The use of stolen and counterfeit automotive components has increased significantly in recent years. A wide range of grey market devices can be found powering high-value modules such as in-vehicle infotainment systems and headlights, as well as in critical safety systems including airbag modules, braking modules, and powertrain controls. The deployment of sub-par counterfeit components is likely to negatively impact driver and passenger safety, quickly erode OEM and supplier brand equity, and decrease sales of authentic aftermarket modules.
As ECN’s Paul Pickering notes, counterfeit semiconductor products may be empty packages, packages with the wrong die, or packages without bond wires.
“These are non-functional and easy to spot, but a more insidious approach is to take functioning parts and alter them in ways that are hard to detect,” he explained.
“Examples include new product codes; RoHS markings on noncompliant products; high-performance markings on low-performance products; or automotive- or military-grade designations on commercial-grade parts… Such components may pass initial inspection and sample testing. They may not fail until months or years after they’re installed, leading to an increased incidence of field failures, government-mandated recalls, loss of reputation, and even loss of life.”
Some of the risks associated with counterfeit automotive ICs were highlighted in 2014 when the FBI charged Marc Heera with selling a cloned version of the Hondata s300, a plug-in module for the engine computer that reads data from sensors in Honda cars. According to IEEE Spectrum, the Hondata s300 automatically adjusts the air-fuel mixture, idle speed, and other factors to improve performance. Moreover, the plug-in also allows users to monitor the engine via Bluetooth and make their own adjustments.
“The clones certainly looked like the genuine product, but in fact they contained circuit boards that had likely been built in China, according to designs Heera had obtained through reverse engineering,” Mark M. Tehranipoor, Ujjwal Guin and Swarup Bhunia wrote in an April 2017 IEEE Spectrum article. “Honda warned that cars using the counterfeits exhibited a number of problems, including random limits on engine rpm and, occasionally, failure to start. Devices that connect to an engine control unit (ECU) present particular safety concerns; researchers have demonstrated that, through ECU access, they could hijack a car’s brakes and steering.”
According to Joe Gullo, the senior director for partnerships at Rambus, ensuring the authenticity of automotive systems is absolutely critical to maintaining a safe environment for vehicle drivers and passengers.
“This is precisely why security cores such as Rambus’ CryptoFirewall offers automotive OEMs a commercially-available, proven design to determine vehicle system authenticity,” he told Rambus Press.
More specifically, Rambus’ CryptoFirewall solution for the automotive sector consists of a security chip embedded in a module, along with verifier firmware integrated into the processor on an in-vehicle network.
“The firmware challenges the security chip and, based on the response, determines the authenticity of the module,” he added. “This can be done across any interface protocol, such as CAN or Ethernet, allowing for simple integration into any vehicle architecture.”