IT Baseline Protection Manual S 2.189 Blocking of the mobile phone in the event of its loss

-->

S 2.189 Blocking of the mobile phone in the event of its loss

Initiation responsibility: Head of IT Section, IT Security Management, users

Implementation responsibility: Users

In the event that either the SIM card or the mobile phone are lost, any costs incurred as a result of misuse of the mobile phone connection will be borne by the SIM card holder. Therefore arrangements should be made immediately for the network provider to block the SIM card in order to exclude the possibility of the card being misused and the associated financial loss.

In addition, the requirement to enter the SIM card's PIN should always be enabled (see S 4.114 Use of the security mechanisms provided on mobile phones). If the card should be stolen or lost, this prevents the SIM card being used or evaluated by an unauthorised person. However, the user will only be required to enter the PIN if the mobile phone is switched on. If the mobile phone is stolen when it is already switched on, a third party could use it to make calls until the battery is exhausted!

If the mobile phone is lost or stolen, it is also possible for the network provider to prohibit further use of the mobile phone by placing it on a "blacklist". To do this, the network provider needs the identifying number of the phone, the International Mobile Equipment Identifier (IMEI). This is often found on the back of the phone and should therefore be written down and kept apart from the device.

Care should be taken to ensure that the IMEI which goes with the mobile phone is notified in writing at the time of purchase. This number can also be read from the mobile phone itself, however the procedure involved is not standard for all mobile phones. The identifying number is often to be found on the identification plate underneath the battery or it can be displayed by entering "*#06#".

To ensure that misuse of the SIM card is noticed promptly, the itemised call breakdown should always be checked for inexplicable charges and destination numbers.

All the data which is required to block the SIM card or mobile phone should be at hand but kept separately from the mobile terminal itself. This data is as follows:

the call number of the mobile phone connection and the associated SIM card number,

the serial number of the mobile phone,

the service number of the network provider which has to be called in order to have the phone blocked and

the service number password and customer number, i.e. the data which is needed in order to authenticate oneself to the network provider

last update:
October 2000

home