SecTor 2025 | Detecting Forbidden White Labeled and Counterfeit Devices

In 2022, the Canadian federal government banned the use of technologies from ZTE and Huawei in Canadian telecommunications networks, citing national security reasons. Bans on other manufacturers, such as Hikvision, are also under consideration. Technologies from these vendors may not be purchased, and existing installed devices must be removed.

However, many of these devices are “white labeled”: sold under a different name, by a local vendor…but peel back the label and the forbidden device remains. The same goes for too-good-to-be-true prices for equipment on auction sites: counterfeit copies of name-brand devices are not rare.

This talk will discuss techniques to detect these devices, including Internet-wide statistical methods, and deep dives into telltale network protocol quirks. Learn how to tell if your expensive router (bought cheap!) really is the real thing, and whether your network really is free from forbidden devices.

By: Rob King | Director of Applied Security Research, runZero, Inc

https://blackhat.com/sector/2025/briefings/schedule/index.html#pay-no-attention-to-the-device-behind-the-curtain-detecting-forbidden-white-labeled-and-counterfeit-devices-47726Black HatRead More