Counterfeit electronics are components that are fakes or relabelled as a higher quality product and sold to unwitting customers. They can wreak havoc with your designs, security, budget, and schedule. Read on to learn how to product yourself and your products.
Like fake money, there are fake electronics circulating within the market, waiting to come into your possession and ruin your day. These parts are sold as if they are legitimate, and unlike money, there’s no magic marker you can run over them to check their authenticity. The consequences are severe regardless of the size of the operation. For smaller operations, this could mean falling months behind schedule because of the time spent on replacing parts that were questionably sourced. For larger companies, projects run the risk of going over budget by hundreds of thousands of dollars, sometimes millions, due to the time spent on identifying counterfeit parts. Honestly, if you aren’t convinced that losing 7 figures in Benjamin Franklin's is worth the effort of screening your components, then you deserve the zap, blue smoke surprise waiting to happen.
Wait, does this even affect me?
There are major concerns over counterfeit electronics in federal contracting. If you do work for the government, training to protect against counterfeit devices is mandated by certain acquisition policies. For those of you lucky enough to avoid the jargon-saturated slideshow flogging, it’s worth having a little background information to protect your products and reputation.
What are counterfeit electronics, anyway?
There are two main flavors of counterfeit electronics. This first is outright fakes, where a part is labeled and sold as something completely different. The second is called remarking. This is when parts that failed or tested below their specified tolerances get marked as a higher grade than they actually are. It’s like repainting the 10% silver tolerance band on a resistor to 5%, except it’s happening with integrated circuits (ICs) and microcontrollers.
There are three main concerns:
Infringement: It’s illegal to falsely represent a product. This applies to both the original counterfeiter and your company. You are liable for your product’s legitimacy and may face consequences if your system is falsely advertised.
Security: In my security-centric jobs, it was forbidden to use USB drives from conferences with work computers or documents because of tampering concerns. The same rule applied for using microcontrollers and other complex ICs that may have nefarious modifications (“nefarious” is actually the word used, so you know it’s bad).
These modifications give third party's unauthorized access to intellectual property, sensitive data, or other secure system information. In addition to catastrophic security ramifications, they can cause system malfunctions.
Performance: Counterfeit components have lower quality and performance. Sometimes they don’t work at all. In the most nefarious cases, they are designed to fail intentionally.
With Respect to Critical Systems:
Obviously, system failures and malfunctions are a major risk for any critical system. In particular, products that someone’s life depends on are held to strict standards. High performance/reliability systems (usually medical, aircraft, and defense) are advised or required to adhere to SAE’s Standard AS5553.
These requirements apply to many federal contracts, especially subcontractors with trickle down requirements and small businesses. Keep in mind that I’m a hardware nerd and not an acquisition specialist, so the legalese should be reviewed by someone with the appropriate qualifications.
With Respect to Consumer Systems:
Performance issues can be devastating for any system, even if they don’t control life or death situations. This is particularly important for startup companies with a limited budget. I’ve seen startup funding rounds missed because early failure rates ruined demos and customer relationships.
How do I protect my designs and products?
Now you’re all fired up and ready to tackle this issue, where do you even start?
Understand the supply chain
Where do your components come from? There are three main sources:
Original component manufacturers: Call them “OCMs” when asking questions at big presentations. This will let everyone knows that you’re underwhelmed by the powerpoint fear tactics. OCMs are the companies that make the components. If you are ordering wholesale or in huge batches then you can sometimes buy components directly from the OCM. If you aren’t, then you’ll probably buy from…
Franchise distributors: I’ve never heard them called “FDs,” but give it a try. These guys have specific contracts to sell officially sourced parts from the OCMs, and they should have solid documentation about sourcing.
Brokers, wholesalers, independent distributors: The trail mix of sourcing. Here you get occasional good deals (the M&Ms), many decent options (peanuts), and a few raisins that ruin the whole thing.
There’s a huge range of legitimacy at this level. While cheap, a random eBay guy is probably at the low end of this range. Independent brokers are the most common source of counterfeits, although they may resell to distributors who have no idea about the shady origin of some components.
Learn How to Inspect Your Components
When counterfeit electronics are a concern, you should source components yourself. This gives you the opportunity to inspect parts if necessary. Identifying counterfeit electronics can be difficult, but there are several approaches you can try.
In order of cost and complexity:
Visual: Look for resurfacing, sanding, or refinishing where labels were removed and repainted. Sometimes an acetone swab will remove fake labeling completely.
Microscopic: Check the surface of packaging and solder points for smoothness and consistency between different parts.
Inspecting boards for counterfeit components can be tedious and time-consuming.
Electrical testing: Power a device up, and make sure the I-V characteristics match the manufacturer data sheet. Usually, you will need custom test fixtures for surface mount components. This is tedious on large batches but is a dead giveaway for parts that are remarked.
X-ray: Again, you will be comparing seemingly identical components. Fakes usually have different wire bonding and internal variations. You can also remove the packaging from components to inspect their structure without an X-ray, but this is a very destructive option.
X-ray spectroscopy: If you really need this level of inspection, check out local university materials science programs. Some will partner with your industry or test your components for you. I advise you to look for lead, as counterfeit parts rarely live up to RoHS compliance. This doesn’t help for military grade parts that require lead solder.
Advanced microscopy and marking: DARPA and other groups have spent a lot of money on anti-counterfeit solutions. These include obscure DNA-based dyes, scanning acoustic microscopy and other techniques that identify counterfeit parts without destroying real ones. You’ll need some serious expertise on-hand to run these anti-counterfeit measures.
Use Qualified Sources
Your best bet is to source directly from qualified distributors. In defense applications, there are actual lists you need to keep track of. For the rest of us, it comes down to maintaining internal databases of approved parts from distributors who are transparent about sourcing and verification.
A great way to keep track of components is by using Altium Vault in conjunction with your PCB software to manage component databases. This will make it easy for your designers to only use parts from approved sources. Vault gives you supply chain traceability (more Fed-speak for who sold you the goods), so your documentation and reporting requirements are easily met if you do have a run-in with counterfeit parts. You can learn more about how Altium and Altium Vault can help protect your PCBs and products from counterfeit parts by contacting their specialists.