Attack of the Clones


However popular dystopian futures are nowadays, I don’t regard myself as a dystopian futurist as  I see some amazingly positive trends. That said, I don’t think it wise for us to bury our head in the sand and ignore dangerous risks.  Clones are one of those risks to the roll-out of important technologies.

IDC has suggested that there might be 80 billion connected devices in 2025, potentially generating 180 trillion gigabytes of new data in one year! There are many incredible things which might result from all these new connections and the IOT (internet of things). But with an epidemic of  cloning hardware there are also huge dangers, which need to addressed if we are to avoid a dystopian future. If 0.1% of devices were cloned, that’s an army of 800 million clones which might  be exposed to malicious malware and some form of critical failure. Even if its 0.01% or 0.001% , thats a phenomenal number.

Various barometers indicate that the number of cloned products has been rising. Back in 2011 the International Chamber of Commerce estimated that trade in such products (including non-electronic) was $650 billion and by 2015 it would be $1.7 billion.

Counterfeiters nowadays are able to create their own components and boards and package them into remarkably similar end products. Potentially they can host malicious software and buyers might be be clueless how to tell the difference.  If you take a look at this example, it really is impossible to spot the clone.

In this  the famous case a Florida man was convicted of trafficking in a reverse-engineered electronic engine control device, called the Hondata.

And here is the danger. Once cloned hardware has entered a network, hackers can do lateral attacks and take control of an entire system. In this case, devices which connect to an engine control unit might be able to hijack a car’s brakes and steering.

This is a video created by CISCO which shows how easy it is once a hacker is inside a system:

There have been many sorts of scary examples of hacking in recent years. As we get further into the age of interconnected devices and IOT we really must consider the risks. Not of all these examples are related to clones, but cloning can create the same type of risks through lateral attacks. There was one famous case of the baby monitor. A couple was woken up in the middle of the night to hear obscenities being screamed at their baby. It turned out that a hacker had taken control of the baby monitor and camera system. Now this has proliferated as this article suggests:

The story about a hacker taking control of a United flight was equally , if not more, terrifying:

“According to the document, Roberts said he gained access to the systems by plugging his own laptop computer into the IFE system’s electronic boxes mounted under passenger seats. Once in the system, he said he was able to access other systems — including the jets’ Thrust Management Computer, which is responsible for providing power to the plane’s engines.

Special Agent Hurley wrote that Roberts even claimed that he overwrote code in the Thrust Management Computer while aboard one particular flight and “successfully commanded the system he had accessed to issue the “CLB’ or climb command.

“He stated that he thereby caused one of the plane’s engines to climb, resulting in a lateral or sideways movement of the plane.”

What has contributed to the exponential growth of cloning is the spread of contract manufacturing around the world – that is where companies design their own chips but then outsource fabrication. Then these design files are mail back and forth between the designer and the fab, which opens up a security risk. Once a cloner is about to create realistic copies, sellers are easily about to hide their identities due to the ubiquity of online sales and the cheap prices. There are possibly many other reasons for the proliferation.

There are a perhaps 3 approaches to mitigating the risks of cloning according to the authors of the paper “Invasion of the Hardware Snatchers”:

( )

First, there is Unique ID number: the use of unique ID numbers on products throughout the supply-chain from manufacturer to the end user. However, cloners can hack the database of IDs and then apply them to fake products. In fact, because supply chains are realy complicated now its become very difficult to distinguish between a legitimate company making a database query and an ID-stealing cloner.

Second, there is DNA Sequencing Data: this is a new technique and involves the tagging of special DNA sequences as signatures for products. It has been adopted by some US government agencies for critical electronic parts. But the DNA tagging is really expensive and the authentication process long and expensive (currently $250). Applied DNA is an example of a company which is doing this, and there are more details on their website.

Finally, according to the report “The latest promising countermeasure against electronics cloning is something called the physical unclonable function (PUF), which can potentially protect chips, PCBs, and even high-level products like routers. PUFs give each chip a unique “fingerprint.”

PUFs are based on unique physical variations which  transpire quite naturally during the manufacture of semiconductor chips, and which make it possible to differentiate between otherwise identical semiconductors. The variations are unpredictable, permanent and essentially impossible to clone. So PUF technology enables a root of trust.

You can read one longer explanation on Wikipedia here:

It is a tricky technology and a number of companies have failed, including one spun out of MIT. Most of these companies require an error correction code because the condition of the chip might change under different conditions like temperature. One Korean company – ICTK ( – claims to be the first company in the world to have solved these challenges and have an affordable and market-proven PUF technology.  [For full disclosure: I am an adviser to their board of directors].

Many Futurists and Technologist are really excited by this new world of inter-connected devices.  The possibilities are endless. As the consultancy EY has written:  “IoT combines connectivity with sensors, devices and people, enabling a form of free-flowing conversation between man and machine, software and hardware. With the advances in artificial intelligence and machine learning, these conversations can enable devices to anticipate, react, respond and enhance the physical world in much the same way that the internet currently uses networks and computer screens to enhance the information world.”

But we absolutely must tackle security otherwise we will find that consumers don’t adopt them, or worse still we will be plagued by horrifying acts of hacking and terrorism. Lets hope that more progress is made in developing and using these security technologies.  We must also engage in much more public dialogue about these important issues: the future is – after all – something we co-create together.



Don’t have an account? Sign up