Non-authentic devices and enterprise security – a ticking time bomb


Counterfeit devices are an enterprise cybersecurity threat.

Three parallel trends are now increasing the threats counterfeit devices pose to enterprise networks:

  • They are getting much better – a modern counterfeit phone is almost indistinguishable from its authentic counterpart. Most users cannot tell the difference until it’s too late.
  • They are becoming easier to get – they are just a click away from your favourite online e-commerce platform or local classified ads site, delivered in just a few days by a trusted delivery company.
  • They are becoming more dangerous – malware is now part of the business model of counterfeit device manufacturers.

An investigation by Trail of Bits into two counterfeit smartphones revealed just how dangerous such devices can be. Malware, rootkits, unpatched vulnerabilities and insecure bloatware were among the nastier elements that come bundled with these devices, all of which pose a serious threat to an unsuspecting enterprise.

Many enterprises use Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solutions to manage their fleets of mobile devices, while some employ a Managed Security Service Provider (MMSP).

But these solutions can give a false sense of security since they’re blind to the threat of counterfeit devices.

Simply trusting that a device is exactly what it says it is, is a naive stance in 2019.

Secondly, any enterprise with a BYOD policy is very much at risk from devices connected to WiFi networks. Getting their hands on a flagship smartphone for 10% of the real cost may be attractive for an employee, but for the enterprise, it’s a wooden horse outside the gates of Troy.

What can be done?

Ensuring the authenticity of devices connecting to an enterprise network is a good first step for controlling cybersecurity risks.

if a device really is what it is claiming to be, the chances of security issues and data leaks are much reduced.

Enterprises have a duty to themselves to protect against the dangers of non-authentic devices. DeviceAssure can equip enterprises with the information to make smart decisions about the provenance of devices.

Don’t blindly trust mobile devices – verify them.

DeviceAssure’s Ronan Cremin discussed the threats counterfeit smartphones pose at Black Hat USA:

Main image source – Flickr

Share on: