Wednesday, October 24, 2018

Fighting counterfeits: An open source system for identifying and blocking irregular devices in the networks

Counterfeit and stolen mobile devices are a serious problem in many countries, in particular in South Asia, Latin America and Africa. Consumers are in danger of having their financial and personal data stolen, countries and their economies miss out on millions of dollars in lost revenue, and the national telecom networks suffer from those devices disrupting the quality of service. Another major impact of this shadow economy is the safety and security in these countries. 

Several governments have recognized the problem and are willing to tackle it. They are looking to industry to propose systems that will allow them to identify irregular and/or fraudulent devices and block them from accessing the national telecom networks. One such system is Device Identification, Registration and Blocking System (DIRBS), developed by Qualcomm Technologies Inc (QTI) and recently contributed to the open-source software community.

DIRBS is being implemented or considered for implementation in a number of countries. For example, in Pakistan, the Pakistan Telecommunication Authority (PTA) is launching DIRBS to ensure that stolen and lost phones, as well as phones with duplicate or non-standard identifiers (IMEIs) are blocked in the country, and to protect mobile phone users’ data across the country.

QTI contributed the DIRBS platform to the open-source software community in September 2018, and we have asked Mohammad Raheel Kamal, Senior Director at Qualcomm Incorporated, for more details.


What was your initial motivation in developing DIRBS? 

The multi-billion-dollar stolen and counterfeit phone business has widespread repercussions for consumers, governments, genuine manufacturers and the technology industry alike. According to a European Union Intellectual Property Office study published in February 2017 on the economic cost of IPR infringement in the smartphones sector, 184 million counterfeit mobile phones were sold globally in 2015 alone. What’s more, the estimated amount of sales lost due to these devices reaches a whopping 45.3B Euros. Despite the prevalence of this issue, governments have struggled to find effective solutions.

Illegal and counterfeit devices bring a multitude of issues, from environmental, health and safety, to unfair competition, tax and royalty evasion, and network quality issues. Consumers buying counterfeit products risk exposure to hazardous components as well as malware designed to steal personal information. Governments lose revenue from lost duties and sales tax and the ability to enforce protection laws relating to cybersecurity and intellectual property. Genuine OEMs lose revenue in competition with the less expensive counterfeit products, and the mobile network capacity is negatively impacted by such devices. In addition, these counterfeit devices do not offer advanced features and technologies that companies, such as Qualcomm, develop and bring to the market which benefit the entire ecosystem.

Qualcomm is focused on enabling our customers and the wider ecosystem, and one of the key ways we do this is through our Engineering Services Group – a team dedicated to helping the ecosystem deploy and optimize mobile technology. They developed a software platform that leverages each device’s unique identifier to combat the issues of counterfeit and stolen phones. The platform — called the Device Identification, Registration, and Blocking System (DIRBS) — baselines existing devices currently active in a country and checks newly activated devices. Specifically, it ensures they aren’t stolen, have been properly imported, have passed required certifications, and have properly allocated globally unique identifiers. Regulators can then take action to mitigate the devices that do not meet these standards from being registered with cellular networks.


What does DIRBS look like once deployed? How does it work? 

Every mobile device has a unique number, called an International Mobile Equipment Identity (IMEI) identification, allocated by the GSMA. Each IMEI corresponds to a given manufacturer and make and model. The DIRBS platform is used to create a country-specific database that interfaces at different levels of detail with operators, local manufacturers, importers, consumers, customs, law enforcement and the global GSMA IMEI database. The DIRBS analysis engine identifies fraudulent devices with an unauthorized IMEI and generates lists of these devices, which can be provided to operators so appropriate action can be taken per the country-specific regulations.

Given the importance of mobile phones today, the proliferation of counterfeit and substandard devices is a significant societal issue. We believe that IMEI network blocking is the most effective way to address the problem and discourage the import, sale and purchase of these devices.


How many countries are using DIRBS so far and what would you consider as the showcase implementation of the system? 

