A Rapidly Growing Problem for Mobile Operators: NOT Security of Network Equipment Software but Unapproved Handsets from China

It’s not discussed in public by operators or regulators or the BSMA (that is an intentional typo on the GSMA given some of its PR).  Though this weblog has been discussing it for a number of years when we reviewed Wadaro back in 2008, and presented some interesting analysis this year: it’s the impact of unapproved devices on an operator’s network.  The usual suspects are devices that look like a branded device, e.g. an iPhone 4 being sold on eBay for $20.  Generally, they’re manufactured in China (though not exclusively) from sub-standard components and shipped without testing or approvals.  A few years ago the numbers were in the hundreds/thousands on each network, today it’s in the tens of thousands and its becoming a problem for operators in maintaining quality of experience for all of us that paid full price for our approved phones.

Sometimes these devices purport to be something else (IMEI has been re-flashed) but
Wadaro, a long-time leader in this space, has found a way of finger printing them so they can, in some cases, identify what the device actually is and not what it claims to be.  The identification process then enables them to be dealt with, for example the device can simply be stolen and re-flashed but otherwise work well with the network, or they’re examples of poor radio terminals that, when used in volume as they are starting to be, degrade the network.  Wadaro enables the accurate tracking of stolen and unapproved mobiles in use on networks.

The impact of unapproved devices is significant, just a few on a cell cite can incur a 86% CAPEX/site count increase; a 200% voice capacity loss; a 50% data capacity loss; up to 250% more delay in serving MAC packets over the air; and a significant effect on coverage and maximum data rate, dropping to 250kbps with some holes.  Remember mobile networks are built assuming all devices are approved, unfortunately that is definitely not the case today.

Wadaro TAP (Total Analysis Package) is predominantly a Network Experience Monitoring solution.  Essentially, small Client Software is installed into subscriber SIM cards that acquires raw performance data from host devices and processes that data into KPI with in the SIM card.  To enable reporting to be dimensioned by device type, the Type Approval Code (TAC) is encoded with each KPI.  The following reporting is available for all networks: duplicate IMEI, unknown reporting body encoded in IMEI, invalid IMEI, and TACs associated with multiple device types.

Observing duplicate IMEI is the first step to identifying devices that have had their IMEI re-flashed.  In most countries, this in itself is an illegal practice and may obscure the actual device type (e.g. an unapproved device masquerading as a legitimate one).  An added feature of TAP is the collection of a ‘fingerprint’ for each device.  Devices of each given type have an associated ‘fingerprint’.  If the TAC and fingerprint provided by the TAP Sever do not correlate with information for legitimate devices then unapproved devices are detected.  Furthermore, by searching Wadaro‘s TAD Server (a repository of information about more than 87,000 device types) by finger print, it may be possible to identify the true make and model of the device.

This is basic business intelligence operators should be using to a) ensure a good quality of service for their customers, and b) save on costs.  While I see lots of slides talking about Big Data, we have a bigger problem that can be solved quite easily using traditional structured data.  Once the unapproved device manufacturers’ wise up to this, then we’ll need to start looking at unstructured data approaches.