Watch out for well-made (counterfeit) chips. Counterfeit parts are big headache. Saelae tells that they noticed first that many more boards than normal were failing the functional test. The USB chip was running hot. It turned out that every last part was an old revision corresponding to a different (obsolete) part number – the parts had been relabeled with a modern part number.
Counterfeit Electronic Parts presentation from NASA gives examples of counterfeit ICs and information on business around counterfeit electronics.
Counterfeit components can be a a big business and safety risk. Criminal Prosecution – Who can be held liable for the sale of counterfeit parts? is an inside look at the unscrupulous business practices that plague the open market and the liability that could accompany this unethical conduct. This article is intended to serve as a warning to sales, purchasing and management representatives involved in the purchase or sale of integrated circuits in the open market. Ignorance is not a defense. It will likely be difficult, if not impossible, for any representative of the open market to argue that they were “unaware” of the risks.
333 Comments
Tomi Engdahl says:
Following electrocution controversy, Apple to offer USB power adapter replacements
http://9to5mac.com/2013/08/05/apple-launching-third-party-iphone-usb-charger-replacement-program-following-controversy/
Following controversy in recent weeks regarding the safety of counterfeit and third-party USB charging adapters for the iPhone, iPod, and iPad, Apple has announced a new trade-in program for these adapters. The program will be held at both official Apple Retail Stores and Authorized Apple Resellers.
The replacement program will allow anyone who feels uncomfortable with their adapter to replace it with an official unit for a discounted price of $10.
Last month, an Apple customer reportedly passed away from electrocution due to a counterfeit charger used with an iOS Device. Immediately following this incident, Apple opened up a webpage to properly identify Apple-built adapters.
“Recent reports have suggested that some counterfeit and third party adapters may not be designed properly and could result in safety issues. While not all third party adapters have an issue, we are announcing a USB Power Adapter Takeback Program to enable customers to acquire properly designed adapters.”
Tomi Engdahl says:
Apple to support third-party USB power plug trade-ins beyond U.S. & China
http://9to5mac.com/2013/08/12/apple-to-support-third-party-usb-power-plug-trade-ins-beyond-u-s-china/
Last week, we reported that Apple, will soon kickoff a trade-in-program for third-party or counterfeit USB power adapters in its retail stores and select authorized resellers. The program will allow anyone with an unofficial USB power adapter for iOS Devices to exchange that adapter for an Apple-built unit at a discounted price of $10 dollars.
The program comes in response to a couple of controversial situations in which people in China reportedly passed away or became injured due to faulty, counterfeit charging adapters…
www.christiancommunitychapel.org says:
Gaming laptops didn’t show all of the advantages of the gaming PC’s as even although they were
found to be really expensive, they didn’t meet the standards as nicely. Both the Lenovo and the Toshiba reviewed here were built in 2009. I played Civilization, Mob Rule, and various other strategy games that did not require the best graphics card or most RAM to run. The price at the time (a year ago) was around $800 for this Lenovo with Windows XP, but you can get a G530 for around $500 and a newer model of the Lenovo (which is similar), the G550 is around $1,000.
Here is my blog … gaming laptops under 500 (http://www.christiancommunitychapel.org)
Tomi Engdahl says:
Reel Crime: The Pulse Sensor Counterfeit LEDs Story
http://makezine.com/2012/02/17/reel-crime-the-pulse-sensor-counterfeit-leds-story/
The sensors did not work. In fact, all of them did not work, in exactly the same way. This was actually good news, since a consistent problem is easier to find and fix. Immediately we were in Problem Solving Mode.
Then Joel noticed that the green LED was not shining in quite the right color – more of a teal than a super-bright green. The lower intensity and difference in wavelength was sufficient enough to kill the accuracy of the Pulse Sensor, if not its functioning altogether.
Our contact at the factory seemed responsive to our problem. They confirmed that they ordered our part number from a reputable company, and sent a photo of the reel of parts they received. The photo confirmed that they were indeed the LEDs we specified for production. It had the manufacturer’s label (Kingbright USA) and correct part number on them. At this point, we were nervous. Were we insane?
We made a quick call to Kingbright, and asked them why their new green LED’s where not like their old green LEDs.
Kingbright asked for photos of the parts we used. After reviewing the photo, an engineer at Kingbright responded quickly, and solved the mystery at last. That reel of LEDs in the photo from our manufacturer bore a reference number that Kingbright didn’t use, and contained 500 more pieces than they supply per reel. Even the shape and style of the plastic reel was not the same as the kind Kingbright uses. Our factory’s supplier had bought counterfeit LEDs!
Mystery solved. Our engineering prowess was exonerated, and our factory seemed free of any malfeasance. A presumably well-known and trusted parts supplier (according to our contract manufacturer) had sold counterfeit parts, knowingly or not. The gritty details of who punked who was beyond us.
To get our working units, we could simply order 2000 LEDs in the USA and ship them to our factory.
Tomi Engdahl says:
New Trends in Counterfeit Components
http://www.integra-tech.com/counterfeit-detection.html
Over the past several years the electronics industry has seen a marked increase in the prevalence of counterfeit electronic components. Counterfeiters have attacked every commodity of electronics, from simple components such as capacitors, to complex integrated circuits such as microprocessors. Inexpensive commercial devices, as well as high cost military components, have seen counterfeiting. Today the problem continues with no indication of improvement. Today’s counterfeit components are demonstrating that the counterfeiters are continuing to improve their techniques.
Non-functional counterfeit parts have, in recent years, been the most common type. These were the first major wave of counterfeit parts that primarily came out of China, recovered from salvaged electronics waste. This type of counterfeit device has only the appearance of the correct device, often with the wrong die internally and a remarked package. The counterfeiter’s process is board removal, sanding, blacktopping and remarking followed by a detailed cleanup of solder and the package to make it look new. Today these parts are typically caught early on by a careful visual inspection with industry methods such as those documented in the IDEA standard 1010. On the occasions that they are not visually detected, then package de-cap or very basic tests such as a curve trace will identify the units.
The more difficult class is the functional counterfeit devices. These functional counterfeit devices are becoming more prevalent since counterfeiters are now being caught more often
Refurbished devices are one of the greatest problems. These parts are often the correct device and may even still have the original marking on the package. These refurbished units are a great risk since they are often subjected to excessive heat during removal and may have been introduced to harsh chemicals during the refurbishment process. Counterfeiters have become masters of reworking a package and the solder on the leads. They can make a board pull look new and unused.