The DIRBS platform was first launched in Pakistan by the PTA. We would consider their DIRBS roll-out an excellent example of how implementation of DIRBS requires ecosystem coordination for a successful launch. Since Pakistan’s launch of DIRBS, the country’s stolen device issue has significantly decreased given the system’s ability to enable the blocking of all reported stolen devices from network access, which greatly reduces the incentive for mobile phone theft. The Device Registration Subsystem portion of DIRBS in Pakistan has addressed counterfeit device availability by identifying these devices prior to import and denying them entry.

In addition to Pakistan, we have been working with the government of Indonesia to deploy the DIRBS platform in that country, and we are discussing potential implementation of DIRBS in several other countries as well.

In Colombia, Qualcomm has been helping its government analyze device data since 2016, resulting in a decrease in the number of fraudulent phones with invalid IMEIs.


Why did you consider making DIRBS open-source? How will that change its real-life application?  

As mentioned before, governments have struggled to solve the counterfeit mobile device ecosystem issue for quite some time. This month [September 2018], we took steps to make deploying the DIRBS solution even easier by making DIRBS software and related documentation available under free open-source licenses. By doing so, we can ensure telecom regulators around the world have a comprehensive technical solution to assist in their efforts to combat the fraudulent device ecosystem. The DIRBS platform and updates made available by Qualcomm will be hosted on the open-source software website Github.

Making our DIRBS solution open-source will allow the mobile industry to rapidly adopt and deploy this powerful technology tool.


What are the conditions for successfully implementing DIRBS and getting a grip on counterfeit and irregular devices in the country? 

Implementing a platform such as DIRBS is just one step in addressing this broad issue. For DIRBS to be effective, it requires cooperation across the entire ecosystem.

A comprehensive enforcement policy, along with adequate legislation, is an essential first step. Operators must also cooperate by blocking blacklisted devices from the network. Consumers must check and confirm IMEI numbers at the point of sale before purchase.

Consumer education is also a significant factor in preventing the purchase of counterfeit devices. If consumers understand why registering their phones is important, and they know how to identify the IMEI number of their phone (typing *#06#) and how to check if it’s valid, they will be less likely to purchase a knock-off device.

While there is no magic bullet for resolving the counterfeit issue, the DIRBS platform and collaboration with key industry stakeholders is having a positive effect. Not only does the solution help the industry protecting the IP and removing fraudulent devices from the network, it has tangible benefits for governments, consumers and the mobile industry.

With DIRBS, Qualcomm is providing governments, consumers, operators, and manufacturers with a comprehensive approach to curbing the illegal mobile phone market. With our open-source approach, countries and their telecommunications regulators now have an effective solution to combat the stolen and counterfeit device issue holistically.  This is just one of the initiatives Qualcomm is working on behind the scenes — often unseen and unknown — to help the overall mobile ecosystem.



More information on how DIRBS works can be found in PTA’s consultation paper: http://www.pta.gov.pk/media/dirbs_cons_paper_220616.pdf

Qualcomm provides more information on its DIRBS website:
www.qualcomm.com/dirbs


The DIRBS platform is hosted on the open-source software website Github, and may be freely downloaded and used by any interested parties.

Friday, September 14, 2018

Latin American Countries taking action against Counterfeit and Stolen mobile phones

Counterfeit mobile phones pose many threats. For consumers the risks include preloaded malware intended to get the users’ financial and personal information, the non-compliance with health and safety requirements, and poor performing devices that drop calls and have lower data speeds due to cheap and poor quality components. For governments, these devices avoid paying duties and taxes and cost governments billions in lost tax revenues. As a result of these concerns, several countries in Latin America have begun to take concerted action to block these devices from networks.


Colombia: 17 million irregular devices blocked to date

In 2013, Colombia introduced a system in which telecom operators had to validate, verify and control handsets operating in their networks based on their IMEI number (1) and upload the data to a centralized database under supervision of the Colombian regulatory authority CRC. An information campaign via national newspapers, radio and television, as well as  through their customer care centers was carried out to inform users about the need for registration of their mobile phones, as well as danger of their devices being blocked if not. Importers of mobile devices have to register the IMEIs of their products in the centralized database and only devices passing the IMEI cross check are then allowed in the network. 

The implementation was spread over several stages and with the system now fully implemented, Colombia has blocked more than 17.5 million devices since its inception, with more than 142 million devices now in the positive database. While not all of these 17.5 million devices were counterfeit devices, many undoubtedly were, particularly as many had invalid or duplicated IMEI’s. 


