Email a colleague    

July 2011

Is the M2M Device in Your Refrigerator a Telecom Fraud Threat?

Is the M2M Device in Your Refrigerator a Telecom Fraud Threat?

Machine-to-machine (M2M) technology is riding the wave of Smart Grid popularity.

M2M’s primary use is in the wireless transmission of telemetry data, capturing remote data, updating software, transmitting pictures, and has thousands of other uses.

The market is in its very early stages, yet plenty of pilots are underway in Smart Metering.  For instance, Vodafone in the U.K. is conducting an extensive trial on collecting data from utility meters on consumption, then analyzing rates to help consumers and power industry players optimize electricity use or save money.

Another promising use is in medical care.  A person wearing a pacemaker could have an M2M device transmit heart monitoring data back to her doctor.  Auto insurers are fascinated with the idea of monitoring car-driving habits remotely and adjusting a client’s auto insurance premiums accordingly.

But excitement aside, there are substantial security and control issues around M2M, and that greatly concerns Simon Collins, vice president at Praesidium, the risk and controls consulting arm of WeDo Technologies.  In fact, Simon has authored an insightful industry paper on this issue entitled, “Embedded Mobile (M2M) — Telecoms Fraud & Security Management.“ Here are edited excerpts from my interview with Simon.

Dan Baker: Simon, before we get into the control aspects of M2M, I’m curious, what’s driving the M2M market?  And if you plug a home device into a fixed network, does that qualify as M2M?

Simon Collins: Dan, I think a wireline connection would certainly qualify as M2M.  However, the real push behind M2M is coming from within the GSMA.  As mobile phone penetration is exceeding 100 percent in many markets, the GSMA members are looking for new growth opportunities, and M2M is one of them.  The other driver is that several industries are hoping that M2M will drive greater services revenue and enable a firm to differentiate its products in terms of better customer service.

From a telecom’s viewpoint, I’m not sure an M2M service can command much of a premium.  It’s not a personal device like a handset.  In some ways, it’s like the portable GPS we have in our cars.  You pay an upfront fee to buy the GPS receiver and the satellite connection is bundled in as a free service after that.

True, a one-time fee will certainly be one way to pay for M2M.  Where the amount of M2M data traffic matters, it will also be billed by data consumption.  I would agree that it’s hard to see many uses for premium pricing, such as a high QoS service.  Though medical-device monitoring and remote photos transmitted for physical security are a couple of examples where reliable connectivity should demand higher fees.

So where do we stand in terms of M2M controls?  What revenue assurance and fraud issues do telecoms need to be concerned about today?

Dan, the revenue assurance issues are the first ones that can and should be addressed.  Do you actually know which machines are included in a particular tariff or group plan?  That’s also a provisioning-assurance matter — you need to determine which devices belong to which billing group.

The other and far more troublesome problem is technical security.  While GSM and 3G services are fundamentally secure in their own right, the SIM/USIM device which M2M relies on is not secure in most cases.  There’s a famous, almost humorous, case in South Africa where people stole the SIM cards from traffic lights and plugged them in elsewhere to use the bandwidth for other purposes.

So the question is: How do you verify that the device is where it’s supposed to be?

SIM cloning has been relatively common in GSM.  And WeDo and others have fraud systems in place to detect that.  However, detecting GSM fraud is usually a matter of analyzing the behaviors of people — the phone numbers people called and the time of day.  When people talk to other people, you can collect biometric data, plus lots of other data can be used for analysis.  Do they send text messages?  Do they call home or work on a regular basis?  If they don‘t, it might be suspicious.

But much of that intelligence is not available in a machine-to-machine environment where the device is sending a standard message every 30 minutes or hour.

So, what’s needed to detect M2M fraud?

We need some form of certificate from the actual device that is unique.  Ideally this would be something hardcoded so that it cannot be copied or produced anywhere else.  This is not the case in GSM today because many of the algorithms in the phone can be broken though the fundamental security aspects of SIM/USIM are still good.

This sort of solution will emerge over time.  When that day arrives, we no longer will need to wonder whether we’re talking to the SIM card in the expected traffic light location in downtown London or the same SIM card fraudulently deployed in Malaysia where it’s pumping out free voice minutes.

By the way, femtocells, the devices you put in your home to increase your coverage back to a broadband link, are already shown to be vulnerable.  The Vodafone network in the U.K. has been cracked, for instance.