Often related to refurbished parts are new remarking techniques. The old method of black-topping has been replaced by newer improved remarking techniques. Methods have been developed by counterfeiters to completely remove ink marking.
Another method available to counterfeiters is die salvaging from packages with subsequent die reusage in newly manufactured packages.
Tomi Engdahl says:
The Hidden Dangers of Chop-Shop Electronics
http://spectrum.ieee.org/semiconductors/processors/the-hidden-dangers-of-chopshop-electronics
Clever counterfeiters sell old components as new, threatening both military and commercial systems
Tomi Engdahl says:
Electronic manufacturing and consumers confront a rising tide of counterfeit electronics
May 2006
http://spectrum.ieee.org/computing/hardware/bogus
A police raid on a suspected counterfeiter in China’s Guangdong province turns up US $1.2 million in fake computer parts and documents
A capacitor electrolyte made from a stolen and defective formula finds its way into thousands of PC motherboards, causing the components to burst and leak and the computers to fail and eventually costing more than $100 million to rectify.
Local authorities in Suffolk County, N.Y., seize counterfeit electrical safety outlets–used in bathrooms, kitchens, and garages to guard against electrical shock–bearing phony Underwriters Laboratories logos. The bogus parts had no ground-fault-interrupt circuitry, and had they been installed anywhere near water, the results could have been fatal.
Dozens of consumers worldwide are injured, or merely surprised, when their cellphones explode, the result of counterfeit batteries that short-circuit and suddenly overheat.
That the world is awash in fake goods comes as no surprise to anyone who’s ever strolled the streets of a major city and seen a gauntlet of sidewalk hawkers selling knockoff clothes and pirated motion pictures. But in recent years a less visible but no less insidious component of the illicit global trade has taken off: the counterfeiting of electronics components and systems, from tiny resistors to entire routers.
High-tech products–including consumer electronics, batteries, computer hardware, and electronic games–accounted for four of the top 10 products seized by U.S. Customs and Border Protection in 2004
No company is immune. Counterfeit electronics have turned up in every industrial sector, including computers, telecommunications, automotive electronics, avionics, and even military systems. What’s more, nearly every kind of component has been pirated, from low-level capacitors and resistors to pricey DRAMs and microprocessors. Whole servers, switches, and PCs have been faked, but more commonly, only one part in hundreds or perhaps thousands in an end product is bogus.
And that one bad component can cause lots of headaches. For example, a component that may be worth only $2 can cost $20 to replace if it is found to be counterfeit after it is mounted onto a circuit board. Even if a manufacturer catches a counterfeit item on the production line, it will still lose money from having to halt production and swap out the bogus part. And if the product finds its way onto the market and out to customers, there likely will be even bigger problems with field service calls, warranty issues, product recalls, and the like.
For the consumer, the failures of systems that use counterfeits can lead to safety and security problems. Even if the fake part works, at least initially, it still poses reliability risks, because it hasn’t undergone the legitimate manufacturer’s rigorous quality assurance processes.
Tomi Engdahl says:
Would the Mob Really Break Your Virtual Kneecaps With Counterfeit Chips?
http://spectrum.ieee.org/tech-talk/semiconductors/devices/would-the-mob-really-break-your-virtual-kneecaps-with-counterfeit-chips
It’s easy to infiltrate a semiconductor chip supply chain with counterfeits. The path from the original manufacturer to the final use is notoriously weak, especially for older chip models, which are often needed for military applications. There are different types of counterfeits: they can be falsely labeled, used, broken, actual fakes, or, as we are told this week, hacked to a specific purpose by the mob.
It’s not a new concern, but IOActive gives it a new twist with the gangster angle. They’re not wrong about the threat, but the company’s blog post smells a little like fear mongering.
To illustrate their point, the authors dissect a chip ordered from an online electronics broker. IOActive, which investigates counterfeit claims, took the microprocessor in question apart and found that it was a ST ST19AF08 chip pretending to be a ST19XT34.
By itself, this is not surprising. Counterfeiting chips is a rampant, possibly already billion-dollar business that continues to grow, and it has, in fact, probably already been infiltrated by organized crime. The number of counterfeit incidents goes up every year, according to private companies and the US government—in part due to US legislation that is pushing companies to report finding fakes.
IOActive’s conclusion is that if it is easy to fake a chip and difficult to identify a fake, it must also be easy for criminal organizations and foreign governments to make minor modifications to chips that would never be noticed at all. A bad chip in the right place could compromise security with backdoors, malicious code, or rigged algorithms.
The Hidden Dangers of Chop-Shop Electronics « Tomi Engdahl’s ePanorama blog says:
[...] Hidden Dangers of Chop-Shop Electronics Counterfeit electronics components have caused problems for many companies. There are New Trends in Counterfeit Components. IEEE [...]
Green Earth Auto, Green Earth Auto Salvage, greeneartheautosalvage.com, click here says:
Howdy, I came across your internet site by means of Yahoo all the while buying comparable subject, your web site showed up, it appears superior. I added in order to our favourites features and functions|combined with bookmarks.
Tomi Engdahl says:
FT232RL: Real Or Fake?
http://hackaday.com/2014/02/19/ft232rl-real-or-fake/
Above are two FTDI FT232RL chips, an extremely common chip used to add a USB serial port to projects, builds, and products. The one on the left is a genuine part, while the chip on the right was purchased from a shady supplier and won’t work with the current FTDI drivers. Can you tell the difference?
the fake chip is really just a microcontroller made protocol compatable with the addition of a mask ROM
Tomi Engdahl says:
DARPA wants help to counter counterfeits
DIE, FAKE CHIP!
http://www.theregister.co.uk/2014/02/25/darpa_wants_help_to_counter_counterfeits/
DARPA is seeking vendor input into a program designed to defeat the problem of counterfeit electronic components.
As the agency states in its announcement, the provenance of electronics components is a big deal in the military, since a component failure can endanger (for example) a fighter jet’s mission (as well as the personnel on board).
In response to this, it wants to develop a program under which a 100×100 micron “dielet” could be included in critical components to verify where they came from. The dielet would include an encryption engine and damage/tampering sensors.
