Embedded Mobile (M2M): Fraud and security management

rui paiva

The GSMA tells us to expect 500 million new connected devices in three years as the machine-to-machine (M2M) market booms. The growth in fraud could be equally rapid unless all the loopholes are closed.

There are boundless fraud risks associated with Embedded Mobile devices and their relevant applications, processes and different business models.

Communication service providers are finding that traditional security and fraud countermeasures are not practical, because there are too many new devices and configurations used in M2M.

What will be offered and who owns the risk?

In recent years, the telecoms industry has aligned with the financial services sector through to m-banking and m-commerce. Now with M2M extending the range of new markets and business partners to vehicle manufacturers, insurance providers, utility and medical businesses and vending machine suppliers, the opportunity for fraud is widening.

Types of fraud and security attacks

The CSP will need to evaluate the level of risk by initially defining some basic areas to be subjected to a risk assessment. These include the radio interface (communication path), provisioning, authentication (device & customer), actual product security, attended/unattended devices, operational control, device management, privacy and confidentiality of information.

For the core network protection, the security threat could take the form of impersonation of devices, traffic tunneling between impersonated devices, and firewall misconfiguration specific to the modem, router or gateway or attacks against the radio network being committed by rogue devices.

On a more basic level, unattended embedded mobile devices will often have their Universal Integrated Circuit Card (UICC) stolen. In South Africa recently, fraudsters stole more than 400 SIMs and made calls costing thousands of dollars in a systematic and co-ordinated attack.

Application designers must even consider the threat from Denial of Services attacks. A distributed DoS attack on the emergency services, during a major incident, is a high impact attack that would damage any CSP.

EM devices and applications collect masses of information that could be “confidential and private”. Any wrongful disclosure will both blight the CSP’s brand image and result in legal action.

Meanwhile, the boom in M2M will attract new device makers and app developers to the telecoms industry who may not appreciate procedures or understand the risks – as happened with the new round of mobile providers.

Considerations for a successful risk management strategy

Having considered potential risks, the CSP should consider how to defend itself. Adapting existing Fraud Management Systems (FMS) is an option when there are expected usage profiles.

However, defences need to extend beyond the traditional methods, by factoring in the way the devices and services are provisioned and offered. For example, a CSP needs to detect tampering or physical removal of a device. Location updates will ensure integrity of the device. Which means that if the device is programmed to call in every X hours or the cell ID changes, movement of a fixed device can be indicated.

Summary

of processes. Staff must be educated in new M2M fraud trends, and new products and services assessed for fraud and security weaknesses. In support of this, state of the art technology should be used to quickly raise alerts for suspect activity.

RECENT ARTICLES

Get a US$50 Amazon voucher for sharing your IoT brand knowledge

Posted on: March 28, 2024

We want to know what you know about the IoT space. Just 3 minutes could earn you a US$50 Amazon digital gift card!

Read more

Enhance EV charging performance with cellular connectivity

Posted on: March 28, 2024

Electric vehicles (EVs) are steadily growing their market share at the expense of internal combustion engine vehicles. The growth is fuelled by several factors. Perhaps most importantly, prices for EVs have started to drop as competition in the industry is intensifying. New players and models are emerging, prompting several established EV makers to lower their

Read more
FEATURED IoT STORIES

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more