The other troublesome point is that as M2M evolves, you’ll have all sorts of low cost devices deployed — on washing machines or refrigerators smart meters.  It’s useful because it will alert the customer or the manufacturer that the appliance needs a part replacement, but nobody is quite sure of the risks around having millions of unsecure devices hanging off the network.

In other words, how the SIM/USIM device is deployed today is of secondary importance to where it could be deployed later.  The SIM card on your washing machine could be the channel for perpetrating fraud.

Absolutely.  This is the worrying point: You don’t know the original identity of the device it was attached to.  The data goes through network elements, but we haven‘t really designed the network to be looking for M2M devices.  We need to verify where the device lives, what sort of data it’s transmitting, and how it is being used.

It’s taken the industry some time to provide good security for the IMEI number, the mobile identity number in a wireless phone.  Today, the IMEI will usually be secure for the first six months to a year after it is manufactured.  But sooner or later, a hacker can break that device.  Smartphones can be cracked relatively easily.  So it begins to look like the malware game in personal computers.  The fraudsters penetrate the defenses and you wait for Apple to write a patch that protects you on their next release.

Simon, in conclusion, how to do you see the telecom industry dealing with M2M related fraud and RA problems in the next few years?

Dan, in the near term, carriers will turn to companies like WeDo to help manage M2M revenue-assurance problems.  Are we billing correctly for the consumption and the provision of that service?  Those solutions can also detect the fraud issues around the administration of a telecom’s M2M program.

Yet regardless of how big and popular M2M ultimately becomes, the technical security issue looms large and is unsolved.  Considerable work and investment is required to solve that issue, yet our industry first needs to acknowledge that it’s a major vulnerability.  Once we recognize that fact, we can begin to make M2M as secure from fraud threats as possible.

This article first appeared in Billing and OSS World.

Copyright 2011 Black Swan Telecom Journal


About the Expert

Simon Collins

Simon Collins

Simon Collins is WeDo Technologies‘ vice president for Business Consulting division, Praesidium.  Simon is responsible for all of Praesidium’s technical risk consultancy services supplied to more than 100 operator clients worldwide.

Related Stories

  • Bogus to Delete interview with Tom Erskine
  • Is the M2M Device in Your Refrigerator a Telecom Fraud Threat? interview with Simon Collins — Machine to machine (M2M) technology is being applied in hundreds of monitoring apps, such as smart metering and health diagnosis.  It’s even being used to monitor driving patterns tied to auto insurance rates.  But this article shows the serious M2M fraud and security threat that stem from the theft of the SIM/USIM device used in every M2M device.  The article discusses the RA and fraud strategies operators need to employ to manage the risks that will come from wider M2M deployments.