Tomi Engdahl says:
DARPA wants to scrub scourge of counterfeit computer gear
DARPA looks to develop a tiny electronic tool that could guarantee component security
By Layer 8 on Mon, 02/24/14 – 12:23pm.
http://www.networkworld.com/community/blog/darpa-wants-scrub-scourge-counterfeit-computer-gear
Tomi Engdahl says:
New DARPA Program Targets Bootleg Components
http://www.eetimes.com/document.asp?doc_id=1321308&
The electronics industry has adopted a wealth of practices to foil or at least identify counterfeit components, from marking to x-raying. Now the Pentagon’s Defense Advanced Research Projects Agency (DARPA) is calling upon engineers to solve the problem.
DARPA has published a call for proposals to develop a nearly microscopic component that could be attached to system components to help identify and combat counterfeit and suspect electronic parts.
Counterfeiter components are pervasive in the defense supply chain. Counterfeiters target both high-ticket chips and components that cost pennies. Worse, system failures associated with fake parts can lead to loss of life and failure of military missions.
The program calls for the development of a dielet, a small (100 x 100 microns) component that “authenticates the provenance of electronics components.” The proposed component would incorporate a full encryption engine, as well as tampering sensors.
Tomi Engdahl says:
Growing awareness of counterfeit electrical products, survey says
http://www.controleng.com/single-article/growing-awareness-of-counterfeit-electrical-products-survey-says/6269f596a3d4abdcca1eec1c8dde139a.html
A joint survey from power management company, Eaton, and the Independent Electrical Contractors (IEC) showed both an increased awareness of counterfeit electrical products and a still growing need for more.
“The first step to tackling any issue is building awareness and an understanding of why it is important,”
“Electrical contractors are recognizing the prevalence and dangers of counterfeits in the industry,”
Tomi Engdahl says:
Report: Counterfeit education is working
https://www.csemag.com/single-article/report-counterfeit-education-is-working/42e6855f797aa1824e726ed32b8e7cfa.html
Survey reveals that educational programs are helping to increase awareness of the dangers of counterfeit electrical products.
“The first step to tackling any issue is building awareness and an understanding of why it is important,” said Thayer Long, executive VP and CEO, IEC National. “Our anti-counterfeiting efforts with Eaton have not only raised awareness of the dangers of counterfeit electrical products, but have also helped the industry and consumers understand the ways to avoid such products.”
Tomi Engdahl says:
Fake Audiophile Opamps Revealed
http://hackaday.com/2014/04/10/fake-audiophile-opamps-revealed/
Tomi Engdahl says:
Fake audiophile opamps: OPA627 (AD744?!)
http://zeptobars.ru/en/read/OPA627-AD744-real-vs-fake-china-ebay
What happened here?
Some manufacturer in China put an effort to find cheaper substitute for OPA627 – it appeared to be AD744.
So they bought AD744 in the form of dies or wafers, packaged them and marked as OPA627.
Tomi Engdahl says:
More Counterfeit Apple Chargers Than You Can Shake An iPod At
http://hackaday.com/2014/05/10/more-counterfeit-apple-chargers-than-you-can-shake-an-ipod-at/
Phones, MP3 players, designer bags, artwork, money…. anything with value will bring out the counterfeiters looking to make a quick buck. Sometimes the product being counterfeited isn’t even necessarily expensive. For example, an Apple iPad Charger. [Ken Shirriff] got a hold of a counterfeit iPad Charger, took it apart, and did some testing.
So why would someone buy a counterfeit product? To save some money! The counterfeits are usually cheaper to reel the potential buyer in thinking they are getting a deal. In this case, the Apple product costs $19 and the knock-off is $3, that’s a huge difference.
counterfeit’s has a huge amount of noise
[Ken's] article is extremely detailed and contains a lot of photos of inside both chargers
Tomi Engdahl says:
Raspberry Pi foundation looks at counterfeit Apple power supplies
http://hackaday.com/2012/10/10/raspberry-pi-foundation-looks-a-counterfeit-apple-power-supplies/
Tomi Engdahl says:
Apple iPhone charger teardown: quality in a tiny expensive package
http://www.righto.com/2012/05/apple-iphone-charger-teardown-quality.html
Tomi Engdahl says:
Why it is not a good idea to buy counterfeit power supply:
iPad charger teardown: inside Apple’s charger and a risky phony
http://www.righto.com/2014/05/a-look-inside-ipad-chargers-pricey.html
Apple sells their iPad charger for $19, while you can buy an iPad charger on eBay for about $3. From the outside, the chargers look the same. Is there a difference besides the price? In this article, I look inside real and counterfeit chargers and find that the genuine charger has much better construction, power quality, and most importantly safety. The counterfeit turns out to be a 5 watt charger in disguise, half the power of a genuine charger.
One safety difference is obvious: the Apple charger has much more insulation.
the counterfeit charger is much simpler
Both chargers use resistors to put special voltages on the USB data lines to indicate the charger type, using Apple’s proprietary system. (This is why iPads say “Charging is not supported with this accessory” with some chargers.)
Safety probably isn’t something you think about when you plug in your charger, but it’s important.
The UL regulations[14] require safe separation between the high voltage and the low voltage. This is measured by creepage – the distance between them along the circuit board, and clearance – the distance between them through air. The regulations are complex, but in general there should be at least 4mm between high-voltage circuitry and low-voltage circuitry.
the genuine iPad charger’s circuit
This gap of 5.6mm provides a comfortable safety margin.
The creepage distance on the counterfeit charger board below is scary – only 0.6 mm separation between low and high voltage.
this board is unsafe. If you use the charger in a humid bathroom and a drop of water condenses across the 0.6 mm gap, then zap!
The key safety requirement of the transformer is to separate the high-voltage windings from the low-voltage secondary winding, and the counterfeit charger fails here.
The triple-insulated wire is an important safety feature that keeps the high voltage out even if there is a flaw in the insulating tape and in the wire’s insulation.
The real charger provides much more power with much less noise
Is the Apple charger worth the price?
Apple’s charger is expensive compared to other chargers, but is a high quality product. You should definitely stay away from the cheap counterfeit chargers, as they are low quality and dangerous. Non-Apple name brand chargers are generally good quality according to my tests, with some better than Apple.
In any case, the iPad charger is an impressive piece of engineering with a lot of interesting circuitry inside. The counterfeit charger is also impressive in its own way – it’s amazing that a charger can be manufactured and sold for such a low price (if you don’t care about safety and quality).
