REGISTER | LOGIN
Breaking News
News & Analysis

Counterfeit SD Card Problem is Widespread

3/17/2015 09:43 AM EDT
5 comments
NO RATINGS
More Related Links
View Comments: Newest First | Oldest First | Threaded View
TanjB
User Rank
Author
Re: Faster ways to test SD cards
TanjB   3/19/2015 6:58:26 PM
NO RATINGS
@Karen, that is good to know.

However, if your app became common, wouldn't they just take more care to clone the metadata?  In these games we should be playing strong moves, not a weak chain of cat and mouse.  The bad guys will always win any strategy which requires informed, active, alert consumers.  And really there is zero reason the SD manufacturers could not solve this.

The whole name "SD" belies the focus.  The original SD was created at the behest of Hollywood to protect content, at some inconvenience to consumers (if you have ever experienced an actual locked SD you know the pain).  Why can't we expect the makers to have enough consumer orientation to solve the piracy problem, which would be much less complicated and intrusive than Secure Digital was?

karen@humanlogic.com
User Rank
Rookie
Faster ways to test SD cards
karen@humanlogic.com   3/18/2015 11:24:19 PM
NO RATINGS
Although testing the data storage of a SD card is very slow, it is much faster and often just as accurate to validate the metadata.  A majority of fake cards do not correctly duplicate this metadata.

There are many tools, such as SD Insight for Android, which can quickly allow you to verify the metadata and thus the authenticity of the SD card.  The app is free and can be found on the Google Play store. (Full disclosure, I am the publisher).

GSKrasle
User Rank
Author
Re: Validation software should be fast and painless
GSKrasle   3/18/2015 12:49:34 PM
NO RATINGS
TanjB,

You're exactly right: if Game Controllers and Media Player Chargers can have secure authentication, then so can bulk memory devices. 

I see the lack of such an implementation as similar to the LACK of a 'Kill Switch' on Phones. It amazes me that it was EVER possible to get use of a reported-stolen device that has an unique ID and communicates wirelessly. It should be 'bricked' immediately! (And there is no reason it couldn't be 'unbricked' just as quickly if recovered; it would be the NETWORK(S) that would refuse to 'play with' a stolen device.) The providers' reluctance to provide such an obvious feature makes me mistrust their motives and honesty.

One thing I worry about, in addition to shoddy knock-offs, is malicious content. 'Remember Broadcom? It wouldn't be 'hard' to design a device with hidden malicious content, as simple as an infectous file pre-loaded or as complex as a secret µC that infects files stored on the main media. Do we need to implement encryption when writing and reading these devices? 

TanjB
User Rank
Author
Re: Validation software should be fast and painless
TanjB   3/18/2015 11:43:59 AM
NO RATINGS
The SD industry has the power to fix this.  The controller chip built into the device has direct access to the Flash chips and can verify the specs and size of the Flash chips since it can read out from embedded registers information about the chip.  Just add a simple command to the controllers to report that, and a challenge/response mechanism to handshake with the mobile device to verify the controller manufacture.  The counterfeiters are not able to make their own chips or do teardown to the physical level to retrieve keys.  They are just low tech relabellers of existing chips.

Since counterfeiting has been rampant for many years and nothing has been added to the chips to solve this, one has to conclude the manufacturers do not care.  After all, the problem is not delivered to their door.  They get paid for what they ship.  They feel no pain if the distribution chain is insecure.

But, they should look around at what has happened to others who ignore the corruptions of the distribution chain and the degradation of customer experience.  Ultimately if you do not have your consumers at heart, your business will crumple.

MWagner_MA
User Rank
Author
Validation software should be fast and painless
MWagner_MA   3/18/2015 7:18:29 AM
One would think that the likes of SanDisk and others could provide a validation piece of software that would Take the indicated capacity, and search at random addresses (write/read back) of 70-100% of max limit rather than scan the entire memory space.  That would take significantly less time, and provide some measure of assurance which people would likely run (because it would take only 2-3 seconds).

Most Recent Comments
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed