The development followed news last month that Chinese smartphone manufacturer Transsion had sold handsets with pre-loaded malware capable of tapping customer data allowances and digital wallets. The malware in this instance, xHelper and Triada, was detected by Secure-D, a software platform owned by Upstream.
It is the third time Secure-D has raised the alarm on pre-installed malware. Geoffrey Cleaves (pictured), head of Secure-D at Upstream, told Capacity that a further discovery involving another brand is due to be announced over the coming months.
Cleaves said: “This is the tip of the iceberg. The lesson is that the problem is going to get worse before it gets better, and the MNOs need a strategy. You can’t stop preinstalled malware. There are too many manufacturers involved, there is money involved, you need tools to detect it quickly and protect your subscribers as fast as possible.”
Currently analysing a “bigger brand than Tecno”, Cleaves said although the fraud is not happening directly on the network, the ability for malware to deplete data and digital wallet balances is detrimental to an operator’s brand reputation. While security patches are the standard response for the manufacturer, the reputational impact for operators can be more difficult to address.
“It’s quite difficult for MNOs to face this. They really need to revaluate their anti-fraud strategy and it is not so much network intrusion detection or deep packet inspection that will help in this sense,” Cleaves said.
“You need something that knows if a click is fake or not,” he added.
There are a number of ways malware can find its way onto handsets.
According to Cleaves, it can slip through undetected due to a lack of quality control in manufacturing – the “cheaper” the device, the more expensive its potential security flaws. The practice of developers paying for their software to be preinstalled also comes into play, and it isn’t beyond possibility that a “crooked employee” could infiltrate a supply chain.
However, in Africa mobile money and digital wallets have become indispensable in recent years and that trend has accelerated during Covid-19 lockdowns. As a result, many operators are now introducing or extending mobile money solutions.
Earlier this month Africell CEO Ziad Dalloul unveiled plans to expand its mobile money solution as part of a new growth strategy that will take the operator into new markets. In May, Airtel Africa reported a revenue increase of 11.2%, largely attributed to growth in its mobile money activities.
“I think the implications are serious for MNOs. The MNO network is not breached, it isn’t like there was an intrusion or the MNO lost money because there was international billing taking place. Subscription fraud and so on is not what the MNOs have been trained to stop. This is a different beast and not one they have expertise with.
“The implications are serious because it’s bad press when your subscribers are being targeted this way and being stolen from. It is really the low-income individuals who are at a loss here. Their digital wallets are being emptied and their data taken,” Cleaves added.
Owned by Transsion Holding, Transsion manufactures the Tecno, Itel, and Infinix devices. It is active in 38 African countries, as well as India and Bangladesh, and the firm has a joint venture in Pakistan with Tecno Pack Pakistan.
Data released by IDC at the end of 2019 confirmed that Transsion was the dominant player in the African market at the end of last year, commanding a 64% share of the feature phone market and a 36.2% share of the smartphone market, compared to Samsung’s sub 25% share.
In its H1 financial results for 2020, Transsion recorded revenues of US$2.02 billion, marking 31.8% growth on the same period last year.
Despite its recent security troubles making international news, Transsion is setting standards in other areas, namely smartphone photography. According to company news published earlier this month, its enhanced photography capabilities will feature in the Tecno Camon series.