Tomi Engdahl says:
EEVblog #388 – Fake Apple USB Charger Teardown
http://www.youtube.com/watch?v=wi-b9k-0KfE
Tomi Engdahl says:
Here Come the RGB LED Clones
http://hackaday.com/2014/06/25/here-come-the-rgb-led-clones/
It seems like every third project on Hackaday uses WS2812 RGB LEDs in some way. We all love our blinkenlights, and bright, cheap, serial controlled RGB LEDs are the bees knees.
As with all products these days, competing manufacturers have discovered the huge market for these things, and clones are now available. [Tim] recently took a look at the PD9823, as well as three versions of the WS2812.
As many of us know, the timing characteristics for these LEDs can be a pain to work with.
Tomi Engdahl says:
USB charger is prime suspect in death of Australian woman
All those safety logos on kit aren’t just window dressing
http://www.theregister.co.uk/2014/06/27/usb_charger_is_prime_suspect_in_death_of_australian_woman/
An Australian woman has been found dead, possibly as the result of connecting a device to a USB charger that does not comply with safety standards.
The Australian State of New South Wales’ Fair Trading Commissioner Rod Stowe has issued a statement warning local punters not to buy chargers that do not bear the usual panoply of certification marks after “the recent death of a consumer where an unapproved USB charger was potentially implicated.”
Fairfax Media reports Stowe’s warning came after “a young woman wearing headphones and holding her laptop was found dead with burns on her ears and chest, in an apparent electrocution.” It’s been suggested the woman was holding a phone that was plugged in to a faulty charger at the time of her death.
Tomi Engdahl says:
Dell laptop catches fire, burns woman
Dellja-vu
http://www.theinquirer.net/inquirer/news/2353038/dell-laptop-catches-fire-burns-woman
Since then we have witnessed the recall of some four million units with suspect battery packs, and then an almost annual product recall. Dell updated recall information three times since 2006
Now, in a latest strike against the laps and desktops of humanity, another Dell laptop has triggered self-immolation and ruined a woman’s afternoon.
“It blew up. It flipped my computer back and the battery pack and all came out this way,” said victim Loretta Luff. “The next thing I knew, my shirt was on fire, I grabbed that and took that off and I think that’s when I singed my hair.”
“The battery pack was on the floor. It was in pieces,”
Luff said that she swapped the battery out about three years ago and is not sure whether it is a Dell unit.
Tomi Engdahl says:
Beats sues Chinese counterfeiters for billions as Apple sale nears completion
By Sam Oliver
http://appleinsider.com/articles/14/07/11/beats-sues-chinese-counterfeiters-for-billions-as-apple-sale-nears-completion
Headphone maker Beats has filed suit against a number of Chinese counterfeiters, alleging trademark infringement and seeking damages that could run into the billions of dollars just weeks before the company officially becomes an Apple subsidiary.
Tomi Engdahl says:
Fake ebay batteries 18650
https://www.youtube.com/watch?v=eOshOXcSkDA
Tomi Engdahl says:
FAKE 18650 Ultrafire Batteries on eBay
https://www.youtube.com/watch?v=6lL2QBn3pCY
Tomi Engdahl says:
Fake NVIDIA Graphics Cards Show Up In Germany
http://tech.slashdot.org/story/14/08/27/1754243/fake-nvidia-graphics-cards-show-up-in-germany
“Several fake NVIDIA cards — probably GeForce GT 440 — have had their BIOS reflashed to report themselves as GeForce GTX 660.”
“but only deliver 1/4 of the speed of a real GTX 660″
Tomi Engdahl says:
Securing Trustworthy & Resilient Chips
NSF and SRC team to make chips counterfeit- and hack-free
http://www.eetimes.com/document.asp?doc_id=1324043&
Nine universities, from a field of more than 50 applicants, have been chosen to receive $4 million over three years to develop Secure, Trustworthy, Assured, and Resilient Semiconductors and Systems. The STARSS program is supported by the National Science Foundation (NSF) and the Semiconductor Research Corporation (SRC) as well as SRC member companies Intel, Freescale, and Mentor Graphics.
The STARSS program is part of a $75 million cyber security effort by the NSF, but is unique in that it is aimed at making the chips themselves — especially processors — immune from being exploited by hackers who take advantage of hidden Trojan horses and backdoors that are intentionally or unintentionally inserted into chips by intellectual property (IP) often from foreign sources. The effort will also make it easier to spot counterfeit chips, chips having been tampered with somewhere along the supply chain, and used chips being passed off as new.
“NFS and SRC are initially funding nine projects [listed below] with $4 million in a multi-phase project that will likely spend $10 million over several years,”
Tomi Engdahl says:
DARPA Technology Could Uncover Counterfeit Microchips
http://tech.slashdot.org/story/14/10/01/1929227/darpa-technology-could-uncover-counterfeit-microchips
Advanced Scanning Optical Microscope that can scan integrated circuits by using an extremely narrow infrared laser beam, to probe microelectronic circuits at nanometer levels, revealing information about chip construction as well as the function of circuits at the transistor level.
DARPA technology uncovers counterfeit microchips
http://www.networkworld.com/article/2690353/security0/darpa-technology-uncovers-counterfeit-microchips.html
DARPA partners are developing technologies and software that can certify circuits
Any counterfeit high-tech goods are a serious safety threat to people and cybersecurity as well as a problem for system reliability and performance.
The Defense Advanced Research Projects Agency said this week one of its contractors, working on one of the agency’s anti-counterfeit projects has developed and deployed what it calls an Advanced Scanning Optical Microscope that can scan integrated circuits by using an extremely narrow infrared laser beam, to probe microelectronic circuits at nanometer levels, revealing information about chip construction as well as the function of circuits at the transistor level.
SRI International said it has delivered the Advanced Scanning Optical Microscope (ASOM) technology to the Naval Surface Warfare Center in Crane, Indiana, where it will join an arsenal of laboratory equipment used to ensure the integrity of microelectronics.
The ASOM technology is developed under a DARPA program known as IRIS, or Integrity and Reliability of Integrated Circuits. The IRIS program began in 2010 and according to DARPA looks to develop technologies and software that could validate circuits.
