
Fake hardware could open the door to malicious malware and critical failures - jnord
http://spectrum.ieee.org/computing/hardware/invasion-of-the-hardware-snatchers-cloned-electronics-pollute-the-market
======
userbinator
_But they may also host unwanted or even malicious software, firmware, or
hardware—and the buyer may not know the difference, or even know what to look
for._

Alternatively, the clones are often the ones which will omit the user-hostile
DRM and such. Thus you get HDMI splitters which don't actually re-encrypt
HDCP, DVD players which don't implement region restrictions or the
"unskippable" bits
([https://en.wikipedia.org/wiki/User_operation_prohibition](https://en.wikipedia.org/wiki/User_operation_prohibition)
) , Androids with unlocked bootloaders by default, etc.

Of course, to an organisation like the IEEE, who have always appeared to be
pro-DRM, pro-IP, pro-copyright, that would probably be considered
"malicious"...

The whole safety/security argument, while true, I think is somewhat overblown
and these days increasingly used to justify an authoritarian agenda.

~~~
jfoutz
I think the IEEE is just ethical. Faithfully build the thing you're paid to
build. It's probably not fair to call the encryption free splitter an HDMI
splitter. If you build it, call it something else so you don't dilute the
standard.

Of course, i don't have a lot of experience with IEEE, they may actually be
super pro-DRM, and my opinion could be swayed.

~~~
Sunset
No. Call it exactly what it is encryption-free-HDMI-splitter.

~~~
mlonkibjuyhv
Non-technical users would think that was a lesser product. I'm thinking RLY-
WORKS brand HDMI-splitter

~~~
mhb
Encryption-stripping HDMI Splitter

------
PhantomGremlin
I deeply empathize with people who've had their IP stolen by offshore
entities.

But, especially with big manufacturers like Cisco (mentioned in the article),
a lot of the problems are of their own doing. There is an ancient proverb: _as
you sow, so shall you reap._

So, what the fuck did those big companies think would happen to their designs
once they shipped them off to China to manufacture? Or, even better, after
they subcontracted the actual design of their products to offshore entities?

Surprise ... surprise ... surprise ... there are plenty of smart engineers and
plenty of greedy capitalists to be found all over Asia. Why did you give them
such a head start with your products? The stories are legion of factories
making legitimate products during the day and counterfeits of those very same
products at night.

Cloning electronics is hard compared to consumer goods. Why is it that a Coach
handbag can be purchased so cheaply in China? Maybe because Coach does their
manufacturing in Asia? Maybe because if a handbag can be made in Asia for $50,
there are plenty of people who would be happy to purchase it for $100 instead
of the $1000 that Coach is selling it for?

------
rebootthesystem
Everyone posting comments either defending clones or saying they are not
bothered by them (or that they are cool because they foster innovation) has
obviously never taken everything they owned, quit their job and even gone as
far as mortgaging their family home to develop a product in pursuit of an
idea.

Do that. Then come back and tell me how it feels to have some fucker in China
clone your product.

I've had the experience of having a company out of Korea do a product that
copied 75% of one of ours and introduce it into the US at half the price.
Nearly fucking killed my business after investing nearly a million dollars and
a year of R&D.

The "D" part is much easier than the "R" part, which is where reverse
engineering has a huge advantage. You do all the "R" and then they copy and do
some "D".

Not only that, you also identified a market opportunity for a product, which
is massive. Ideas are worth shit. Opportunities are worth gold.

~~~
petra
The question isn't whether cloning is bad for Businesses. Businesses are here
to serve people, not the other way around.And they carry risks.

The question is whether cloning and weak IP protection is good for people,
everywhere, including people of China.

And i don't think there's an easy answer to that one.

~~~
rebootthesystem
The answer is very, very simple once you've taken a loan out on your family
home to finance the development of a product that is then stolen.

Everything is academic and sterile from almost any other perspective.

Government sponsored theft --which is what's happening in China-- is a massive
destructive force. It is good in China because it brings in billions of
dollars from all around the globe. That's why the Chinese government doesn't
do a thing about it. They "sponsor" it do the extent that inaction becomes
indistinguishable from sponsorship.

~~~
Qwertious
And what about when you've taken a loan out on your family home to finance the
development of a product, but are then ruined by the incumbent oligopoly's
abuse of their patent monopoly to put your prices through the roof and never
improve their products?

I can write emotionally-charged anecdotes too, see. The question is whether
the benefits outweigh the negatives. Everything is exaggerated, politicized
bullshit from almost any other perspective.

~~~
rebootthesystem
Not my fault if you can't see the difference.

I have competed with multi-billion dollar multinationals from my garage with
0.001% of their budget on hand. Does bad shit happen? Sure.

The topic you seem to want to discuss is valid and should be discussed. Stop
trying to make it equivalent to IP theft and cloning from China. Two very
different things. If you can understand the differences then there's a
conversation to be had.

------
nraynaud
remember that cheap clones also foster innovation, by spreading tools that
would be completely inaccessible to people without money, that's how computers
revolutionized the world.

With some cheap fake arduinos, cheap fake Saleae, and cheap fake FTDI chips,
you can start prototyping while others are still counting their money to buy a
$35 arduino. When you've established your working capital, you will buy brand-
name stuff.

~~~
lelandbatey
Making a cheap clone isn't really morally problematic to me. If a consumer has
more options _AND_ can make effective judgments about the level of quality
they're buying, then consumers are probably happy. What is problematic is
deceptive labeling/marketing such as saying "why yes, this is of course a
genuine pacemaker".

~~~
mikeash
And to be clear, the article is talking about that last kind. I think its
terminology is rather off: I'd consider a "clone" to be something built to be
similar, maybe compatible, but clearly marketed as its own thing, and the
subject of the article would be "counterfeits." But for some reason they're
using "clones" to describe stuff that's passed off as the original.

------
mjevans
On the first pair I called it correctly... but I don't think I could have
called it correctly without knowing there was only one fake.

What if there were no fake, or both were fake, and they lied to see if anyone
called them on it? Honestly all I was basing it on was the components being
SLIGHTLY off (bad QC).

That's why I couldn't pick out which of the second set were a fake, sure there
were differences, but there wasn't any visually obvious detriment to those
differences.

~~~
qb45
> That's why I couldn't pick out which of the second set were a fake, sure
> there were differences, but there wasn't any visually obvious detriment to
> those differences.

Cheap knockoffs quite often skimp on laser engraving, which seems to be the
case here too.

------
RichardHeart
I think fake detection could occur by including a sim card of authenticity. I
guess you'd need to insert the sim into something to authenticate. As long as
sim cards aren't cracked, the manufacturer doesn't lose their private key, or
customers aren't convinced to authenticate against the wrong signature, 1
sim/signature per device should work.

I guess this is similar to dongles for software?

------
cs2818
Incorporating plant DNA is certainly an interesting approach to the problem.
The chip or PCB fingerprinting methods make me slightly concerned about
potential privacy implications. Would the fingerprint be shared among a batch
of chips/PCBs or would each piece be uniquely fingerprinted?

------
louithethrid
Not exactly fake hardware, but also quite commone- reused hardware- you
desolder SOCs from defunct old scrap hardware and reapply them to "new" or
"faked" hardware.

Suddenly the invetible bitrot - by material migration or allready done flash-
writes sets in way earlier.

