What are IMEI and TAC numbers & why do they matter?
Last updated: Feb. 7, 2022
What are IMEI and TAC numbers & why do they matter for IoT?
Managing connected devices in a major IoT deployment can be dizzying. In the first half of 2022 alone, there were 57 million attacks on IoT-connected devices, and that number threatens to climb.
What happens if devices are lost or stolen? How can you be sure that the only people who have access to your network are authorized parties? Keeping track of devices — and having a way to access them remotely — is a key part of IoT device management that you won’t want to overlook.
That’s where IMEI and TAC numbers come into play, providing an organized and meaningful structure for what would otherwise become communication chaos.
Click the links below to jump to what you need:
- What is an IMEI?
- What is the IMEISV and how is it different?
- What is a TAC?
- What is the origin of the TAC?
- Common TAC equipment types
- How does the network use the IMEI?
- How are the IMEI and TAC different from the IMSI and ICCID?
- Linking IMEI with SIM ICCIDs for traceability
- Monitoring for IMEI changes to detect potential tampering or misuse
- How IMEI helps companies protect and manage IoT deployments
- Automated alerts and actions
What is an IMEI?
Every cellular device has an International Mobile Equipment Identity (IMEI), a 14-digit number that serves as a distinct identifier for the device. Essentially a serial number that the manufacturer assigns, the IMEI is guaranteed to be globally unique. There’s also a 15th digit at the end called a check digit, which uses the 1 algorithm to verify the entire number.
An IMEI is usually broken down this way:
- 22 identifies the reporting body
- 333333 is the actual type allocation code (TAC) digits
- 44444 represents the device’s distinctive ID number
- 5 is the check digit
Where can you find the IMEI?
Typically, you can find the IMEI printed outside the device, so it’s used fairly often to identify a device downstream. Another way to find the IMEI is by using a device management system. Firmware on the device can interrogate the modem module to discover the IMEI. Then, the information is reported through your IoT platform’s IMEI detection feature, allowing you to verify IMEIs remotely.
It’s always a good idea to check your devices' IMEIs at imei.info to gain more insight into this critically important code and the valuable device information packed into each section that can help you protect and track it.
What is the IMEISV and how is it different?
Another acronym, the IMEISV stands for International Mobile Equipment Identity – Software Version. A 16-digit code, the IMEISV includes additional information about the device’s manufacture location and software version.
Here’s a breakdown of the IMEISV:
- 666666 is the TAC
- 77 is the Final Assembly Code (FAC)
- 888888 is the distinctive ID number or sequence number
- 99 states the mobile device’s software version number
On your cellular device or modem, the IMEISV appears in the menu and can also usually be found on the original packaging label.
What is a TAC?
The first eight digits of an IMEI make up the Type Allocation Code (TAC). The TAC indicates the manufacturer and model of the particular device. So, all device models from a particular manufacturer will have the same TAC.
To obtain a TAC, manufacturers must apply to GSMA, which uses a reporting body to supply it and keep a running record of unique global mobile connections. The reporting bodies are regional—for example, in the U.S., the reporting body is PTCRB, (a certification organization that ensures devices reach global interoperability standards).
Local reporting bodies are better equipped to ensure that devices are compliant with regional guidelines, whether they are government or industry regulations. The first two digits of the TAC identify the reporting body that was involved in its creation.
To check a provider-specific TAC number, check here for a comprehensive list of all carriers.
What is the origin of the TAC?
Originally, TAC stood for Type Approval Code, which was a six-digit number followed by a two-digit addendum called the Final Assembly Code (FAC). Device manufacturers had to request approval from a review body in their own country prior to receiving a TAC.
In 2003, the industry took a turn toward a more self-regulated device market. Since then, manufacturers in many countries can request their TAC (Type Allocation Code) through GSMA’s online system, rather than having to go through a review process with a national body.
Common TAC equipment types
In cellular IoT, your device’s TAC is typically associated with the cellular modem or module. Each cellular modem product line could have multiple TACs, depending on whether the hardware or firmware has been changed on the device since certification or if there are regional variants.
These changes occur, depending on when and where device models were produced, among other possible considerations. However, no single device type will receive more than one TAC assignment. But sometimes cellular IoT modems or modules need to access a full array of cellular services and might face managing multiple TACs.
The need to track multiple TACs can prove as challenging and risky to IoT deployment as inadequate or improper tracking, so teams must conduct plenty of due diligence to keep track of all devices and cellular modems.
For example, below are some examples of popular cellular modems with multiple TACs.
- U-blox SARA-R410M : 35275309, 35672610
- Quectel BG-96: 86642503, 86844603, 86206104
- Telit LE910: 35894205, 35696107, 35814806, 35776609, 35353509, 35605210
- Sierra Wireless HL7588: 1475100, 1428400, 1471100
- Fibocomm Wireless G510: 86028604, 86404604
- Gemalto Cinterion BGS2: 35486905, 35554406, 35819704
How does the network use the IMEI?
