Counterfeit Hardware May Lead To Malware And Failure

Counterfeit parts are becoming increasingly hard to tell the difference from the real deal, the technology used by the counterfeiters has come on leaps and bounds, so even the experts struggle to tell the real product from a good fake. Mere fake branding isn’t the biggest problem with a counterfeit though, as ieee.com reports, counterfeit parts could contain malware or be downright dangerous.

Way back in 2014 the FBI charged [Marc Heera] with selling clones of the Hondata S300, a plugin engine module for Honda cars that reads sensors, and depending on their values can change idle speed, air-fuel mixture and a plethora of other car/engine related settings. What, might you ask, is the problem, except they are obviously not genuine parts? According to Honda they had a number of issues such as random limits on engine rpm and occasionally failure to start. While the fake Hondata S300 parts where just poor clones that looked the part, anything connected to an engine control unit brings up huge safety concerns and researchers have shown that through ECU access, they could hijack a car’s steering and brakes.

It’s not just car parts being cloned, remember the fake USB-to-serial chips of FTDI-Gate? Entire routers are also being cloned, which doesn’t sound too bad until you realise that the cloners could configure your internet traffic to be redirected through their network for snooping. In 2010 Saudi citizen [Ehab Ashoor] was convicted of buying cloned Cisco Systems gigabit interface converters with the intention of selling them to the U.S Dept of Defense. While nothing sinister was afoot in [Ashoor]’s case other than greed, these routers were to be deployed in Iraq for use by the Marine Corps networks. They were then to be used for security, transmitting troop movements and relaying intelligence from field operations back to HQ.

So who are the cloners and why are they doing it? It is speculated that some of them may be state funded, as there are a lot of countries who do not trust American silicon. Circuits are reverse engineered and find their way to the international market. Then just like the FTDI-Gate case, cloners want to make profits from others intellectual property. This also brings up another question, if there is a mistrust of American silicon, nearly everything is made in China these days so why should we trust anything from there? Even analog circuits can be made to spy on you, as you can see from the piece we recently featured on compromising a processor using an analog charge pump. If you want to defend yourself from such attacks, perhaps look at previous Hackaday Prize finalist, ChipWhisperer.

The Sincerest Form Of Flattery: Cloning Open-Source Hardware

We’re great proponents (and beneficiaries) of open-source hardware here at Hackaday. It’s impossible to overstate the impact that the free sharing of ideas has had on the hacker hardware scene. Plus, if you folks didn’t write up the cool projects that you’re making, we wouldn’t have nearly as much to write about.

We also love doing it ourselves. Whether this means actually etching the PCB or just designing it ourselves and sending it off to the fab, we’re not the types to pick up our electronics at the Buy More (except when we’re planning to tear them apart). And when we don’t DIY, we like our electrons artisanal because we like to support the little guy or girl out there doing cool design work.

So it’s with a moderately heavy heart that we’ll admit that when it comes to pre-built microcontroller and sensor boards, I buy a lot of cheap clones. Some of this is price sensitivity, to be sure. If I’m making many different one-off goofy projects, it just doesn’t make sense to pay the original-manufacturer premium over and over again for each one. A $2 microcontroller board just begs to be permanently incorporated into give-away projects in a way that a $20 board doesn’t. But I’m also positively impressed by some of the innovation coming out of some of the clone firms, to the point that I’m not sure that the “clone” moniker is fair any more.

This article is an attempt to come to grips with innovation, open source hardware, and the clones. I’m going to look at these issues from three different perspectives: the firm producing the hardware, the hacker hobbyist purchasing the hardware, and the innovative hobbyist who just wants to get a cool project out to as many people as possible. They say that imitation is the sincerest form of flattery, but can cloning go too far? To some extent, it depends on where you’re sitting.

Continue reading “The Sincerest Form Of Flattery: Cloning Open-Source Hardware”