and why regularly changing the IMEI is an important counter-surveillance strategy for the Ukrainian military.

The International Mobile Equipment Identity (IMEI) is a unique identifier assigned to all devices capable of communication, including communicators such as the GL.iNet Mudi GL-E750V2. Cellular networks use the IMEI to authenticate the device, deliver services and track it. However, that same identifier can be exploited by the enemy for surveillance, geolocation tracking and disrupting operations.

Most cellular devices do not allow the IMEI to be changed because of legal and security restrictions. Some devices, however — for example the GL.iNet Mudi GL-E750V2 — permit IMEI numbers to be changed using tools or firmware settings.

The IMEI and the modem chip

The IMEI number is usually assigned to the modem chip within a mobile device. This is because the modem is the component responsible for establishing and managing communication with cellular networks.

The IMEI is typically hard-coded into the modem chip’s firmware. The IMEI, stored in the non-volatile memory of the modem chip, persists even after the device’s software is changed. Each modem chip is assigned a unique IMEI to ensure global uniqueness of device identification. Global uniqueness is essential for the effective management of cellular networks.

In devices with multiple SIM cards or routers with multiple modems, each modem chip will have its own IMEI. In devices where a single modem serves multiple SIM-card slots, the same IMEI is used for all cellular connections.

Although the IMEI resides in the modem chip, it serves as an identifier for the entire device (for example a smartphone, access point, mobile phone or router) when connecting to cellular networks. This makes the IMEI a proxy for device identification in a network context.

When is the IMEI transmitted?

Understanding when and how IMEIs are transmitted underscores the importance of counter-surveillance measures in operational settings. A cellular device transmits its IMEI in certain scenarios:

  • During network registration: when a device powers on and attempts to establish a connection with a cellular network, it transmits its IMEI as part of the registration process. The network uses it to verify whether the device is authorised, whether it is on a blacklist, and to assign services.
  • When the SIM card is changed: changing the SIM card triggers IMEI transmission during re-registration. This ensures that the new subscriber identity (via the SIM card) is associated with the correct device.
  • During cell or network handover: when a device moves between cell towers or switches to a different network, it may transmit the IMEI again for authentication and registration.
  • During network operations: the IMEI may be requested by the network for troubleshooting, optimisation, or to associate the device with the International Mobile Subscriber Identity (IMSI).
  • During periodic updates: some networks require regular updates from devices. While these updates mostly use other identifiers, the IMEI may be transmitted depending on the network configuration.
  • During emergency calls: devices may transmit their IMEI during emergency calls — even without a SIM card. This allows the network to identify the device for coordinating emergency response.

The IMEI is not transmitted continuously or during regular data use. Once the device is registered with the network, subsequent communication usually uses other identifiers, such as the IMSI or the Temporary Mobile Subscriber Identity (TMSI), to preserve user privacy and reduce network load.

IMEI obfuscation as a counter-surveillance strategy

Amid the war in Ukraine, the Ukrainian military uses the GL.iNet Mudi GL-E750V2 hotspot VPN router because of its IMEI obfuscation capability. The Armed Forces of Ukraine are advised to change the device IMEI regularly as part of a broader counter-surveillance strategy. This technique aims to improve operational security and user anonymity, making it harder for the adversary to track soldiers, units and their movements.

Benefits of changing the IMEI

Improved anonymity: regular IMEI changes disrupt device identification, making it harder for attackers to link devices to specific users, units or locations. This reduces the risk of targeted attacks or the exposure of sensitive patterns.

Mitigating cellular tracking: cellular networks log IMEI numbers to identify devices and deliver services. Changing the IMEI conceals device activity, reducing the likelihood of attackers tracking it through intercepted network logs or compromised infrastructure.

Measures against signals intelligence (SIGINT): SIGINT operations often collect and analyse IMEI data for geolocation and monitoring. Regularly changing the IMEI reduces the risk of persistent tracking or correlation across different sessions.

Risks of IMEI obfuscation

Network compatibility issues: invalid IMEI numbers (for example, all zeros) or obvious patterns will draw unwanted attention from the adversary. To reduce this risk, always use random IMEI numbers that comply with the 3GPP TS 23.003 standard.

Operational complexity: regularly changing IMEIs and SIM cards complicates soldiers’ routines, increasing the risk of misconfiguration or loss of communication at critical moments. The best way to reduce this risk is to use device firmware that automatically changes the IMEI when a new SIM card is installed. This is exactly how GemiGuard Mirage works for the Mudi V2.

Increased risk: attackers may flag devices exhibiting irregular IMEI changes as high-value targets, inadvertently increasing their surveillance exposure. This risk is reduced by implementing a policy that ensures only random, standards-compliant IMEI numbers are assigned when the SIM card is changed.

Key considerations

To maximise the effectiveness of changing the IMEI, several factors must be taken into account:

  • Balance security and usability: provide proper training, simplified processes and protocols to reduce the risks associated with IMEI obfuscation.
  • Integrate IMEI obfuscation with encryption, VPN and disciplined communication practices as part of a comprehensive counter-surveillance strategy.
  • Use reliable hardware and software: stable hardware and dependable firmware are crucial for changing the IMEI without failures.
  • Understand the adversary’s capabilities: assess attackers’ ability to exploit IMEI data and apply that knowledge to an effective counter-surveillance strategy. IMEI spoofing can also serve as a tool for deceiving the adversary.

Conclusion

IMEI obfuscation is an important tool for improving operational security in the context of the conflict in Ukraine. Combined with reliable technologies and training, IMEI obfuscation can protect sensitive operations and reduce the risk of hostile tracking. However, careful management is required to balance the benefits and risks and ensure the strategy is effective.

Mirage Pro for the Mudi V2. Our firmware automates the IMEI change when a new SIM card is installed — IMEI rotation is an event triggered by the physical switch, not by a timed cycle. Separately, every 30 minutes the system logs and the Wi-Fi client history are wiped. Mirage details →

Related: GL.iNet Mudi V2 · GemiGuard Mirage firmware.

Need these models in bulk? Get in touch

Get in touch through a channel that suits you

Tell us which model and how many units you need — and get your wholesale price and stock confirmation right in Telegram. No forms, no conditions.

Telegram · @GemiGuard Signal WhatsApp +380 73 678 7777