Skip to main content

Attack of the Clones

Electrical and computer engineering researcher seeks to combat cloning within global electronics supply chain

By Amy Weaver

Electronic cloning — whether it’s duplicating a printed circuit board or copying the electronics in a network router — is a significant and complex problem that is plaguing the global electronics supply chain.

Cloned products with inferior quality parts or counterfeit components that make it through the supply chain and land in the hands of consumers may not be as reliable as the product with authentic parts. Such products may not even work. Or it may work just as well as the real thing, but provide hackers with remote control or access to personal information. For instance, a hacker who has control over a cloned router can intercept or redirect communications on the network. A car with cloned parts may not start. Or cloned devices that connect to an engine control unit may give a hijacker access to a car’s brakes and steering.

“While there appear to be no published reports of injury or hacking related to this cloning, the risks are bigger today because more of the systems we interact with daily are connected to the internet,” said Ujjwal Guin, an assistant professor in the Department of Electrical and Computer Engineering. “Cloned hardware may lack the security modules intended to protect such devices, and so it may open up the unsuspecting user to cyberattack.”

Predictions from Gartner, a research and advisory company, and Cisco’s Internet Business Solutions Group, claim there will be 20-50 billion devices connected to the internet by 2020, further complicating the “internet of things.” Without solutions such as those being developed by Guin and others at Auburn University, the global epidemic of cloned systems will only worsen.

“As the number of IoT devices grows, everyone should become more aware of the dangers that cloned products pose,” said Guin.

Even if just 1 percent of those 50 billion connected devices were clones, harboring malicious hardware or software, that’s 500 million susceptible devices.

Unfortunately, the battle against cloning and counterfeiting is much more complicated than it used to be. In earlier times, counterfeiters would simply repackage old or inferior components and sell them as if they were new, but these knockoffs had poor reliability. These days, cloned electronics are very sophisticated and potentially more nefarious.

Guin said the counterfeiters make their own components, boards and systems from scratch and then package them into superficially similar products. The clones may be less reliable than the genuine product, having never undergone rigorous testing. In addition, they may also host unwanted or even malicious software, firmware or hardware and the consumer may not know the difference.

The growing practice of counterfeiting and cloning of electronics is destructive to the global supply chain, companies and consumers.

The International Chamber of Commerce estimated that trade in counterfeit and cloned products — including non-electronic products such as designer handbags — amounted to $650 billion globally in 2011. A 2017 report commissioned by the ICC’s Business Action to Stop Counterfeiting and Piracy and the International Trademark Association estimated the wider social and economic impact on displaced economic activity, investment, public fiscal losses and criminal enforcement could reach an estimated $1.9 trillion by 2022.

The negative impacts of counterfeiting and piracy — the unauthorized use or reproduction of another’s work — are projected to drain $4.2 trillion from the global economy and risk 5.4 million legitimate jobs by 2022, according to the report.

“Cloned electronics are a great threat, even if the device is purchased in the United States.”

“Cloned electronics are a great threat, even if the device is purchased in the United States,” said Jubayer Mahmod, a graduate research assistant under Guin. “The electronic supply chain is quite complicated nowadays. Therefore, it is difficult to ensure the integrity of the parts and the devices. Internet-connected devices, like modems and phones, could lead to much more serious threats than just reliability problems. Cloning, along with hardware/software level malicious modifications, can make people vulnerable to hacking.”

Such a gloomy outlook is only darkened by the fact that nobody really knows the true scale of cloning in the electronics realm. Cloners themselves are a clandestine group. Plus, adequate detection measures don’t really exist in the global supply chain. 

Guin wants to change that. His research is focused on developing solutions to detect counterfeit integrated circuits and cloned systems. By discovering these items in the supply chain, Guin seeks to prevent them from getting into electronic products before they are sold around the globe.

Whatever the true size of the cloned electronics market, Guin and fellow researchers at the University of Florida firmly believe it is growing, simply based on their work with SMT Corp., a Connecticut-based electronic parts supplier whose labs specialize in identifying cloned and counterfeited components in global supply chains. 

“Among the trends contributing to the growth of cloning are more-sophisticated imaging and analysis tools and the spread of contract manufacturing, a business model in which the companies that design chips and systems outsource their fabrication,” Guin said. “As design files are passed back and forth between the designer and the contractor, cloners will exploit any crack in security to get those files. Once a cloner succeeds in fabricating credible copies, the ubiquity of online sales makes it easy for the sellers to hide their identities and attract bargain-minded customers.”

Guin’s research is part of the Charles D. McCrary Institute for Critical Infrastructure Protection and Cyber Systems at Auburn.

“The primary objective of the McCrary Institute is to ensure security for our critical infrastructure,” said Guin. “Infiltration of compromised electronics in our critical infrastructure will be catastrophic. An adversary can disable an infrastructure when they want.”

Simply, Guin said his research is about trust. There is currently very limited trust in integrated systems manufactured outside the United States. However, establishing trust throughout the global supply chain should allow consumers to confidently purchase and use reliable electronic systems, no matter where production occurs.

“Trust is a big part of combating this intricate problem,” said Mahmod. “A well-planned supply chain should improve consumers’ freedom of buying an electronic device.”

With funding from the National Science Foundation, Guin’s latest project focuses on designing a secure logic locking technique to enable protection against untrusted integrated circuits manufacturing.

“Due to the prohibitive costs of semiconductor manufacturing, most computer chip design companies outsource their production to offshore foundries. As many of these chips may be manufactured in environments of limited trust, problems of the piracy of intellectual property and the overproduction of integrated circuits have emerged in recent years,” he wrote.

Guin said research like his in addressing clones in the critical infrastructures is in the nascent phase and would benefit from additional support from government and industry. Now is a crucial time for such work as advance reverse engineering techniques are making cloning easy and low-cost electronic products are in high demand.