With an estimated annual cost of €45.3 billion in revenues, counterfeit and non-standard devices pose a real threat to business, consumers, and regulators. Risks to brand reputation, network quality of service, data security, and health and safety have yet to be quantified. Find out how this growing threat can be measured and managed.
2. Introduction to Afilias
• Afilias is an internet infrastructure company
• Expertise in scalability, availability, security
• Long-established device intelligence product in the Afilias portfolio
• Repository of connected devices and their capabilities
• Hundreds of top tier customers
• Trillions of requests per month
• DeviceAssure is a new solution for verification of device authenticity
4. By the numbers
• EU IPO report, 2017
• €45.3 billion lost worldwide in 2015
• 13% of all legitimate sales
• In the EU, €4.2 billion lost in 2015
• 8% of all legitimate sales
6. Widely Available
Pricing
• Typically priced 10x less than genuine
device
• Counterfeits always sold unlocked / SIM-
free
Channels
• Direct sales from online stores
• Local classified ad services
• Marketplaces on large retail platforms
11. Near-perfect physical replicas
• Dimensions are millimetre-perfect
• Fit & finish are excellent
• Screens are (superficially) excellent
• Packaging indistinguishable from genuine item
• Accessories all present and functional
13. Hidden extras in software
• Heavily customised Android distributions skinned to look
correct for device
• Old Android versions masquerading as more recent
releases
• Key device characteristics deliberately misreported
• Pre-installed malware is routine
• Popular apps sometimes pre-installed, provenance
questionable
• Alternative app stores are sometimes preconfigured…
with no user logins required
16. Malware
Malware appears to be part of business model
of counterfeiters
• Many devices have pre-provisioned malware
• Paid placement business model likely
• Malware experienced:
• Invasive adware, ADUPS, LovelyFont
• Keyloggers
• DoS/DDoS hosts
• Ransomware
17. Alternative app stores, pre-installed apps
• Counterfeit iPhones provisioned with well-
stocked alternative app store
• Many counterfeit devices have popular apps
pre-installed
• Unknown provenance
• Unusual permissions required
18. App publishers
• Counterfeit devices are a hostile platform
• App makers can’t assume the environment is safe
• Your user is vulnerable: keyloggers
• Your backend systems are vulnerable: intercepted
requests
• Your app ratings are threatened—counterfeit
phones are typically ~10x slower
19. User security
• Insecure fingerprint readers (accept any touch)
• Fake FaceID security—can be fooled with a photo
• Old Android version
• Unknown Android OS patch status
• No security updates
• Poor quality chargers and batteries
21. Smartphone layers
• Smartphones can be thought of as 3
distinct layers
• Hardware — CPU, GPU, screen, camera
• Operating system — iOS, Android
• Apps — web browser etc.
22. Identity claims
• There are claims of identity at each layer
• Apps: browser ID
• Operating system: manufacturer & model
• Hardware: TAC, MAC etc.
23. Deep hardware inspection
• Modern phones have thousands of
properties & behaviours that can be
probed
• Deep hardware inspection is quick &
doesn’t manifest to user
24. Known-good reference profiles
• Reference data gathered globally and
updated daily
• Precise details for every device type
• DeviceAssure checks that the measured
properties are consistent with the claims
25. DeviceAssure components
• Native app or web library
• Properties fetched & sent to server for
analysis
• Authenticity determination returned to
library or other destination
• Can be surfaced to user …or not
app /
website
device details
result
result
back end service
Device
Assure
🏢
27. Device classifications - high level
AUTHENTIC
The device capabilities are consistent with the device identity claims.
The device has different identities but has at least one valid profile, and/or has an invalid
TAC.
“Designed to deceive”, infringes trademarks. The device capabilities do not match the
device claims.
NON-STANDARD
COUNTERFEIT
28. Additional classifications
Emulators
• Typical hardware profile is a
server
Rooted devices
• Identification of rooted device
• Separate flag to supplement
device classification
Bots
• Non-human traffic, specific
to web library
Proxies
• Proxy masks actual device
profile (specific to web
library)
30. Example Use Case
Consumer Banking Protection
Scenario
End user installs retail banking app on their smartphone.
PROCESS
Validate device
authenticity
before capturing
user details.
GOAL
Protect consumer
and bank from
compromised
account
credentials.
ISSUE
Account is
compromised
when the device
is counterfeit.
OUTCOME
If the device is
compromised,
the app can exit
gracefully.
31. Example Use Case
Enterprise security assurance
Scenario
Employee uses home device in BYOD environment
PROCESS
Extend scope of
MDM/EMM to
include
authenticity
check.
GOAL
Protect enterprise
from malware
injection by
rogue device.
ISSUE
Existing EMM
solution does not
check device
authenticity.
OUTCOME
Improvement to
security posture.
32. Example Use Case
Warranty cost control
Scenario
End user experiencing dropped calls contacts operator helpline
PROCESS
Helpdesk directs
caller to web
page to test
device.
GOAL
Identify at the
outset whether
the root cause is
device
authenticity.
ISSUE
The end user is
using a non-
standard device.
OUTCOME
Quicker root
causing = faster
call resolution =
cost reduction.
33. Example Use Case
Duplicate IMEI resolution
Causes of duplicate IMEIs
• Laundered stolen devices
• Non-standard devices copying TACs
• IMEI modifications to unlock network
features
Managing duplicate IMEIs
• Capture IMSIs where TAC and hardware
don’t match*
• Measure scale and define policy
• Handle subscriber according to policy
35. Non-authentic devices are here
• Counterfeit devices are becoming easier to purchase and harder to spot
• The devices are now perfectly usable
• Like it or not, they are already here, hidden in plain sight
• Three parallel trends increasing the threat:
• Improved counterfeits
• Improved distribution
• More sophisticated malware
• Counterfeits are here, the question is how you will respond to it