I’ve recently been puzzled about how manufacturers of pirated hardware can circumvent proprietary software and appear legit to an authentication server. Think fake AirPods appearing as legit on the iPhone. Or Sony headphones being able to register as legit on their app. Or fake smartwatches connecting to legit servers. And so on.
How come a manufacturer of cheap products with very little quality control or budget can manage to basically defeat a big corporation in making their products appear as legit?
In: 8
The server doesn’t know what the hardware is, and it has no way of knowing it. Even your PC doesn’t really know what’s in it; it only knows what it’s being told is in it by the hardware (simplified, of course). The same thing happens with an authentication server. It only knows what the device talking to it tells it, about what device it is and whether it’s legit or not. As long as it says all the right things, the server has no choice but to accept it as genuine. Same with an iPhone and AirPods.
There are ways around this, of course – the whole thing is counterfeiters finding a way around authentication, and authentication finding a way around the counterfeits. For instance, I think iPhones can generally detect fake AirPods now, most of the time, although I can’t give you any specifics there. I remember something about MAC addresses, which can be used to determine the manufacturer of a device, and a MAC address can be spoofed. There are ways to detect spoofed MAC addresses, although I’m not really sure they’d apply in something like an app trying to identify a device directly.
But ultimately what it comes down to is that any device, real or counterfeit, controls what identifying data is sent back to something asking it to identify itself. If the authentication relies entirely on that, it can be fooled. It takes other methods to determine if a device is lying.
Latest Answers