Related Articles

  • Intelligent Routing: The Case for Blocking IRSF Fraud at the SIP Session Border Controller interview with Jim Dalton — A bad fraud event can be a huge loss, especially to OTT players who provide a VoIP service.  In this interview, you’ll learn about an anti-fraud solution that works in concert with  intelligent routing.
  • A Privacy-Enabled Data Exchange that Expands Analytics Uses in Fraud, Credit Risk and Beyond interview with Michelle Wheeler — Analytics data today is managed in a privacy-negligent way.  This interview discusses an ingenious privacy and analytics exchange that allows telecoms, banks, and money lenders to trade fraud, credit risk and other data with each other in complete confidence and control.
  • From Rules Design to Adaptive Learning Systems in Telecom Fraud Control interview with Shankar Palaniandy — Adaptive and behaviorial learning systems are at the forefront of R&D in telecom fraud management systems.  Here an expert developer explains their usefulness in use cases such as IRSF detection, subscription fraud, application fraud, and voice biometrics.
  • Protecting 900+ MVNOs around the Globe from IRSF Fraud Pirates interview with Colin Yates — Telecom fraudsters are seeking a new, more vulnerable path to riches.  Their target: 900+ MVNOs around the globe who generally own no mobile networks, but sell mobile service virtually.  This interview with a fraud control expert explains what steps MVNOs must take to protect themselves from IRSF fraud.
  • Insider Fraud: How to Create an Anti-Fraud Culture in Your Telecom Organization interview with Mark Yelland — Thirteen years after the WorldCom scandal, experts generally agree that insider fraud remains a massive problem in telecom.  In this article you’ll learn the outlines of building a program to instill an anti-fund culture at your telecoms organization.
  • IRSF Protection: Software that Blocks Telecom Fraud at the Enterprise PBX interview with Roger Ansin — The richest criminal path to International Revenue Share Fraud (IRSF) goes through the enterprise PBX.  Hijacking the PBX has cost businesses and telecoms countless billions of dollars in the past 15 years.  In this interview you’ll learn about this industry challenge and an affordable and proven tool that blocks IRSF at the enterprise.
  • Combating SIM Box Fraud: Network Protocol Analysis to the Revenue Rescue interview with Lex Wilkinson — International call bypass is fraud perpetrated through SIM boxes equipped with dozens to hundreds of SIM cards that disguise international calls as local domestic phone calls.  This article give a backgrounder on SIM box detection techniques and talks about a new, rapid-detection technology based on network protocol analysis.
  • Making the Retail Operator Case for Anti-Fraud Protection via Wholesalers interview with Jan Dingenouts — Small retail operators are highly vulnerable to fraud, so enlisting the anti-fraud assistance of wholesalers is a great idea.  This interview explains useful negoiating tactics for retail operators and shows how wholesalers can lend support and grow their business at the same time.
  • A Wholesaler’s Fraud Prevention Creed: If You Lose the Trust, You Lose the Traffic interview with Robert Benlolo — Large wholesalers play a major role in keeping a lid on international telecom fraud.  In this interview, a wholesale voice and fraud management expert explains the role of its vendor systems and multi-threaded internal processes in protecting customers from fraud losses and shady wholesale suppliers.
  • Telecom Fraud & Credit Protection: A Desperate Need in Unbanked Regions of the World interview with Luke Taylor — Mobile money plus related fraud and credit protection are crucial to the prosperity of developing nations where most “unbanked” people live.  This article discusses the special issues of the unbanked market as well as broader revenue protection challenges and opportunities.
  • The Grey Market in Prepaid: Tactics to Combat International Bypass via the SIM Box interview with Ahmad Nadeem Syed — SIM box fraud is one of the toughest revenue threats that telecoms face.  It is the redirection of international calls via the internet to drop illegal VoIP traffic onto mobile networks.  This interview with an expert RA and fraud manager provides a detailed overview of the threat scenario, current SIM box tactics, and some creative ideas for bringing this problem under control.
  • Why Deep Packet Inspection Analysis is Essential for Detecting IP Fraud by Dror Eshet — The IP and mobile broadband revolution is in full swing: time for fraud managers to totally rethink their existing controls and areas of exposure.  In this article, a fraud expert discusses the power of DPI technology and the key impact its analysis is having in an FM world where knowing what’s inside the packets is as important as figuring out where those IP packages are going.
  • Flexibility & Fraud Management Systems: 8 Questions for Luke Taylor of Neural Technologies interview with Luke Taylor — Meeting today’s fraud threats is not just about technology, but also the speed of threat detection, the scanning of data outliers, and being enormously flexible.  A leading fraud management vendor takes a bead on current FM issues and points to where software is headed.
  • Recruiting Smartphone Users as Partners in Telecom Fraud & Security Control by Tal Eisner — Premium Rate Service (PRS) fraud and spyware on a mobile phone can ruin an operator’s relationship with a  subscriber.  The attacker uses malware to automatically generate phone calls, SMSs and data sessions to high cost (premium) phone numbers.  This article discusses a new crowd sourcing mobile app that addresses the problem and helps operators better manage the threat.