“Over the past 50 years, the worldwide IC market has expanded dramatically. In 2013, the import value of integrated circuits was $231 billion, up 20% from the previous year. As a result of the globalization of the IC marketplace, most U.S. production of advanced circuits has moved to offshore foundries in Taiwan, Singapore, Korea, Japan and China. While offshore production has served to decrease chip prices globally, it has also made evaluating the integrity of circuitry components increasingly difficult,” DARPA stated.
“Without the ability to influence and regulate the off-shore fabrication of IC, there is a risk that parts acquired for DoD systems may not meet stated specifications for performance and reliability,” said said Kerry Bernstein, DARPA program manager. “This risk increases considerably with the proliferation of counterfeit IC in the marketplace.”
Tomi Engdahl says:
Watch That Windows Update: FTDI Drivers Are Killing Fake Chips
http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/
The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.
Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.
Because the FTDI USB to UART chip is so incredibly common, the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake
The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system.
Topic: Unable to get FT232R drivers loaded under Windows 7 64bit
http://forum.arduino.cc/index.php?topic=270175.0
Tomi Engdahl says:
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with ‘non-invasive’ methods
http://www.theregister.co.uk/2014/10/24/ftdi_bricking_driver_response/
Chipmaker FTDI has pulled a driver from Windows Update that could brick devices containing knockoff versions of its USB-to-serial bridge chips, but says it won’t back down on its aggressive anti-counterfeiting stance.
Earlier this week, hackers from various hardware forums began noticing that FTDI’s latest driver would set a USB device’s USB product ID to 0 if it contained a fake version of one of FTDI’s chips. Once zeroed, neither Windows, OS X, nor Linux would recognize the device anymore, rendering it useless.
Naturally, owners of devices containing the counterfeit chips were less than pleased.
“As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology,” FTDI CEO Fred Dart said in a blog post on Friday. “FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product.”
Dart said FTDI is working on a new version of its driver that will still reject non-genuine chips but will “do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.”
Check also: http://www.epanorama.net/newepa/2014/10/23/on-counterfeit-usb-serial-chips/
Tomi Engdahl says:
ITU thought bubble ponders mass mobe-tracking to kill fake IT
Gabfest to consider how to spot and track counterfeit kit before it crocks networks
http://www.theregister.co.uk/2014/11/13/itu_thought_bubble_ponders_mass_mobetracking_to_kill_fake_it/
The International Telecommunications Union (ITU) will next week meet to consider the issue of “counterfeit and substandard ICT products” and what can be done about them, but some of the proposals on the table look more than a little worrying.
Notice of the meeting was posted in late September, when the ITU announced next week’s gabfest would include “A focus of the event will be to examine the role of ICT innovations such as Big Data, Cloud Computing, Identity Management and the Internet of Things in tracing counterfeit goods and identifying their origins.”
The Ukraine’s submission [PDF] points out that the nation records the International Mobile Equipment Identity number (IMEI) of every mobile phone imported to the nation by registered importers.
“This type of system architecture has proved to be very effective in ensuring that mobile devices are imported in accordance with national regulations in the Ukraine and should be considered for application to combating the spread of counterfeit and substandard ICT equipment,” the submission says.
China’s contribution [PDF] explains how the nation’s food industry now tracks milk production with RFIDs on every cow and plans a regime whereby “… every can of milk power … can be tracked backward to its manufacture farm and forward to its distribution market.” The implication is that if this can be done for milk, why not ICT products?
The ITU thinks a response to counterfeit kit is justified because such devices are often sufficiently shoddy that they “… raise the risk of network disruptions and interoperability challenges that result in poor quality of service, with potentially dire consequences in emergency situations. They also pose major risks to consumers’ health and safety and that of our environment, especially related to the disposal of e-waste from such products.”
Tomi Engdahl says:
Powerless: Fake iPhone charger and cable
http://www.edn.com/electronics-blogs/rowe-s-and-columns/4426482/Powerless–Fake-iPhone-charger-and-cable?_mc=NL_EDN_EDT_EDN_weekly_20141218&cid=NL_EDN_EDT_EDN_weekly_20141218&elq=4bb5b100cd454d6fb4ba21fc9a9ccc5f&elqCampaignId=20794
There’s an electronics store on every block along 7th Ave.” Now, I knew that there was no way that any of these stores would sell genuine Apple chargers and cables. I also knew from experience the problems with fake Apple cables. Still, I just needed a charger and cable to get me through the weekend. How bad could that be?
Real bad.
After going into three stores, I realized that they all sold the same knockoff cables and chargers. So, the only difference was price. One store had an iPhone 4 charger priced at $40, but I had already seen the same knockoff for less in other stores.
Knowing that the charger and cable were anything but genuine, I insisted on testing them with my iPad. Connecting them to the iPad, I saw it start to charge. So, at least I had a charger, or so I thought.
The next day, we visited some friends who had a iPad. There, I discovered that the charger had failed, yet I clearly recalled seeing the iPad charging in the store.
Upon inspection, I found some light scratches on the charger unit. It was probably returned and resold — to me. I looked at the cable and noted that at the USB end, there was essentially no strain relief.
Tomi Engdahl says:
Counterfeit product photos:
http://prikol.bigmir.net/view/218531/
Tomi Engdahl says:
According to the OECD counterfeiting and piracy lead companies in potential revenue from $ 638 billion or 540 billion per year. Counterfeiting protection will require increasingly better techniques.
Source: http://www.etn.fi/index.php?option=com_content&view=article&id=2263:vaarennokset-vievat-yrityksilta-540-miljardia-vuodessa&catid=13&Itemid=101
Tomi Engdahl says:
Counterfeit components are a big problem. Manufacturers lose money and equipment break down, because the parts of lawns t work correctly. CIA Organization (Electronic Component Industry Association) has estimated that 5 to 25 percent of all electronics components are fakes.
According to the organization counterfeiting costs the electronics sector each year up to a hundred billion dollars.
Since beginning of 1990 counterfeit equipment selling has grown eight times faster than the legal goods trade.
Very often counterfeit parts are not cheap copies, but defective, unsuitable or non-functioning components that try to get the look of high quality. If they have access to the supply chain, there is a great risk that they will use the devices do not perform the tasks for which they are designed. This causes concern to any manufacturer. Industrial and other critical systems in preparation for it can lead to dangerous situations.
