Protect your IoT devices with IMEI Lock & SIM status management
Written by: Jonathan Bradshaw, Soracom Solutions Architect
Published: March 26, 2021
Summary: Soracom IoT SIMs have two built-in features, IMEI Lock and SIM status management, that can help to protect IoT devices from tampering and data overruns. Both of these features can be activated from the Soracom management interface or the Soracom API, and are available for all Soracom IoT SIMs.
++++
Hi, I’m Jon; I am new to Soracom but not to IoT. As a Solutions Architect at Soracom, I help our customers develop new connected experiences, but I have been working in tech since when the Commodore PET was the best home PC ever. Most recently, I have been working at enterprise-scale digital transformation, cloud computing, and IoT with one of the “big three” cloud providers.
I have some experience building, integrating, and running IoT-based networks for payment processing, home automation, facilities management, and agricultural applications, which is how I’ve learned to appreciate features like Soracom’s IMEI lock and SIM status management.
At one time, I ran a fleet of Payment Card terminals for a global network of merchants. Between 3 and 5 times each year, I would experience large data overages for a small number of devices. On investigation, it turned out that SIM cards were being removed physically from the payment terminal and reused for data connectivity. Someone with access to the payment terminal might remove the SIM card and install it into a mobile phone or in a WiFi hotspot, and with access to the internet comes access to eMail and data streaming.
Activating the IMEI Lock
In addition to a SIM PIN number, features like IMEI Lock & SIM status management can help to protect today’s IoT deployments from this sort of misuse.
IMEI Lock is available for all Soracom IoT SIMs.
When configured, IMEI lock checks that the SIM card is installed in the correct device. If the SIM has been moved to another device, the SIM will not be authorized to connect to the cell network, and no data exchange can take place.
The IMEI lock can be managed from the Soracom User Console or the Soracom API, and elements of the configuration can be automated using the Soracom Event Handler. For example, the Event Handler can be set so that if the SIM & IMEI are mismatched, the SIM is deactivated.
This is a useful feature if you would like the SIM card and device to come online when correctly paired.
Once locked to a device for example a payment terminal, the SIM card will not work on any other device (mobile phone or a WiFi hotspot). This bonding is not permanent, and the lock can be removed by an administrator by accessing the Soracom User Console or using the Soracom API.
Managing SIM status
Another feature of Soracom IoT SIMs is that each SIM card’s status can also be managed from the Soracom management interface. Typically a SIM is set to the ‘ACTIVE’ state. In this configuration, the device can come online and make connections over the cell network and exchange data. A SIM card can also be set to deny connections blocking access to the cell network. Setting SIM status to Standby during periods of extended downtime is a perfect way to secure a device like a payment terminal when it is not expected to be used.
The Soracom Event Handler is another feature that can be used during normal operation to automate the configuration of an IoT SIM card’s status based on other aspects. For example, if a SIM card exceeds an admin-defined data usage threshold, the Event Handler can automatically take the SIM card off-line by changing its status and generating an alert.
At Soracom, we want to open the door to innovators, reducing friction and accelerating the adoption of IoT. The features that we offer in addition to worldwide IoT connectivity address many of the challenges faced by early adopters. Our Cloud Services provide capabilities to address security, scalability, data transformation, and Cloud integration. We allow innovators to focus on delivering business value.
Definitions and Resources:
• International Mobile Equipment Identity (IMEI)
• Subscriber Identity Module (SIM Card)
• Soracom Event Handler & Advanced Configuration
• Soracom User Console
