Why your MDM solution isn’t enough to protect against the risks counterfeits pose

In January, PCMag ran analysis of the Best Mobile Device Management Solutions of 2019. It begins with a statement that’s never been truer:
Managing mobile devices across clouds and business operations is more critical to enterprise success than ever before.

Selling mobile device management – also known as Enterprise Mobility Management – naturally encourages a vendor to tout their solutions’ ability to protect networks from a wide range of threats. It acts as a monitor of all corporate devices in use, allowing a company to keep track of where their phones are, what they’re being used for, and in case of loss or theft, the remote wiping or locking of a device.

What many fail to address, however, is the ability of counterfeit smartphones to appear as genuine. With workplaces increasingly introducing “bring your own device” policies, it’s a thankless task to inspect every device manually, which leaves the task up to your MDM/EMM solution.

For a business, the impact can be very serious. As malware advances and evolves, it’s harder to spot a threat once it’s inside the network. Once there, malware can lay dormant, silently waiting for a command or a set time period to elapse before downloading further packages. There’s also the risk of the device itself becoming compromised and open to external monitoring, meaning private and sensitive business conversations and details can be leaked outside the organisation.

We looked at some of the most popular solutions and checked if they could identify a fake phone we submitted for inspection.
They did not.

From the PCMag article: Key pieces for testing come from this short list:

  • User and device self-registration
  • Verify that policies, settings, updates can be pushed out
  • Understand how the product deals with locating lost devices
  • How the product handles data security

We’re concerned with the last point above. If a counterfeit device manages to register on a corporate network, the unwitting network administrator will have no idea what the device may attempt to do, and neither will the MDM solution. The Trojan Horse is in the building.

We registered for a trial with a well-known MDM solution provider. Our fake Samsung Galaxy S10 didn’t raise any flags during the registration process. Besides device encryption not being enabled, it’s green ticks all the way:


What we saw:

The device received a clean bill of health. While we can’t say for certain that the device contains malicious code (as we saw in our fake iPhone), we’ve certainly seen invasive adware in play, with regular pop-ups for various things including fake Facebook notifications (a favourite of spammers and scammers taking advantage of humans’ fear of missing out).

The check returned Android 7.0 as the Operating System, whereas manual inspection confirmed to us that it’s Android 4.4 running on the device.

Curiously, “Samsung Device Attestation Failed” didn’t raise any flags, despite the phone announcing itself as a Galaxy S10. Surely such a discrepancy should at least result in a red flag?

We enrolled the same fake Samsung Galaxy S10 with two other popular MDM platforms, with no signs of a warning from either.



It appears most mobile device management solutions assume a device is genuine, and take it from there, monitoring activity and location etc. However, the act of allowing a counterfeit device onto the network in the first place raises plenty of risks and concerns.

As we discussed in our MWC19 product launch, the risks for device owners range from low-level annoyances (poor performance, adware, short life-span) to more serious concerns such as health threats from sub-standard components, exploding/leaking batteries etc.

Prevention is better than the cure – these concerns can be mitigated by authenticating the validity of a device before allowing it to connect to the network.

Learn more about DeviceAssure’s real-time device verification solution here, or download our whitepaper – Countering a Hidden and Growing Threat, which goes into more detail on the threats contained within counterfeits.

Share on: