Eli5: piracy of hardware auth software.


I’ve recently been puzzled about how manufacturers of pirated hardware can circumvent proprietary software and appear legit to an authentication server. Think fake AirPods appearing as legit on the iPhone. Or Sony headphones being able to register as legit on their app. Or fake smartwatches connecting to legit servers. And so on.

How come a manufacturer of cheap products with very little quality control or budget can manage to basically defeat a big corporation in making their products appear as legit?

In: 8

The server doesn’t know what the hardware is, and it has no way of knowing it. Even your PC doesn’t really know what’s in it; it only knows what it’s being told is in it by the hardware (simplified, of course). The same thing happens with an authentication server. It only knows what the device talking to it tells it, about what device it is and whether it’s legit or not. As long as it says all the right things, the server has no choice but to accept it as genuine. Same with an iPhone and AirPods.

There are ways around this, of course – the whole thing is counterfeiters finding a way around authentication, and authentication finding a way around the counterfeits. For instance, I think iPhones can generally detect fake AirPods now, most of the time, although I can’t give you any specifics there. I remember something about MAC addresses, which can be used to determine the manufacturer of a device, and a MAC address can be spoofed. There are ways to detect spoofed MAC addresses, although I’m not really sure they’d apply in something like an app trying to identify a device directly.

But ultimately what it comes down to is that any device, real or counterfeit, controls what identifying data is sent back to something asking it to identify itself. If the authentication relies entirely on that, it can be fooled. It takes other methods to determine if a device is lying.

You can protect devices with private keys, but any HW can be glitched to spill it is out.

Once you have the details of one device then you can clone.

Anyway use Android instead.

“manufacturer of cheap products with very little quality control or budget”

Don’t assume this. Some counterfeits come off of the same assembly line as the real deal. The way it works is pretty simple; legit company orders let’s say 10,000 pieces and they decide to produce 12,000. Retail markup is often three times the manufacturing cost or more so they still make money selling stuff at a discount.

It’s often called “third shift” or “ghost shift”

When devices connect to each other (whether wireless or not) they send each other signals. These signals contain info about what the device is etc.

Imagine if somebody was ringing the doorbell and for some reason you can’t see who it is, but you can hear them, so you ask who it is before letting them in. If it’s a stranger, you’ll leave the door closed, but if it’s your mom or a friend you’ll let them in. However, there may be a thief able to imitate your mom’s voice, or maybe they have a recording of your mom’s voice. In any case, they sound so much like your mom that you’ll open the door, so they can get in.

That’s basically what happens with false AirPods etc. As long as the signals these devices send are identical to those of the real device, your computer or phone will recognize it as the real deal, even if it isn’t. In theory, they could even produce a USB stick or a microphone that will get recognized as AirPods by your computer (for example), just by having that device send out the right signals. Obviously, these devices won’t work like AirPods, but your computer doesn’t know that as long as that device continues sending the right “AirPod” signals to your computer.