Request Pricing
En
Request pricing

Login

What is Device Impersonation?

Device impersonation is a broad term that includes attacks where a bad actor pretends to operate a legitimate device that was previously authorized to work with a system.

Depending on the defenses deployed on the system’s server side, impersonating a device can range from trivial (such as spoofing the device ID) to quite complex (spoofing device metadata, replicating files, recreating security keys etc.).

To execute a successful attack, the bad actor has to perform the three steps: reconnaissance, data theft, and data reuse.

At the reconnaissance stage, an attacker could resort to observation and reverse engineering to understand how devices are identified on the system and what it takes to pretend to operate from a legitimate device. Reverse engineering protection is outside of the scope of this work, as a thorough protection is implemented in Guardsquare products. Contact us to learn more.

At the data theft stage, the attacker could use a range of methods, some of the most popular examples include:

  • Gaining temporary physical access to the device
  • Deploying malware that would collect and exfiltrate the data necessary to identify the device

Finally, the reuse stage happens when the attacker deploys the stolen device information on a different device or simulates the transmission of identifying information through custom-built software. At this stage, the attacker’s software can successfully impersonate operating from the victim’s device and gain access to the victim’s digital assets.

--- title: Device impersonation --- flowchart TD impersonation_attack theft_phase reuse_phase impersonation_attack[Impersonation and account takeover] theft_phase[Theft] reuse_phase[Reuse] di[Device impersonation] malware[Malware] tampering_protection([Tampering protection]) malware_protection([Malware protection]) copy[Copy stolen data] impersonation_attack --> di di --> theft_phase di --> reuse_phase theft_phase --> physical[Physical access] theft_phase --> malware device_binding([Device binding]) reuse_phase --> copy copy --> device_binding malware --> malware_protection malware --> tampering_protection style device_binding fill:lightgreen click malware_protection href "https://www.guardsquare.com/mobile-app-security-research-center/malware/overview" "How to implement malware protection" click tls_pinning href "https://www.guardsquare.com/video/ssl-pinning-explained" "SSL pinning explained" click re_protection href "https://www.guardsquare.com/" "Reverse engineering and tampering protection" click tampering_protection href "https://www.guardsquare.com/" "Reverse engineering and tampering protection"

Guardsquare

Table of contents