I read an article in EDN yesterday that came as a mild shocker, hashing and cryptography chips designed for embedding in….batteries.
Yes, batteries. Specifically, rechargeable battery packs used in cellphones, laptops, cameras and similar consumer devices, allowing the device to reject “unauthorized” replacement batteries. Yes folks, slapping in a replacement battery pack for some discontinued gadget can now be a DMCA violation*.
The official claim they make, as claimers often do, is that such methods are intended for consumer safety. An inferior Li-Ion cell could have a lower maximum charging rate and go *pow* when the device tries to charge it at the expected rate for the original cells, so the rhetoric goes.
Modern battery charging circuitry carefully monitors the state of the cells, measuring the current drawn by each cell over time and even the surface temperature. While it is theoretically possible for an aftermarket battery pack to be produced with low-rate cells that don’t match the original spec, the gadget to not notice, and the cells to go *pow*, the immediate result would be that that aftermarket manufacturer is going to get spanked. Severely. A much less hostile solution to implementing SHA-1 in a battery-pack lockout chip would be to, you know, publicly document the charging current given out by the device (although if a manufacturer wants to be secretive, it’s easy enough to just measure it with a decent multimeter). In light of the fact that any idiot with a $25 multimeter can measure the charge current required for any gadget without even opening it, all this whining about batteries requiring a cryptographic handshake for consumers’ own good seems suspect at best.
* The DMCA’s (Digital Millenium Copyright Act of 1998) official wording forbids any tool that defeats a technological measure which “effectively controls access to a copyrighted work”, e.g. a CD or movie. However, that has not stopped various gadget makers suing under the Act (sometimes successfully) claiming that the firmware on the gadget (being “accessed” in the sense that the consumer gets to use the gadget), or even the crypto key in their lockout chip, is the “copyrighted work” they are trying to protect.
Leave a Reply