Knockoff semiconductor chips flood the enterprise market
As the predominantly pandemic-caused global chip shortage rolls on, businesses are now facing another challenge–component scams and bogus supply-chain claims.
Semiconductor scams are presently big business. As a consequence of the global chip shortage largely created by the over-demand in the COVID-19 pandemic era, fraudsters have stepped up their game to swindle enterprises in dire need of the circuital components.
And the chip drought—according to many experts—could last until 2023. As TechRepublic previously reported, creating a finished, legit chip can take roughly 26 weeks. Semiconductors, of course, are the centerpiece for a plurality of products consumers rely on—such as Internet of Things devices, vehicles, laptops and smartphones.
One culprit has been that many companies began hoarding semiconductors in response to the coronavirus—unclear what they’d face in the future when it came to producing products that rely on sound semiconductors. The need for chips, meanwhile, spiked as well—given how central they became for more devices for people staying home (for instance, laptops and other hardware for remote work, and the overload of, say, cloud-based services like Zoom).
SEE: Security incident response policy (TechRepublic Premium)
And, as a result, many tech companies and others have turned to vendors claiming they can fill microchip needs that their reliable sources can’t—and, ones without a proven track record for producing integrated circuits.
Moreover, according to work conducted by the University of Florida, the business of counterfeit electronics, in general, is one that decreases incentives for enterprises to work on developing new products and as a result, causing a negative impact to “worldwide innovation, economic growth and employment.” The university also maintains that fraudulent tech products are often produced by alleged terrorist groups and organized crime organizations.
One way grifters are operating is they’ve turned to purchasing ads for chips on search engines to bait buyers, as the Wall Street Journal recently reported. And a myriad of reputable firms have fallen for the ruse—receiving a large shipment of counterfeit parts that are shoddily made or simply don’t work at all, says the WSJ.
Often semiconductor defrauders don’t even bother with shipping fake ones—they demand payment in advance, and then when the buyers request a refund for failed deliveries, their attempts are strung along or completely evaded.
And one result of the situation has been the bogus chips market has caused higher production costs from the resources needed for figuring out whether a chip is legit.
“Many frauds occur,” according to John Annand, an analyst and director in the infrastructure team at the enterprise IT analyst firm, Info-Tech Research Group, “simply because buyers are being pressured to release funds to hastily erected, web-based chip distributors, who just as hastily, shut down these websites by the time the promised product is supposed to arrive, destroying any potential for recourse.”
Meanwhile, all too often, according to Mike Borza—the principal security technologist at the electronic design automation firm Synopsys—many companies that get bamboozled determine it’s not in their best interest to release that information. “Companies don’t want to admit that they are not savvy enough or don’t have sufficient control over their supply chain to prevent chip fraud,” he said.
“Customers of those products and companies may not want to buy or use things they don’t believe are genuine,” Borza added. “In a competitive market, competitors will often play up perceived weaknesses of their peers to gain advantages. Keeping quiet about having been duped continues to be common to avoid customer distrust and losing a competitive edge.”
And why not just quickly build new semiconductor fabrication plants to meet the demand for legit ones? It’s a nearly impossible feat. “Plants are notoriously expensive and difficult to build,” said Annand. “The cleanroom facilities alone are 1,000 times cleaner than an operating theatre, requiring 2 to 4 million gallons of incredibly clean water a day.”
Annand said: “Even if we found the billions of dollars required for a modern foundry tomorrow—it would still take 18 to 24 months to build. Refitting an old plant for newer, bigger wafers could theoretically increase capacity, but even in 2011 that was a $500 million-plus proposition, assuming you could find the specialized lithography machines required.”
One simple counter businesses can take from being deceived, said Annand, is to check with the information services organization, ERAI, and its Counterfeit Electronics Database, when dealing with new vendors.
Borza offered up other solutions, such as “optical and electrical watermarking” on provided chips, “embedded cryptographic identity” info within chips and “chemical or microscopic structural marking of packaging materials.”
Fraudulent chips, moreover, range in their unreliability. Borza said some chips deemed faulty by enterprises—and not outright unworking ones but underperforming chips—are then often recycled back into the supply chain (causing other companies problems).
“These may not be catastrophic failures that make the part dead-on-arrival,” Borza said, “but rather underperforming parts that may behave correctly most of the time.”
He added: “They may operate incorrectly under certain conditions, or fail permanently before their normal expected lifetime. These kinds of failures can create reliability and warranty return issues, costing the product manufacturer and undermining customer trust.”
And fake or faulty semiconductors don’t only drive up costs for companies, but their use can have life-threatening consequences. “For parts in safety-critical applications, the consequences can have serious human costs,” said Borza. “Imagine a fraudulent chip [failing] in an ABS brake module in your car, or the control avionics on the next airplane you fly on. Those are not very comforting thoughts.”
This post was written by and was first posted to www.techrepublic.com