Source: http://www.etn.fi/index.php?option=com_content&view=article&id=2316:jopa-joka-neljas-komponentti-on-vaarennetty&catid=13&Itemid=101
Tomi Engdahl says:
Device Authentication Thwarts Counterfeiting
http://www.eeweb.com/company-blog/maxim/device-authentication-thwarts-counterfeiting
Competition is one of the major reasons behind the new inventions that are out in the market every now and then.
This application note will tackle about device authentication against counterfeiting.
A primary method of providing electronic security is through the use of a secure authentication scheme in hardware. Device authentication is used to protect end users and OEMs from counterfeit peripherals, sensors, consumables, or other devices. It is a method that verifies to the host system that an attached device is genuine and can be trusted.
An embedded secure authenticator protects end-users and OEMs from counterfeit devices. Secure authentication verifies to a host system that an attached device is genuine and can be trusted.
The Problem of Counterfeit Devices
Let us start by agreeing on what “counterfeit” means in our discussion. A counterfeit device could simply be a cheap clone of the original. Consider, for instance, a medical sensor that plugs into a control module. It is carefully manufactured to look and act the same, but the device’s quality and the accuracy of its data will be questionable, possibly leading to a misdiagnosis and incorrect treatment. Clearly with a cloned counterfeit instrument like this, device authentication would protect patients from faulty equipment and healthcare providers from the liability of flawed professional care.
Authentication Methods
Electronic security today encompasses a range of security methods including cryptographic algorithms and authentication protocols, some stronger than others depending on the application.
A simple authentication method works much like an ID. As long as the host “master” system receives the correct ID data from a peripheral “slave” device, that slave is assumed to be authentic. The problem with this method is that the ID data itself is exposed during communication from slave to host, and is then accessible to a hacker. This scheme is easily bypassed by recording or replaying the ID data and then acting as an authentic device.
Another method shown to be very robust is the use of a one-way hash function that is easy to generate, but nearly impossible for a hacker to invert to discover the input elements. SHA-256 is a well-tested and proven hash function. Using a challenge-and-response protocol, SHA-256 functions calculate a message authentication code (MAC) based on multiple public and private data elements.
SHA-256 algorithms can be implemented in software on both host and peripheral devices, but software implementations can be tricky to implement.
A DeepCover secure authenticator6 provides the benefits of a one-way hash function and the security of hardware-based cryptography. For SHA-256 implementations, the coprocessor stores data elements, such as the host-side secret, securely in protected memory that can be used as an input to the algorithm, but not read out. The coprocessor also performs the SHA-256 computations for the host side. To perform this verification, the MCU sends a random challenge to the coprocessor and authenticator, and the MCU collects the MAC responses from the coprocessor and authenticator for comparison.
Tomi Engdahl says:
Cable Assemblies: Ignore Them and Be Sorry
http://www.eetimes.com/author.asp?section_id=36&doc_id=1325387&
the lowly cable and associated connectors sometimes seem to be nearly invisible, in both the prototyping and production cycles.
We hear a lot about counterfeit components—mostly ICs and passives—but we don’t see much about the situation with cabling. Yet, it seems to be a serious problem, especially as the cable may work to some extent if not full spec.
The thing about cable is that it is so easy to make a fake, and put almost any rating you want on it.
While basic cable-assembly connectivity and continuity is very easy to verify with an ohmmeter, the actual performance to specifications of the assembly is not—especially for non-electrical parameters.
Tomi Engdahl says:
Cell phone charger
http://www.edn.com/electronics-blogs/living-analog/4437661/Cell-phone-charger-
My first cell phone gave up its ghost a few years ago
The phone had an oddball power connector.
I had the manufacturer’s cell phone chargers for it and of course, there were warnings in the product literature to never use any charger other than those made by the phone vendor or your phone could end up getting ended up.
Out of curiosity, I recently opened up one of the defunct cell phone’s now useless chargers. It was the kind that got powered from my car’s cigarette lighter.
The charger turned out to be a buck switchmode converter using a Fairchild KA7500C control chip and a multitude of other parts. This thing is actually a pretty darn sophisticated switchmode power supply.
I can just imagine trying to use some off-brand charger where maybe the Vds of the power MOSFET got chosen a little marginally (cheap!) or where some other design short-cut was taken. Picture then a charger part failure and the sudden application of 12 volts of automotive voltage to the 5 volts input of my cell phone.
Tomi Engdahl says:
Patch cords prove to be networks’ weakest links
http://www.cablinginstall.com/articles/print/volume-23/issue-2/departments/perspective/patch-cords-prove-to-be-networks-weakest-links.html
They don’t need to be weak links, but the proliferation of low-quality and counterfeit products makes them so.
In today’s networks, substandard patch cords have become that weakest link, wreaking havoc on speed and performance, damaging networks, and ultimately costing many companies many dollars in lost productivity and system damage.
It’s easy to amass tens of thousands of dollars in wasted time with a computer system that’s not reacting properly–all in the name of saving a buck or two on a patch cord. Substandard products also are damaging cabling systems and electronics, in the form of bad ports causing pins to get bent, and modular plugs out-of-dimension getting stuck in ports.
The occurrence is commonplace in both commercial and personal realms. For example, every day, vast numbers of consumers buy expensive, high-end HDTVs and associated components, then link them together with cheap patch cords that cripple performance–perhaps saving a handful of dollars in the process.
It sounds insane when viewed on that level, doesn’t it? Yet, this same mindset pervades commercial network decision-making.
Save a buck, support counterfeiters, ruin a network
Why is this happening? Because U.S. consumers, both in personal and commercial environments, have embraced cost-savings obsessively. Unscrupulous manufacturers respond to our quest for ever-cheaper components by insidiously providing ever-lower quality. Instead of disclosing the downside of these cheaper products, they remain silent and simply manufacture them to match the price specs.
Buyers get products that appear to make the grade, until tests reveal flammable bulk cable that uses inferior insulating compounds, does not have correct copper conductors
Counterfeiters don’t stop there. Modular plugs contain a cheaper plastic, improper base materials for the pins, and improperly processed plating materials, especially gold. Molds are not in tolerances. Finished assemblies never see an actual performance test. That’s how they can make a Category 5e patch cord for 30 cents when a compliant one would cost three times that much. But hey, it works, kind of … right?
When challenged, counterfeiters shrug their shoulders.