  • Roaming — if Managed Correctly --  Can Be a Spark to Revenues by Brian Silvestri — Major analyst firms are predicting that roaming revenues will almost double in five years.  What’s more, roaming remains at the pivot point of Wireless Carrier strategy.  Drawing lessons from the incredible rise of AT&T’s Digital One Rate Plan, this article points to future challengtes and raises key  questions about how mobile operators will ultimately come to terms with smartphone market profitability, service quality, and data roaming.
  • What Makes Good Fraud Management Software?  9 Questions for Tal Eisner of cVidya interview with Tal Eisner — How do you know if the fraud management software you own or are considering is a good one?  That’s the starting point of a conversation Black Swan had with a product strategist of a leading FMS vendor.  The article discusses everything from maturity and customer collaboration... to PBX hacking and enabling the FMS to actually enhance the relationship a telco has with its enterprise customers.
  • International Revenue Share Fraud: Are We Winning the Battle Against Telecom Pirates? interview with Colin Yates — International Revenue Share Fraud (IRSF) is one of the telecom industry’s most enduring problems.  Yet many of us have only a foggy notion of how IRSF works and how operators around the globe are coping with the issue. This interview covers the bases: the origins of IRSF, typical fraud scenarios, efforts to get international cooperation on the issue, and the future outlook of IRSF.
  • Fraud Management at Kyivstar in Ukraine interview with Anton Pivala — Kyivstar from Ukraine is a leading mobile operator in both  voice service quality and consumer value.  This case study gives details on Kyivstar’s fraud control program, reveals some of the unique operator challenges faced in Eastern Europe, and explains how Kyivstar is successfully winning the battle against  IRSF and SIMbox fraud.
  • Converging Criminal and Technical Intelligence: Secret to Combating the Explosion in Telecom Fraud and Security Threats interview with Mark Johnson — A fraud and security expert gives a big picture talk on why industry convergence is driving the need for a broader “revenue risk intelligence.”  His prescription?  Yes, telecoms surely need to excel in technical  infrastructure such as traffic usage data, IP intrusion appliances, and physical barriers.  But just as important is the need to pair that knowledge with the real-life lessons of fighting criminals in general.
  • Gratifying Ghana: Why Listening to Operators Trumps Vendor Technology and Size interview with Ludvig Lindqvist — The value of technically excellent software is negated if the solution is not implemented right.  This article makes a strong case that vendors need to focus on first things first — get in full synch with a service provider’s business, capabilities and unique needs before you recommend or implement any software.  Topics discussed include: the benefits of retaining in-house expertise, implementation challenges in Africa, and the meaning of “thorough engagement” with the client.
  • Roaming Fraud: The Importance of Real-Time Data Exchange and Analysis interview with James Stewart — The Near Real Time Roaming Data Exchange (NRTRDE) is a GSM standard allowing operators to gain fast access to the roaming records of service providers half way around the world.  The article explains how 65 carriers are using this data to combat fraud through a service bureau.  Learn about the dangers of international roaming fraud and the value a roaming service bureau brings to the table.
  • Is the M2M Device in Your Refrigerator a Telecom Fraud Threat? interview with Simon Collins — Machine to machine (M2M) technology is being applied in hundreds of monitoring apps, such as smart metering and health diagnosis.  It’s even being used to monitor driving patterns tied to auto insurance rates.  But this article shows the serious M2M fraud and security threat that stem from the theft of the SIM/USIM device used in every M2M device.  The article discusses the RA and fraud strategies operators need to employ to manage the risks that will come from wider M2M deployments.
  • “Fraud Is a Wind that Always Blows” and Other Wisdom From a 28-Year Old Software Firm interview with Gary Beck — Here’s the amazing story of how Beck Computers was pulled out of a Tier 1 account only to be brought back in a few months later.  The article explores software vendor service and support challenges, real-time computing requirements, advanced fraud management functions, and ways to educate management on the value an FMS investment.
  • Insider Fraud: Detecting Criminal Activity in the Telecom Sales Process interview with Tal Eisner — One of the biggest problems telecoms now face is fraud done inside their offices, dealer stores and firewalls.  This type of fraud is especially dangerous because it’s performed by people fully authorized to transact for the company.  The story dicusses the major causes of insider fraud, presents a case study, and explains basic techniques that software uses to detect insider fraud.
  • Fraud & Credit Risk Software: Setting the Client Free to Innovate interview with Luke Taylor — Not every operator wants the freedom to configure its own fraud management solution, but certain providers wouldn‘t live without such a “framework” approach .  This article discusses: the reasons why operator choose this strategy as it covers many other fraud and credit software implementation issues.
  • Why Selling to Business Customers Makes You a High Risk Target for Fraud by David West — There’s a saying in the fraud business: “It’s not a question of whether you’ll be hit by fraud — only when, how bad, and from which direction.“  Citing four recent cases where operators were hit by fraud, this article explains why investing in a fraud soluiont — and keeping up-to-date — are so critical.  The article gives several examples of vulnerability points that fraudsters commonly exploit.