Counterfeit Hardware May Lead To Malware and Failure

Counterfeit parts are becoming increasingly hard to tell the difference from the real deal, the technology used by the counterfeiters has come on leaps and bounds, so even the experts struggle to tell the real product from a good fake. Mere fake branding isn’t the biggest problem with a counterfeit though, as reports, counterfeit parts could contain malware or be downright dangerous.

Way back in 2014 the FBI charged [Marc Heera] with selling clones of the Hondata S300, a plugin engine module for Honda cars that reads sensors, and depending on their values can change idle speed, air-fuel mixture and a plethora of other car/engine related settings. What, might you ask, is the problem, except they are obviously not genuine parts? According to Honda they had a number of issues such as random limits on engine rpm and occasionally failure to start. While the fake Hondata S300 parts where just poor clones that looked the part, anything connected to an engine control unit brings up huge safety concerns and researchers have shown that through ECU access, they could hijack a car’s steering and brakes.

It’s not just car parts being cloned, remember the fake USB-to-serial chips of FTDI-Gate? Entire routers are also being cloned, which doesn’t sound too bad until you realise that the cloners could configure your internet traffic to be redirected through their network for snooping. In 2010 Saudi citizen [Ehab Ashoor] was convicted of buying cloned Cisco Systems gigabit interface converters with the intention of selling them to the U.S Dept of Defense. While nothing sinister was afoot in [Ashoor]’s case other than greed, these routers were to be deployed in Iraq for use by the Marine Corps networks. They were then to be used for security, transmitting troop movements and relaying intelligence from field operations back to HQ.

So who are the cloners and why are they doing it? It is speculated that some of them may be state funded, as there are a lot of countries who do not trust American silicon. Circuits are reverse engineered and find their way to the international market. Then just like the FTDI-Gate case, cloners want to make profits from others intellectual property. This also brings up another question, if there is a mistrust of American silicon, nearly everything is made in China these days so why should we trust anything from there? Even analog circuits can be made to spy on you, as you can see from the piece we recently featured on compromising a processor using an analog charge pump. If you want to defend yourself from such attacks, perhaps look at previous Hackaday Prize finalist, ChipWhisperer.

Fixing Fake FTDIs

If you know where to go on the Internet, you can pick up an FTDI USB to Serial adapter for one dollar and sixty-seven cents, with free shipping worldwide. The chip on this board is an FTDI FT232RL, and costs about two dollars in quantity. This means the chips on the cheap adapters are counterfeit. While you can buy a USB to serial adapter with a legitimate chip, [Syonyk] found a cheaper solution: buy the counterfeit adapters, a few genuine chips, and rework the PCB. It’s brilliant, and an excellent display of desoldering prowess.

Why is [Syonyk] replacing non-genuine chips with the real FTDI? The best reason is FTDIgate Mk. 1, where the official FTDI driver for Windows detected non-genuine chips and set the USB PID to zero. This bricked a whole bunch of devices, and was generally regarded as a bad move. FTDIgate Mk. 2 was a variation on a theme where the FTDI driver would inject garbage data into a circuit if a non-genuine part was found. This could also brick devices. Notwithstanding driver issues, the best reason for swapping out fake chips for real ones is the performance at higher bit rates; [Syonyk] is doing work at 3 Mbps, and the fake chips just don’t work that fast.

To replace the counterfeit chip, [Syonyk] covered the pins in a nice big glob of solder, carefully heated both sides of the chip, and slid the offending chip off when everything was molten. A bit of solder braid, and the board was ready for the genuine chip.

With the new chip, the cheap USB to serial adapter board works perfectly, although anyone attempting to duplicate these efforts might want to look into replacing the USB mini port with a USB micro port.

FTDI Drivers Break Fake Chips, Again

Just over a year ago, FTDI, manufacturers of the most popular USB to serial conversion chip on the market, released an update to their drivers that bricked FTDI clones. Copies of FTDI chips abound in the world of cheap consumer electronics, and if you’ve bought an Arduino for $3 from a random online seller from China, you probably have one of these fake chips somewhere in your personal stash of electronics.

After a year, we have the latest update to FTDI gate. Instead of bricking fake chips, the latest FTDI drivers will inject garbage data into a circuit. Connecting a fake FTDI serial chip to a computer running the latest Windows driver will output “NON GENUINE DEVICE FOUND!”, an undocumented functionality that may break some products.

FTDI gate mk. 1 merely bricked fake and clone chips, rendering them inoperable. Because fakes and clones of these chips are extremely common in the supply chain, and because it’s very difficult to both tell them apart and ensure you’re getting genuine chips, this driver update had the possibility to break any device using one of these chips. Cooler heads eventually prevailed, FTDI backed down from their ‘intentional bricking’ stance, and Microsoft removed the driver responsible with a Windows update. Still, the potential for medical and industrial devices to fail because of a random driver update was very real.

The newest functionality to the FTDI driver released through a Windows update merely injects unwanted but predictable data into the serial stream. Having a device spit out “NON GENUINE DEVICE FOUND!” won’t necessarily break a device, but it is an undocumented feature that could cause some devices to behave oddly. Because no one really knows if they have genuine FTDI chips or not – this undocumented feature could cause problems in everything from industrial equipment to medical devices, and of course in Arduinos whose only purpose is to blink a LED.

Right now, the only option to avoid this undocumented feature is to either use Linux or turn off Windows Update. Since the latter isn’t really a great idea, be prepared constantly roll back the FTDI driver to a known good version.