Can a GSM network operator access device firmware version?

336 views Asked by At

Can a GSM network operator access the device firmware version?

As far as I know they can read IMSI and IMEI or the extended IMEI namely IMEI-SV which encodes some sort of version numbering (but is not used by all manufacturers.

Can a telecommunication provider by any other means derive the firmware version of the modem or somehow query the devices?

Could AT commandas be used? Can they be executed at scale to query a whole network with millions of devices (if this would give the firmware version number)

2

There are 2 answers

2
Mick On BEST ANSWER

Firstly, it's worth saying that most of the discussion below is related to mobile networks in general, rather than just a 'GSM' network.

Most operators have networks that share and mix technology from '2G', '3G' '4G etc networks and even these terms are not strict definitions (see for some more background on the different generation networks and common naming: https://stackoverflow.com/a/25592213/334402 )

3GPP, the standards body behind most mobile networks, has discussed device management and there exist at least some drafts which cover details like firmware and OS version etc - for example:

The Open Mobile Alliance has also developed a specification for device management and this likely has more traction. You can see that the firmware version is included in the data covered in their specifications:

The term firmware is also a little ambiguous - if what you want is a feel for the OS version of mobile phone and iPads etc connection to the network, you may be able to work at a higher level and look at the headers in HTTP requests from the devices, specifically at the User Agent string. For example, a query from a browser on an iPhone might include:

Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1

(see more examples here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent)

For Modems in particular, it is also worth mentioning the TR-069 specification for managing CPE (Customer Premise Equipment). This spec is from the broadband world and driven by ISP and Broadband operators need to manage wireless (and wired) modems in their customers homes and premises. It is also built into some GSM modems so worth being aware of also - spec is here:

Note, links above are correct at time of writing - if broken just search for the spec numbers.

0
Roberto Caboni On

I'm not aware of any protocol level standard forcing a cellular device (not only a GSM one) to notify its FW version. In fact it has not any role in network registration like, for example, IMEI and IMSI (that are used to guarantee subscriber's and device's identities).

Anyway several operators control FW (and SW) versions of the devices through protocols defined by OMA Alliance:


  1. OMA-DM protocol, which allows the network operator to retrieve (and set!) several settings: not only FW versions (used in order to deploy FW updates) but also SMS mode settings or APN and so on.

    For example in specification document OMA-TS-DM_StdObj-V1_2-20070209-A is described DevDetail management object:

     DevDetail _____ [...]
                 |__ DevType
                 |__ OEM
                 |__ FwV
                 |__ Swv
                 |__ Hwv
                 |__ [...]
    

    Each information is got/set/executed by providing a CMD URI command such as

     GET /DevDetail/FwV
    

  1. LwM2M protocol (Light Weight Machine To Machine), a more recent standard suitable for low throughput networks (for exemple LTE CAT-M, specific for IoT devices).

    In this light protocol, data is exchanged through CoAP over UDP (or its secure dual CoAPs, based on DTLS). Each information is reachable with an URI made up by (up to) four UINT16:

    <Obj ID>[/<Obj Instance>[/<Resource ID>[/<ResourceInstance>]]]
    

    For example in specification document LwM2M Specification 1.1 is described Device Object (Obj ID 3):

    /3/0/3  : FW version
    /3/0/18 : HW version
    /3/0/19 : SW version