The network uses the IMEI to recognize the type of device and ensure that the make and model are approved and currently valid. The allocation of a valid, legitimate TAC by a reporting body indicates that the device, module, or modem has passed regulatory scrutiny. Using the TAC, the network can validate that the device is recognized and permitted to be connected.
The rest of the IMEI acts as an identifier for the particular device. GSM networks match the IMEI against a database to be sure it’s valid. Suppose a particular IMEI isn’t valid, and the device misbehaves on the network and slows down service to other subscribers. In that case, network operators might choose to cancel service to the device.
If an IT team suspects that one or more devices have been lost, stolen, or otherwise compromised, it's best to report the issue to the proper body or authority and cancel the device’s usage under its current TAC. Remember: It's better to suffer the loss of a device than risk infiltration to the rest of your IoT network.
How are the IMEI and TAC different from the IMSI and ICCID?
Before we drown in a sea of acronyms, here’s a quick refresher:
The International Mobile Subscriber Identity (IMSI) number is used by the cellular network to identify a specific line of service that your data plan is attached to. If you have a SIM card in the device, the modem module will read the IMSI from it. When the device needs to establish a connection, the network identifies it by the IMSI. The first 3 digits of the IMSI are the mobile country code (MCC), and the next 2–3 digits are the mobile network code (MNC). The remaining digits identify the line of service, or what’s termed as the subscriber.
The Integrated Circuit Card ID (ICCID) is a 19- or 20-digit number that’s typically printed on the back of a SIM card. Like the IMEI, it’s a globally unique serial number—a one-of-a-kind signature that identifies the SIM card itself.
The IMSI and the ICCID are linked to the device’s line of communications service and SIM card. By contrast, the TAC and IMEI have to do with the device itself and its particular hardware. Because the connectivity pieces are often detachable from the hardware, it’s useful to have two sets of identification. In fact, keeping track of all these numbers can help you authenticate devices on the network and prevent security breaches in your IoT fleet.
Linking IMEI with SIM ICCIDs for traceability
Because the IMEI is guaranteed to be unique, it’s often used as part of the device’s certification when it connects to the cloud. SIM/subscriber identifiers are coupled with their IMEI hardware numbers, and operators might set up an alert to notify them if something looks suspicious.
For example, if a SIM card suddenly appears on the network attached to a new IMEI, it could indicate that someone has removed (or stolen) the SIM and is trying to use it to access the same line of service with another device.
As part of your supply chain process, it can help to link which SIMs are paired with which cellular module’s IMEI for traceability and auditing of devices in your fleet. You can use the IMEI information returned from Hologram’s dashboard to pair these as devices use data or as part of your SIM receiving process.
IMEIs are useful in the supply chain because they tie a specific customer to a particular device and manufacturing run. If there’s ever a problem with a device, the customer can check the IMEI and see if other devices in that manufactured batch might need the same software updates. And if a customer ever returns a device, you can match the IMEI to an ICCID to decommission it—and save money since you’ll no longer need to pay for service.
Hologram’s dashboard can trace a SIM and use session data to find out where it’s being used. And with built-in IMEI detection, Hologram allows you to locate your device’s IMEI remotely and ensure that it’s paired with the right IMSI. This is found in the “All Activity” console drawer of the dashboard
Monitoring for IMEI changes to detect potential tampering or misuse
First, check with your engineering and operations departments to see if it’s an expected change. If they’re testing multiple devices with a single SIM card or in the midst of refurbishing IoT devices, they might reuse SIM cards, resulting in an IMEI alert.
If no one in your organization sees a reason for the IMEI shift, the alert quite possibly indicates a stolen SIM card. Once you ’re aware of a potential problem, pause the data flow to that device, delete it from your dashboard, and contact Hologram to help resolve the issue.
How IMEI helps companies protect and manage IoT deployments
Businesses need to conduct, protect, and manage various types of IoT deployments relying on IMEI number tracking, including:
- Smart meters that monitor utilities, such as water treatment plants and power facilities, to ensure security
- IoT smoke detectors that keep government agencies, small businesses, and large corporations safe from potential fire, spark, and smoke dangers
- Smart climate control in refrigerated climates where food could spoil without proper IMEI protection for IoT devices
- Traffic monitoring for cities and counties to keep drivers and pedestrians safe with proper traffic lights and sign timing
- Healthcare and biometrics applications used for monitoring vulnerable patients
- Fill-level sensors in grain silos and tanks to secure the food supply
- IoT sensors on Lime scooters that monitor usage and distance and deter theft prevention
IMEI helps employees and leaders monitor these IoT deployments to ensure effective deployment and usage. If someone loses a device in any of these environments, anything can happen to operations in the wrong hands.
Get automated IMEI alerts and actions with Hologram
Hologram allows you to set up device management, including an alert that will notify you automatically if an IMEI changes in one of your devices. You can specify how you’d like to receive real-time alerts, such as through email, SMS, or Slack, or enable automated actions like IoT device shutdowns to avert potential compromises.
With Hologram, you can manage your devices from anywhere in the world. You can monitor device performance, take corrective and protective action when necessary, and optimize your fleet in real time for peak performance and security.
Get started with Hologram today to connect and protect your IoT devices.