Counterfeit smartphones and the threats they pose

Copying successful or valuable items has been an issue since creating items became a thing.

It's no surprise that smartphones are now a huge area of interest for counterfeiting operations. With over 2.5 bilion smartphone users across the globe, there's huge money to be made. And, as we're all connected, the dangers are more pronounced than ever.

The OECD reckon that in 2017, 20% of all mobile phones shipped internationally were fake. In 2012, a UAE telecoms operator banned over 18,000 devices from their network, citing fire hazards and leaking batteries. In Uganda, 9 million phones were disabled in 2018, and it's estimated that 40% of all active phones in the country were fake prior to this action.

Worldwide, it's estimated that counterfeits account for a loss of €45.3 Billion in revenue, with 184 million fake smartphones sold each year.

How can you spot a fake device?

So now you know they exist in the real world, how do you go about spotting a fake device?

Mobile benchmarking site AnTuTu released some stats on the counterfeit scene in 2017, and discovered the most copied phone for that year was the Samsung Galaxy S7 Edge, with over 36% of all counterfeit smartphones being Samsung copies.

In July 2018, Motherboard (the tech-focused wing of Vice.com) got their hands on a fake iPhone X, sourced from Shenzhen, China. For a tempting $100, the device certainly looked like the authentic version, but for 10% of the cost.

What are the risks?

The EU Intellectual Property Office states:

"When equipment is not fully trustworthy, the quality of service of communication can be affected, personal information may be misused or irrecoverable, and health and security harmed."

As there's no way to know what's really going on inside the device, nor where the components were made, there's a constant threat of data loss/theft, malware, your home network being compromised by clever miscreants, and even some serious "real world" risks such as battery leakage, and worse. Even legitimate batteries from the main manufacturers (hello, Samsung) have had issues in recent years, so trusting cheaper components could be a serious error.

For companies, all these threats exist, but with the added bonus of a potential network intrusion via a single dodgy device. The implications of such an event are obvious.

The most prevalent concerns around fake devices for businesses are:

• Malware: Dodgy devices, once activated, can download malware that propagates throughout the network it connects to (and infect other devices on the network)
• Ransomware: Ransomware can originate from a single device, and contaminate other connected devices
• Keylogging: Some devices log keystrokes to capture user names, passwords and any sensitive information that could be useful to a malicious criminal
• Data Theft: The device can “phones home”, and deliver stolen personal or business data to organized crime, or even state actors, in a manner hidden from the user.

How can you defend against fake devices?

In a recent study on the state of BYOD (Bring Your Own Device) policies, Resco discovered that 60% of companies polled had a BYOD policy in place, and of those, 36% said that over half their staff used their personal smartphone for work activities.

It's also claimed that companies save an average of $350/year for each person that uses their own device. 42% of employees say their productivity and efficiency has risen as a result.

So, the benefits are clear, but the dangers increasing as more and more poeple use their own, unvetted devices in the work environment.

To help protect against the dangers of fake devices, we announced the launch of DeviceAssure at MWC Barcelona.

DeviceAssure protects brands, networks, and consumers from the threat posed by counterfeit devices. It allows you and your business to address security threats and consumer protection issues from non-standard and counterfeit devices with a seamless check of a device's validity.

To learn more, see DeviceAssure product page.