So, does fault lie with the makers of this third-rate product or with those purchasing it? The answer is, “Yes.” That is, both are culpable.
This is not a new problem by any stretch of the imagination. A 2002 study by the International Academy of Science documented problems with Ethernet cable and switches, and concluded that problems cost an average of $25,000 annually, per user, in user-productivity loss, network manager effort, and business downtime. Why would anyone in their right mind have tolerated this insanity, especially when the fix is so easy and cost-effective? Why does anyone still tolerate it?
Though critical, they get no respect
Patch cords are the most misunderstood and abused item in the structured cabling industry.
End users pay $150 to $250 per drop, depending on the category or cable being installed. They will demand that the contractor do a permanent-link test to confirm that the installed cabling system does indeed perform to Category 5e, 6 or 6A standards. They may also demand a manufacturer’s 15- to 25-year warranty on the installed cabling system. Then they will buy a patch cord for $1.50 that says “Cat 6″ or “Cat 6e” and “UL” on the jacket, and assume all is well. Often, this is not the case–all is not well–as counterfeit use of these designations is rampant.
Failure should not be an option
The Communications Cable and Connectivity Association (CCCA), founded in 2007, is an organization whose mission is researching substandard and fraudulent structured cabling products.
” A whopping 322 of the 379 offshore cords failed to meet the performance specifications of TIA-568-C.2. CCCA reports that 78 percent of the failing samples failed by a margin of 3 dB or more, and 45 percent of the failing cords were 6 dB or more worse than 568-C.2 performance specs.”
How to fix it
The solution, albeit straightforward, is anything but simple. Given the seeming rampant willingness of contractors and end-users to buy this garbage, industry regulatory bodies need to institute tough new standards and protocols that document quality and prevent counterfeiters from continuing to peddle inferior products. And buyers–from contractors to end users–will have a clear choice when it comes to the quality they are willing, or unwilling, to pay for.
Until that happens, the most definitive way to gauge performance is to do a live network test with both good and bad patch cords, then measure latency and user experience.
Tomi Engdahl says:
Nordic NRF24L01+ – Real vs Fake
http://hackaday.com/2015/02/23/nordic-nrf24l01-real-vs-fake/
The nRF24L01+ is a highly integrated, ultra low power (ULP) 2Mbps RF transceiver IC for the 2.4GHz ISM (Industrial, Scientific and Medical) band. Popular, widely used and inexpensive – and the counterfeit foundries are drawn to it like honey bees to nectar. But to replicate and make it cheaper than the original, one needs to cut several corners. In this case, the fakes use 350nm technology, compared to 250nm in the original and have a larger die size too.
Nordic NRF24L01+ – real vs fake : weekend die-shot
Nordic NRF24L01+ (NRF24L01P) is a very popular 2.4Ghz transceiver used in countless consumer products. Not surprising that we’ve came across it’s fake.
http://zeptobars.ru/en/read/Nordic-NRF24L01P-SI24R1-real-fake-copy
Despite there were no functional differences reported (yet), one could expect that 350nm compatible chip will have slightly higher power consumption and slightly lower sensitivity. If only this chip was marked properly (Like SI24R1 – one of compatible chips) as compatible – that would have been totally legitimate business. But currently designers, manufacturers and end users are mis-leaded.
Tomi Engdahl says:
Brian Monks: Keeping Bogus Electronics Out of Consumers’ Hands
This engineer at Underwriters Labs is a counterfeiter’s worst nightmare
http://spectrum.ieee.org/geek-life/profiles/brian-monks-keeping-bogus-electronics-out-of-consumers-hands
Brian Monks, the vice president of anticounterfeiting operations for Underwriters Laboratories (UL), likes to tell a story about the man with seven suitcases. Arriving from Asia at San Francisco International Airport, the man was asked by customs officers if he had anything to declare. The man responded, “Nothing.” The agents searched his seven bags anyway—and found each one filled to the brim with counterfeit circuit breakers.
The haul was just a fraction of the more than 300,000 bogus circuit breakers that U.S. customs seized that year, Monks notes. “That’s 300,000 potential fires that didn’t happen,” he says, “300,000 disasters that could have destroyed people’s lives.”
“Counterfeiters are trying to cheat and deceive,” Monks says. “They only care about money, not our well-being, and it jeopardizes the safety of all of us.”
Even something as simple as an extension cord can be rendered dangerous by a counterfeiter. It has two main components—copper and plastic. “Copper is more expensive, so counterfeiters will put very little copper and a lot of plastic,” Monks explains. “It will look and feel like a real extension cord, but inside it’s actually more like a telephone wire.” The bogus cord may work for a while, but Monks says it’s “a hazard waiting to happen,” which could eventually result in electrical shock or fire.
UL’s main line of business is testing and certifying a vast range of products, including batteries, lighting, appliances, even missile launchers. Last year nearly 23 billion legitimate products carried the UL logo.
One of the chief ways that Monks and his team thwart the counterfeiters is by enhancing the security features on UL labels. “Anytime you add something new, it’s harder and more expensive for the counterfeiter to duplicate,”
“Our labels are technical marvels,” he says. “There is so much embedded information in them that a tech geek could spend a lot of time trying to figure all of it out.”
Companies that have been victims of counterfeiting seem to be waking up to that fact, Monks says. “Years ago, when a company was ripped off, it wouldn’t say anything and would try to work alone to fix the issue.” Now, he says, major corporations will admit they have a problem, and entire industries “are declaring that they won’t stand for it.”
Still, Monks says, it’s difficult to stay one step ahead of the counterfeiters.
Tomi Engdahl says:
Stick a PUF to Your Board
A foil hat for your PCB?
http://www.eetimes.com/document.asp?doc_id=1325947&
PARIS — The Fraunhofer Institute for Applied and Integrated Security (AISEC) is developing a very versatile and flexible form of Physically Unclonable Function (PUF), one that can wrap an entire circuit board to secure it from physical attacks.
The foil-based solution consists of patterned metal electrodes embedded into a polymer film with a self-adhesive backing. The electrodes are connected to the board to be protected and special read-out software IP running on the board’s controller can extract the PUF from the film as is has been wrapped around or stuck to the board.
Try to remove the PUF sticker, pinch it to probe through it, scratch it or unseal it and the PUF will be altered. By detecting that change, the circuit board will be able to take any counter-measure it will have been programmed for, for example sending an alert message and disabling itself at run-time, or wiping out all of its embedded software.
