If you suspect your device may be vulnerable to cloning, it probably is! Often-cloned products include consumables like battery packs, digital-content playback devices, and electronic product peripherals.
Designers must understand the types of attacks their product is likely to face. Some attacks duplicate the design entirely, which happened in 2006 with a well known cell-phone platform. More common attacks involve the reverse engineering of interface protocols. Still others extract unlock codes or re-enlist a depleted consumable.
A common defense is to use obfuscated source code. Use caution, though, as it can hinder debugging and code verification and helps little when attackers directly copy binaries or use debugging environments.
A better set of anti-cloning tools includes protected device keys, microprocessors with hardware support for cryptography, and robust authentication protocols. Many traditionally constrained computing environments now contain enough processing power to enable standard, well-reviewed cryptographic protocols. When possible, devices should have individual keys that can be managed and revoked.
Look for memory protection, on-chip ROM, JTAG disablement, and security fuses. Implementations should be resistant to side channel attacks like timing attacks and differential power analysis. High-security applications should disable ASIC scan and other silicon debug features. And, protect verification processes. Some game consoles can be "chipped" to bypass copy protection mechanisms.
Seek experienced security reviews, as a single implementation problem can render a security system useless. Also, take care in key issuance, storage, and revocation, as these design choices affect SKU management costs and may hinder recovery from in-field attacks.