Today there are an estimated 16.7 billion IoT devices spread across the globe, and approximately twenty percent of these are connected to a cellular network. Our ability to communicate effectively with these IoT endpoints will help drive business productivity well into the 21st century, and SMS is one of the most efficient ways of doing this. But what are the risks? What happens when a bad actor sends a message to one of these devices and instructs it to do something it shouldn’t? How can a company put rules in place for how their ‘things’ communicate? This is where SMS Firewalls come in.
This blog post is based on an interview with Joseph Haddad, Senior Product Manager at Enghouse Networks. He shares his expertise in the SMS Firewall arena; what they are, and how they can be used to go beyond security measures by providing a way for operators and their customers to create customized rules for how IoT endpoint devices behave. It’s a critical topic for a world that is becoming increasingly reliant on machine-to-machine communication.
Joseph, can you briefly describe the products you help manage?
The Enghouse Networks SmartGuard portfolio is made up of multiple solutions that can work either together or independently to provide security and privacy for operators and their subscribers. Our most popular product within SmartGuard is our SMS Firewall. It works in conjunction with our IoT Device Screening solution, which is especially relevant for this whole new group of cellular-connected IoT endpoints coming onto the market.
What is IOT device screening?
Many operators today are connecting IOT devices to their cellular network. These devices are often very critical and need to be protected – they may be embedded into cars, airplanes, or factories. SMS is one of the ways these ‘things’ communicate over-the-air, and our IoT Device Screening solution helps with that in three ways:
- It prevents the devices from receiving or sending unwanted or harmful SMS messages.
- It keeps network costs in check by putting limits on the number of SMS that can be sent or received.
- It allows the owners of the devices to create specific rules for how and when messages can be shared.
Is the telecom operator setting the parameters around this, or is it the enterprise?
It’s up to the operator to decide. The operator can set and manage these devices. For instance, they can set a ‘whitelist’ of allowable incoming and outgoing communications, or they can share these policies with the owners of the IoT devices. An example would be a car manufacturer who wants control over which vehicles can send and receive SMS, how they send them, and from where they are sent.
Are car manufacturers using SMS for making over-the-air (OTA) repairs and software updates?
Yes, absolutely. These devices can receive OTA instructions from the car manufacturers or the telecom operator. This can be controlled through our IoT Device Screening solution.
Industries need a safety net with regards to IoT and SMS. We worked with a car manufacturer, for example, that wanted to send out messages to update software that tracks various metrics, including engine temperature, status, or speed. But they found that sometimes these requests were going to the wrong cars – and this was causing problems. While they had the ability to define which vehicles should receive these messages, sometimes they got it wrong, so they wanted to put in some guard rails to protect against user mistakes. In this use case, it wasn’t about preventing fraud. Instead, the customer wanted very granular control over which vehicles received which OTA messages, and we were able to support that.
What other types of IoT device screening policies are helpful?
While IoT device screening can benefit many industries, let’s continue with the car manufacturer example. Mobile operators will often sell these organizations monthly bundles of SMS that are used for sending and receiving automated status updates about their vehicles. The manufacturers don’t want to exceed their monthly SMS limit for cost reasons, so they use our IoT Device Screening solution to limit how many messages are allowed to be sent from each device per month. Operators also want to be able to limit how many SMS can be sent from an individual car manufacturer, because each bundle is set up a bit differently, depending upon the customer.
We are currently working to support even more IoT screening policies. For instance, we recently added the ability to control which numbers an IoT device can send an SMS to. A manufacturer may want to limit the vehicle’s ability so that it can only send an SMS to a specific short code, and that’s it. They don’t want these devices to send messages anywhere else, or to any other short codes. This helps protect against exceeding their monthly limit and sending too many SMS, and it also helps prevent the device from being used for fraud.
I would think that would be critical. If you sense that your vehicle now is starting to send out thousands of spam messages, you need to be able to stop that before something bad happens.
Yes, and another reason is cost. Modules in cars are often programmed to report their status throughout the day, at which point it will trigger an SMS. But for the car company that’s running an entire fleet, they may not want to pay for what they deem as unnecessary SMS. Since they’re paying for a limited number of messages every month they want to stay within that bundle. They want to be able to limit the messages to only those that have meaning for them.
Is the car overheating? Send an alert. Is it within the normal temperature range? Then don’t. Otherwise, they’ll be paying a fortune for the car to constantly overcommunicate, sending its temperature status even when it’s operating within a normal range.
Moving beyond IoT Screening, when someone says SMS Firewall, I think of spam prevention. Is this still an important issue?
SMS spam and smishing are serious problems for mobile subscribers. They may suffer significant financial losses from these messages if they react to them. Mobile network operators also suffer financially because they may lose subscribers, or their brand may suffer by association. The problem has become so pervasive that government regulators in many countries are requiring operators to install anti-spam and anti-smishing solutions to help protect citizens.
For example, we worked with an operator in Vietnam who was battling SMS spammers due to the availability of very cheap pre-paid SMS packages. Their subscribers were being inundated by fraudulent texts. Despite the language differences, we were able to identify and stop more than 98% of their SMS spam using our machine-learning based system.
Why is stopping SMS spam so challenging, and how does machine learning help?
In the cat-and-mouse game of the antispam industry, staying one step ahead of spammers is difficult because they constantly exploit the weaknesses of commonly used techniques like SMS keyword filters. But our artificial intelligence based filtering technology adapts faster than the spammers can alter their messages. With it, mobile operators have a powerful tool to combat the ever-evolving challenges of spam and smishing. By harnessing the capabilities of artificial intelligence, our solution can analyze vast amounts of SMS data to identify emerging spam patterns and detect suspicious messages in real-time.
With our SMS Firewall, mobile operators can proactively strengthen their defenses by swiftly updating and refining their filtering algorithms, effectively thwarting spam before it reaches their subscribers’ devices. As a result, mobile operators can ensure a safer and more enjoyable messaging experience for their customers, fostering trust and loyalty while safeguarding against the incessant barrage of spam and smishing attempts. With our AI-powered filters, service providers also save considerable time and effort while protecting their subscribers more effectively.
What other types of protections does your SMS Firewall provide?
Grey Route Detection is another focus area for us. SMS grey routes refer to the practice of sending bulk SMS messages through unauthorized or unregulated channels. Instead of using official routes provided by mobile network operators, businesses and marketers use ‘grey routes’ to bypass established rules and avoid paying standard fees for sending SMS messages. This method often results in messages being delivered without proper sender identification and can lead to unreliable delivery rates and potential security risks.
Our grey route detection solution combines the real-time filtering features of our SmartGuard SMS Firewall with ongoing analysis and reporting to help identify long-term trends in A2P traffic. This helps identify grey route abusers more effectively. Our managed services team can then go the extra step by helping mobile operators and their chosen aggregators to eliminate A2P revenue leakage.
What differentiates Enghouse Networks’ SMS Firewall from its competitors?
Our IoT Device Screening solution is a key differentiator for us, but it’s not the only one.
Our biggest differentiator is the flexibility and intelligence of our system. It’s the capability to create powerful rules, in a very flexible, user-friendly way. In addition, Operators are looking to use AI and machine learning to stop SMS fraud and spam more intelligently, and we help them do that.
Visit our website to learn more about the Enghouse Networks’ SmartGuard portfolio and IoT Device Screening or contact us today.