Showing a demo at Embedded World, Fraunhofer AISEC’s head researcher on the so-called PEP project (Protecting Electronic Products, maybe with a pun intended on Polyethylene Plastics), Sven Plaga didn’t want to say too much about the internals of the film.
Tomi Engdahl says:
Forked Android: Sign of Trouble or Creativity?
http://www.eetimes.com/document.asp?doc_id=1326057&
The electronics industry is acutely aware of the growing fragmentation of Android devices. But what about a forked form of Android OS that appears to be proliferating in China?
On one hand, this shows the ingenuity of Chinese smartphone vendors. They’ve grown more aggressive in creating their own variations on the open-source Android OS. On the other hand, security experts are concerned about safety and security for corporate data as the BYOD (bring your own device) trend expands among employees working at multi-national corporations.
Forked but incompatible
Meanwhile, there is an unmistakable push in China to develop “a forked but incompatible version” of Android OS. A case in point is the Yun OS from Alibaba Group Holding’s subsidiary AliCloud. Reportedly, Alibaba developed the Yun OS in an effort to drive users to Alibaba’s e-commerce applications and other services.
At this point, it’s not known how many Android smartphones developed and made in China are actually passing Google’s compatibility test suite (CTS) and complying with Google’s compatibility definition document (CDD). Security experts caution that without compliance to Google’s CTS or CDD, devices can be shipped with known security vulnerability (prevented in Google certified versions).
According to the original Bluebox report, Xiaomi was shipping the Mi 4 with a rooted ROM and came pre-installed with tampered versions of popular benchmarking apps. It also claimed that Xiaomi’s own identifier app showed that the phone was a legitimate Xiaomi product.
However, Bluebox acknowledged two days later that the initial report was based on a Xiaomi device that was actually counterfeit and “a very good one at that.”
Bluebox believes the whole experience validated several issues. Andrew Blaich, lead security analyst at Bluebox, told EE Times, “First, we can’t trust the device we’re using.” Despite its security expertise, it was not easy for Bluebox to confirm the authenticity of both hardware and software.
Blaich added, “Second, we now know even if it were a legitimate hardware, software could have been easily swapped out.” In other words, whether or not the device was counterfeit, “the fact remains that consumers are buying devices that have compromised ROMs (either in legitimate or counterfeit hardware) that put their data at risk.”
To be clear, Xiaomi takes pride in using what it calls an MIUI operating system on top of Android.
How to confirm authenticity
As Bluebox noted, the amount of effort required to confirm the authenticity of the Xiaomi device that the security firm used for testing “goes way beyond what a normal consumer can be expected to do to be assured their purchase is genuine.”
It’s entirely possible that Chinese handset vendors, in hopes of building their own ecosystems, develop “drop-in services” that connect their branded phones to their own cloud services and app stores, explained Blaich.
Hsu observed, “Some Chinese handset vendors are becoming less dependent on Google, by specifying to us, ‘we want our phone to behave this way.’”
Tomi Engdahl says:
Counterfeit SD Card Problem is Widespread
http://www.eetimes.com/document.asp?doc_id=1326059&
Individual consumers and corporate bulk buyers alike should be wary of great prices for secure digital (SD) memory cards: they will find out the hard way the cards are bogus.
The Counterfeit Report recently published its findings about the extent of counterfeit SD cards available for purchase, particularly online from dishonest sellers using eBay, Amazon, and Alibaba offering high capacity cards at deep discounts. Publisher Craig Crosby said the cards and packaging, using common serial numbers, are nearly identical to the authentic product of all major SD card brands.
Tests by the Counterfeit Report found that the cards will work at first, but generally speaking, buyers are purchasing what they think are cards with capacities of 32GB and up. Instead they are getting are cards with 7GB capacity. Counterfeiters simply overwrite the real memory capacity with a false capacity to match any capacity and model they print on the counterfeit packaging and card, Crosby explained. Users can’t determine the actual memory capacity of a counterfeit memory card by simply plugging it into their computer, phone, or camera. When the user hits the limit, the phony card starts overwriting files, which leads to lost data.
SanDisk: SDHC Micro SD Memory Cards
http://www.thecounterfeitreport.com/product/186/SDHC-Micro-SD-Memory-Cards.html
According to reports from Sandisk, one third of all memory cards on the market are counterfeit.
Many buyers of counterfeit products find that branded SanDisk cards are actually re-branded inferior quality cards or cards of smaller capacity.
All genuine SanDisk memory cards should have a serial number and a manufacturing country’s identity. You can not determine the authenticity of a Sandisk card from an internet stock photo.
You cannot determine the actual memory capacity of a counterfeit memory card by simply viewing the capacity displayed by your computer, phone or camera. Counterfeiters fraudulently overwrite the cards internal memory with a false capacity. It must be checked with a test program.
To check if your Micro SD drive has the capacity and speed stated, “H2testw” is a simple tool that is distributed for free, does not require installation and offers a very simple, easy-to-use interface. The program can be used by anyone who wants to know how their actual product compares to others, the real capacity and the amount of errors that can be detected on their device.
Tomi Engdahl says:
Counterfeiters will produce $1.7 trillion in fake products worldwide this year…
Check before you buy!
http://www.thecounterfeitreport.com/
Tomi Engdahl says:
Stick a PUF to Your Board
A foil hat for your PCB?
http://www.eetimes.com/document.asp?doc_id=1325947&
The Fraunhofer Institute for Applied and Integrated Security (AISEC) is developing a very versatile and flexible form of Physically Unclonable Function (PUF), one that can wrap an entire circuit board to secure it from physical attacks.
The foil-based solution consists of patterned metal electrodes embedded into a polymer film with a self-adhesive backing. The electrodes are connected to the board to be protected and special read-out software IP running on the board’s controller can extract the PUF from the film as is has been wrapped around or stuck to the board.
Try to remove the PUF sticker, pinch it to probe through it, scratch it or unseal it and the PUF will be altered. By detecting that change, the circuit board will be able to take any counter-measure it will have been programmed for, for example sending an alert message and disabling itself at run-time, or wiping out all of its embedded software.
“The advantage over silicon-based PUFs is that one foil could protect an entire board or system, it is also much cheaper and simpler to implement”, he added, saying such a PUF sticker may be commercialized within the next two to three years.