The danger of counterfeit devices on public WiFi networks


Public Wifi is a relatively recent addition to consumer connection options. Usually found in airports, coffee shops and anywhere else people congregate, they provide a vital link to the internet for users on the move.

As always, convenience requires some sacrifices, and where public WiFi networks are concerned, the risks you take when connecting to these hotspots can remain unseen to the vast majority of people.

Should a counterfeit smartphone connect to the network, the risks extend beyond that device. This is why operators of public networks need to be aware of the threats.

The threat of counterfeit devices

Three parallel trends are now increasing the threat of counterfeit devices:

  • They are getting much better – a modern counterfeit phone is almost indistinguishable from its authentic counterpart. Most users cannot tell the difference until it’s too late.
  • They are becoming easier to get – they are just a click away from your favourite online e-commerce platform, delivered in just a few days by a trusted delivery company.
  • They are becoming more dangerous – malware is now part of the business model of counterfeit device manufacturers.

Threats to operators of public WiFi

If you are the operator of a public WiFi network this is now an issue that needs attention. Malware is part of the business model of counterfeit mobile devices—they come pre-provisioned with an array of malware spanning the full range of functionality from invasive adware all the way to ransomware, keyloggers and DDOS hosts.

Furthermore, counterfeit devices run far older versions of operating systems that are significantly more vulnerable to exploits.

Counterfeit devices endanger everything they touch. Allowing a counterfeit device to connect to a public WiFi network endangers both the network operator and all of the currently connected members of the public.

Customers in a cafe or guests in a hotel may fall victim to ransomware from a counterfeit on the same network. Counterfeit phones reach out to command and control servers to obtain the latest malware and instructions. Many varieties of malware specifically seek out new hosts to infect within the same network. This risk has been described previously by Symantec and Kaspersky Labs but the impact is significantly worsened by the prevalence of counterfeit phones, often in use unwittingly by members of the public.

This problem is not going to go away on its own; on the contrary, all indications are that the problem is growing in size and severity. Non-authentic devices are in our future, the only question is how networks chose to respond to them.

What can be done?

Ensuring the authenticity of devices that connect to a network is a very good first step for controlling the security of that network – if a device really is what it is claiming to be the chances of pre-installed malware are much reduced.

Operators of public WiFi networks have a duty to both themselves and members of the public to protect against the dangers of non-authentic devices.

DeviceAssure equips network operators with the information to make smart decisions about the provenance of devices.

Don’t blindly trust mobile devices—verify them.

CTO Ronan Cremin discussed the threats that lurk within counterfeit smartphones at Black Hat USA:

Main image source – Pixabay

Share on: