If you're looking for cheap electronic sensors, the internet has lots of possibilities, but buyer beware: they aren't always exactly legit.
Since 2018, Christian Petrich, a researcher with Northern Research Institute in Narvik, Norway, has purchased more than 1,000 temperature sensor chips from more than 70 vendors via eBay, AliExpress, and other e-commerce websites.
Most of the digital thermometers not obtained directly from the manufacturer or authorized distributors turned out to be illegitimate, he found. According to Petrich: "All of the probes bought on eBay and AliExpress contained counterfeit DS18B20 sensors, and almost all sensors bought on those two sites were counterfeit."
Petrich has been publishing his findings via GitHub since October last year, and updated them recently with additional details about the DS18B20 temperature sensor chip, originally made by Dallas Semiconductor and right now made by Maxim Integrated [datasheet PDF].
Petrich says at least four companies appear to offer clones of the DS18B20, three of which he identified as China-based GXCAS, UMW, and Beijing 7Q Technology (7Q-Tek). The Register emailed the three manufacturers for comment, though given the time difference in China we don't expect an immediate response. We'll assume, however, that they deny any wrongdoing and dispute the findings.
Maxim Integrated declined to comment.
Among the sensor chips analyzed, Petrich speculates some were stolen from the Maxim production line, some are less accurate than they should be in their temperature calculations, and some lack features like support for using parasitic power – using power even if a device is turned off.
Fake fuse: Bloke admits selling counterfeit chips for use in B-1 bomber, other US military gearREAD MORE
Beyond the ethical issues involved with buying and selling unauthorized goods, Petrich says, this matters because "some of the counterfeit sensors actually do not work in parasitic power mode, have a high noise level, temperature offset outside the advertised ±0.5 °C band, do not contain an EEPROM, have bugs and unspecified failure rates, or differ in another unknown manner from the specifications in the Maxim datasheet."
Counterfeit chips – made or obtained without authorization or scavenged from recycled electronics then rebranded for resale as if new – have been a concern for years, as matters of both law and safety. The issue received significant attention in 2012 when the US Senate Armed Services Committee published a report about counterfeit parts from China that had been found in US military hardware.
Last year, the US-based Semiconductor Industry Association, in Congressional testimony [PDF], cited the case of Rogelio Vasquez, sentenced to 46 months in prison last year following a guilty plea for selling fake chips destined for US military systems, to underscore the importance of addressing the issue.
According to the SIA, member companies regularly try to get online marketplaces to remove counterfeit semiconductors. One such firm, the SIA claims, asks for about 2,000 counterfeit chip listings to be removed every month, mainly from Chinese websites like Alibaba, HC360, China.makepolo, and Taobao.
One of the problems, the SIA points out, is that credit for stopping fake goods tends to be measured in monetary value, which disincentivizes hunting for cheap fake chips that nonetheless might cause costly disasters by making devices fail.
"Unfortunately, [Customs and Border Protection] metrics that track the number of shipments or the dollar value of counterfeits seized, underestimate the impact that seizures of counterfeit semiconductors have on health, safety, and national security," the trade group said.
Another issue, the SIA said, is that counterfeit chips are often imported without any markings, which prevents them from being seized for trademark violation. The group wants such shipments brought to the attention of Homeland Security Investigations more frequently so the legitimacy of the unmarked chips can be better evaluated.
The trade group also argues for tighter government procurement – to keep known counterfeiters away from government procurement – and more cooperation between the US, Canada, and Mexico to intercept fake semiconductors. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Integrated Circuit
- Palo Alto Networks