Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fake Devices - Countering a Hidden and Growing Threat


Published on

With an estimated annual cost of €45.3 billion in revenues, counterfeit and non-standard devices pose a real threat to business, consumers, and regulators. Risks to brand reputation, network quality of service, data security, and health and safety have yet to be quantified. Find out how this growing threat can be measured and managed.

Published in: Mobile
  • Be the first to comment

  • Be the first to like this

Fake Devices - Countering a Hidden and Growing Threat

  1. 1. Fake devices Countering a hidden & growing threat
  2. 2. Introduction to Afilias •  Afilias is an internet infrastructure company •  Expertise in scalability, availability, security •  Long-established device intelligence product in the Afilias portfolio •  Repository of connected devices and their capabilities •  Hundreds of top tier customers •  Trillions of requests per month •  DeviceAssure is a new solution for verification of device authenticity
  3. 3. Problem overview
  4. 4. By the numbers •  EU IPO report, 2017 •  €45.3 billion lost worldwide in 2015 •  13% of all legitimate sales •  In the EU, €4.2 billion lost in 2015 •  8% of all legitimate sales
  5. 5. In the headlines
  6. 6. Widely Available Pricing •  Typically priced 10x less than genuine device •  Counterfeits always sold unlocked / SIM- free Channels •  Direct sales from online stores •  Local classified ad services •  Marketplaces on large retail platforms
  7. 7. Impacts
  8. 8. Impacts Subscribers 1.  Defrauded (if unwitting purchase) 2.  Safety hazard exposure 3.  Privacy risks 4.  Elevated exposure to further fraud MNOs 1.  Duplicate IMEIs 2.  Reduced network data integrity 3.  Reduced cell capacity 4.  Increased power consumption Device OEMs/brands 1.  Revenue loss - displaced sales 2.  Reputational damage
  9. 9. Impacts (contd.) Enterprises & corporations 1.  Elevated exposure to cybersecurity risks 2.  Potentially direct revenue loss Environment 1.  Hazardous substances 2.  Elevated power consumption Government 1.  Citizens exposed to fraud 2.  Excise revenue losses 3.  Breach of trade agreements
  10. 10. Characteristics of Counterfeit Devices
  11. 11. Near-perfect physical replicas •  Dimensions are millimetre-perfect •  Fit & finish are excellent •  Screens are (superficially) excellent •  Packaging indistinguishable from genuine item •  Accessories all present and functional
  12. 12. Cost savings made internally cheaper cameras lower capacity battery absent NFC coils underpowered SoC poor antenna design previous generation WiFi previous generation connectivity lower spec screen fake fingerprint sensor
  13. 13. Hidden extras in software •  Heavily customised Android distributions skinned to look correct for device •  Old Android versions masquerading as more recent releases •  Key device characteristics deliberately misreported •  Pre-installed malware is routine •  Popular apps sometimes pre-installed, provenance questionable •  Alternative app stores are sometimes preconfigured… with no user logins required
  14. 14. Unboxing
  15. 15. Security concerns
  16. 16. Malware Malware appears to be part of business model of counterfeiters •  Many devices have pre-provisioned malware •  Paid placement business model likely •  Malware experienced: •  Invasive adware, ADUPS, LovelyFont •  Keyloggers •  DoS/DDoS hosts •  Ransomware
  17. 17. Alternative app stores, pre-installed apps •  Counterfeit iPhones provisioned with well- stocked alternative app store •  Many counterfeit devices have popular apps pre-installed •  Unknown provenance •  Unusual permissions required
  18. 18. App publishers •  Counterfeit devices are a hostile platform •  App makers can’t assume the environment is safe •  Your user is vulnerable: keyloggers •  Your backend systems are vulnerable: intercepted requests •  Your app ratings are threatened—counterfeit phones are typically ~10x slower
  19. 19. User security •  Insecure fingerprint readers (accept any touch) •  Fake FaceID security—can be fooled with a photo •  Old Android version •  Unknown Android OS patch status •  No security updates •  Poor quality chargers and batteries
  20. 20. Solution overview
  21. 21. Smartphone layers •  Smartphones can be thought of as 3 distinct layers •  Hardware — CPU, GPU, screen, camera •  Operating system — iOS, Android •  Apps — web browser etc.
  22. 22. Identity claims •  There are claims of identity at each layer •  Apps: browser ID •  Operating system: manufacturer & model •  Hardware: TAC, MAC etc.
  23. 23. Deep hardware inspection •  Modern phones have thousands of properties & behaviours that can be probed •  Deep hardware inspection is quick & doesn’t manifest to user
  24. 24. Known-good reference profiles •  Reference data gathered globally and updated daily •  Precise details for every device type •  DeviceAssure checks that the measured properties are consistent with the claims
  25. 25. DeviceAssure components •  Native app or web library •  Properties fetched & sent to server for analysis •  Authenticity determination returned to library or other destination •  Can be surfaced to user …or not app / website device details result result back end service Device
 Assure 🏢
  26. 26. Results taxonomy
  27. 27. Device classifications - high level AUTHENTIC The device capabilities are consistent with the device identity claims. The device has different identities but has at least one valid profile, and/or has an invalid TAC. “Designed to deceive”, infringes trademarks. The device capabilities do not match the device claims. NON-STANDARD COUNTERFEIT
  28. 28. Additional classifications Emulators •  Typical hardware profile is a server Rooted devices •  Identification of rooted device •  Separate flag to supplement device classification Bots •  Non-human traffic, specific to web library Proxies •  Proxy masks actual device profile (specific to web library)
  29. 29. Use Cases
  30. 30. Example Use Case Consumer Banking Protection Scenario End user installs retail banking app on their smartphone. PROCESS Validate device authenticity before capturing user details. GOAL Protect consumer and bank from compromised account credentials. ISSUE Account is compromised when the device is counterfeit. OUTCOME If the device is compromised, the app can exit gracefully.
  31. 31. Example Use Case Enterprise security assurance Scenario Employee uses home device in BYOD environment PROCESS Extend scope of MDM/EMM to include authenticity check. GOAL Protect enterprise from malware injection by rogue device. ISSUE Existing EMM solution does not check device authenticity. OUTCOME Improvement to security posture.
  32. 32. Example Use Case Warranty cost control Scenario End user experiencing dropped calls contacts operator helpline PROCESS Helpdesk directs caller to web page to test device. GOAL Identify at the outset whether the root cause is device authenticity. ISSUE The end user is using a non- standard device. OUTCOME Quicker root causing = faster call resolution = cost reduction.
  33. 33. Example Use Case Duplicate IMEI resolution Causes of duplicate IMEIs • Laundered stolen devices • Non-standard devices copying TACs • IMEI modifications to unlock network features Managing duplicate IMEIs • Capture IMSIs where TAC and hardware don’t match* • Measure scale and define policy • Handle subscriber according to policy
  34. 34. Summing up
  35. 35. Non-authentic devices are here •  Counterfeit devices are becoming easier to purchase and harder to spot •  The devices are now perfectly usable •  Like it or not, they are already here, hidden in plain sight •  Three parallel trends increasing the threat: •  Improved counterfeits •  Improved distribution •  More sophisticated malware •  Counterfeits are here, the question is how you will respond to it
  36. 36. Contact us at