Brazil: 1 million irregular devices coming online per month 

Brazil has also adopted a formal system to avoid the activation of counterfeit, substandard and stolen handsets on the national networks. This system is called the SIGA Project and includes a digitalized central system for identifying and blocking irregular handsets based on IMEI identification. Irregular devices are those illegally sold in Brazil, including devices which have been smuggled, stolen, without agency homologation and/or without a valid IMEI number listed in the GSMA database. 

With the SIGA Project commencing operation for devices activated after 22 February 2018, 
irregular devices are now being blocked. According to Brazil’s regulatory authority Anatel, a warning text is being sent to the irregular devices before they are blocked. Older devices (activated before 22 February 2018) and data-only devices such as modems, which cannot receive the SMS warnings, are not included in the program. Despite this, telecom providers in Brazil estimate that up to 1 million irregular devices join the networks every month.


Argentina: 3 million irregular devices entering the country each year

A similar approach is planned in Argentina, where the government plans to block devices for which the IMEI has not been submitted to the national regulator Enacom. It is estimated that around 3 million irregular and counterfeit devices enter the country each year and that the Argentinian economy loses up to 1 billion US dollar to this issue. People who purchase a device abroad will have to declare the device to customs when returning to Argentina to be able to use it legally in the country. 


Conclusion

The examples of Colombia, Brazil and Argentina, all show that countries are committed to fighting the growing threats faced by counterfeit, stolen and smuggled devices. These devices cost the government billions in lost tax revenue, lessen the quality of service of their national telecommunication networks and expose consumers to the theft of personal and financial information and in many cases, to outright dangerous and inferior goods. 



———————————————

(1) IMEI is the individual identification number of mobile phones, registered in the international GSMA database

Resources:


For information on Brazil’s program see: 

And for information on Argentina’s program see: http://www.thebubble.com/stolen-phones-to-be-blocked-argentina/ 

Sunday, January 21, 2018

Fakes & Counterfeits - what do you get for your money?

Like many of the Christmases over the past years, mobile phones and accessories were among the most popular gifts. Unfortunately, many of these gifts were probably counterfeit.

The numbers are staggering…

According to a March 2017 report by the OECD, one in five mobile phones sold worldwide is counterfeit! These numbers are supported by a sector-specific analysis from the EU Intellectual Property Office (EUIPO) covering 90 countries, which found that in 2015, 184 million smartphones were sold.

While African countries and emerging markets have long been the primary market for fake devices, the proliferation of e-commerce has also increased the sales of counterfeits and fakes worldwide, making it a truly global issue.

But what is a counterfeit device and what does it mean for the consumer?

Counterfeit mobile phones very often look and feel at first glance like the genuine device. Their outer shell and screen, the logos, the packaging and the included accessories are made to look like the real thing.

However, fake and counterfeit devices pose real dangers for the user, since by their nature they circumvent official checks and controls and rarely follow international standards for safety and security.

Most common drawbacks coming with counterfeits are: 
  • they can contain hazardous substances in the hardware
  •  they often come preloaded with malware and/or fake apps aiming to steel personal and banking information
  •  they usually have poor performance with many call drop outs
  • counterfeit accessories, especially chargers, are often a fire hazard
  •  consumers have no warranty on these devices
  •  in several countries, counterfeit devices get blocked from the mobile network

How to know if your device is counterfeit?

Together with Afilias, the Mobile & Wireless Forum (MWF) is testing a new device validation project. If you visit the www.spotafakephone.com website via your mobile phone, this embedded service can interrogate the device’s characteristics and compare these to those expected to be seen on a legitimate device. The user is then informed about what the device is saying about itself versus what kind of technical specifications would be found in the phone model it claims to be.

In case, you have doubts or realise that your device might be fake, you find some tips on how to report it here: http://spotafakephone.com/report-a-fake.cfm 



References and more information:

Tips on how to spot a fake phone: http://spotafakephone.com/how-to-tell.cfm






EUIPO sector-specific analysis: The economic cost of IPR infringement in the smartphones sector: https://euipo.europa.eu/ohimportal/en/web/observatory/ipr-infringement-smartphone-sector