Fun fact: Lots of cellular modem/routers have the easy ability to change IMEI. Doing so is a fairly common practice in the rural internet community. i.e., those using cellular for their internet access either because cable / fiber or an official cellular option like T-Mobile home internet is unavailable or they're mobile in an RV.
These people are not trying to do anything particularly nefarious but they do it so that they can use a phone or tablet plan in a router. Unlimited or high GB plans for routers and hotspots are expensive and there are not many options.
There are lots of reasonably priced, easy to get unlimited phone and tablet plans but if you put a phone SIM in a router it might work for while until the carrier detects that you have the SIM in an unauthorized device. The "solution" to that is to activate on a spare phone and then change the router IMEI to match the phone. Don't use both devices at the same time. The carrier now thinks the router is a phone.
The legally of it is somewhat unclear so it's talked about quietly on various forums using words like "magic configuration", "giving your router an identity crisis" etc.
It's a bit of a cat and mouse game because IMEI is probably not the only way to identify an unauthorized device but so far it seems to be the main way.
I remember back in the 00's on AT&T getting an unlimited data plan addon for a dumb phone was like $15/mo or something while adding it for a smartphone was like $40 or more. They would enforce it by checking your IMEI and seeing if it was one of the smartphones they sold.
Buying an unlocked phone of a model AT&T didn't sell seemed to never trigger the "you're using a smartphone" check. Fun times with some cheap 3G back in the day.
In 2004, I was doing something similar on Tmobile. Flip phones internet was cheap. Could tether it via a cable to laptop and I also used an external antenna to improve signal. I would leave it up overnight downloading videos on p2p. I was in Army barracks at time and no one else had decent internet.
Passive TCP/IP fingerprinting might tell a lot about the device. You could probably easily tell apart an iPad and a router. But if IMEI checking catches 95% of plan cheaters, it's probably not worth implementing more checks (more checks = more cost and infrastructure to maintain, is it cheaper than the lost revenue?).
This said, I find it insane that there are such plans. The cost of a connection should be the same whatever the device behind is.
I think there's lots of ways they could tell if they really wanted to. One way is simply looking at the traffic. "Why are apps on your Android phone accessing Windows update servers?". I guess a VPN can solve that and the game continues.
Something interesting might happen next week. T-Mobile Home Internet is not supposed to be moved from the registered address but until now that has not been enforced. It's quite popular with RVers. They just announced a new "Away" plan for $160/mo that you are allowed to move compared to $60 for the normal home plan and, not surprisingly, it seems like they're about to start enforcing the geo-restriction on the home plan. This apparently uses GPS in the device. I hear that a lot of people are using the home internet SIMs in other devices with the IMEI set. This is because there are much better devices with external antenna ports etc. These might be in trouble if they don't respond to the GPS request.
That might have legal implications (wiretap laws, they would be basically intercept your communication). But perhaps TCP/IP fingerprinting too, not sure... On the other hand, with providers that were even injecting code in web pages when HTTPS was not ubiquitous... maybe they don't care too much.
I have one of these https://www.amazon.com/gp/product/B09NDDH6S8 which is easy to change. You still need some knowledge to run some AT commands on the modem. It's easy to find the instructions online and it can be done from the web based admin. Yes, they have AT commands like old dialup modems.
Anything from https://thewirelesshaven.com. I have an old one of their routers and the latest firmware literally has IMEI as a textbox in the admin.
These people are not trying to do anything particularly nefarious but they do it so that they can use a phone or tablet plan in a router. Unlimited or high GB plans for routers and hotspots are expensive and there are not many options.
There are lots of reasonably priced, easy to get unlimited phone and tablet plans but if you put a phone SIM in a router it might work for while until the carrier detects that you have the SIM in an unauthorized device. The "solution" to that is to activate on a spare phone and then change the router IMEI to match the phone. Don't use both devices at the same time. The carrier now thinks the router is a phone.
The legally of it is somewhat unclear so it's talked about quietly on various forums using words like "magic configuration", "giving your router an identity crisis" etc.
It's a bit of a cat and mouse game because IMEI is probably not the only way to identify an unauthorized device but so far it seems to be the main way.