Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTDI Reportedly Bricking Devices Using Competitors' Chips.

Posted by Soulskill on from the playing-dirty dept.

janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip." Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.

32 of 700 comments (clear)

  1. On the other hand... by Rinikusu · · Score: 4, Insightful

    Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.

    --
    If you were me, you'd be good lookin'. - six string samurai
    1. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      If they work, I don't care. The scumbags bricking devices are the problem.

    2. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      >We've discovered some non-factory parts in your car.
      -Oh, really? Well, I'm going to drive over to the dealership take that up with them.
      >We've already handled the problem. We crushed your car into a cube.
      -Uhhh...
      >You have 15 seconds to move your cube.

    3. Re:On the other hand... by The+Eight-Bit+Link · · Score: 5, Insightful

      Not quite. Non-factory parts are fine. There are alternatives to the FTDI chips, just like there are alternative parts for your car. The problem here is the part is pretending to be genuine when it's not.

    4. Re:On the other hand... by nedlohs · · Score: 4, Insightful

      Right, that makes all the difference, because this is perfectly reasonable:

      >We've discovered some counterfeit parts in your car.
      -Oh, really? Well, I'm going to drive over to the dealership take that up with them.
      >We've already handled the problem. We crushed your car into a cube.
      -Uhhh...
      >You have 15 seconds to move your cube.

    5. Re:On the other hand... by Anonymous Coward · · Score: 0, Insightful

      There are legitimate places to buy products: Wal-Mart, Newegg, Best Buy, etc. If those places sell fakes then customers get mad so they won't sell fakes and will make sure that they don't sell fakes. So, yes, you can tell if you are buying a legitimate product by buying it from a legitimate dealer. If you go to some random website or ebay and buy something for 25% of market value then you are taking the risk that it is fake.

      The illegitimate vendors will be driven to clean up their act, go out of business, or start up new marketing entities very fast.

      So yes, this will combat fake goods. Maybe not in a way you like but it will work.

    6. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      It is. And if they get their own USB:ID and are otherwise a complete knock-off, that's great.

      http://www.linux-usb.org/usb.i...

      The problem is all the phone calls to FTDI's customer support line complaining that the cheap-shit underdesigned parts aren't working to spec. or that the drivers are broken and the users "demand a fix" when the problem is with a device FTDI didn't build, and didn't make any money from to support driver development and customer support.

      They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.

    7. Re:On the other hand... by lgw · · Score: 4, Insightful

      If they work, I don't care. The scumbags bricking devices are the problem.

      Indeed. This will end badly for whoever thought this was clever. You'd think companies would have learned from the Sony rootkit fiasco, but no.

      FTDI just bought a ticket to the "fuck with the DoJ lottery". If they happen to brick anything used by the US Government for any official purpose, they're a winner! Who's that at the door, Ed McMahon with a giant check? No, it's the the DoJ with a giant fine! You may also have won: "being made an example of", with complementary federal prison time!

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:On the other hand... by mrchaotica · · Score: 5, Insightful

      You'd think companies would have learned from the Sony rootkit fiasco, but no.

      What did companies learn from the Sony rootkit? That the criminal penalty for perpetrating literally tens of millions of felonies on behalf of a corporation is... absolutely nothing? Sure, that'll teach'em!

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    9. Re:On the other hand... by Darinbob · · Score: 2, Insightful

      Well you'd have to prove the devices were bricked on purpose. Given that large number of clones I don't think they have a solution that could brick them all. This probably just bricks one big counterfeiter, and it's possible it's bricked by accident.

      In fact, bricking by accident sounds plausible given that many of these devices do the minimum work necessary to work with the popular drivers. If the drivers change the devices stop working. Even for things like USB mass storage where there's a real standard, most cheap manufacturers only do the minimum necessary to get them to work on the currently popular Windows versions, and ignore the 5% of their customers where the devices fail. Quality is a rarity in mass market USB devices.

    10. Re:On the other hand... by onepoint · · Score: 4, Insightful

      Really, you think that they have a DOJ and or any fed regulator problem???
      Hmm...
      Specific chip driver, designed for that chip only
      Copycat chip using the above chip driver
      Change the driver code slightly for improvement or whatever reason
      Results:
      Your system crashed, if it was using the fake chip.
      Not the fault of the manufacture of the specific chip.
      The liability goes towards whom sold that configuration to you with the promise of that specific chip. They lied.

      I am guessing that this should be happening more often in the next 5 to 10 years, built in clones killing.

      --
      if you see me, smile and say hello.
    11. Re:On the other hand... by Russ1642 · · Score: 5, Insightful

      So is it illegal to own counterfeit products or only to sell them? For example, if you have a fake Gucci handbag can a Gucci employee come up to you with a can of spray-paint and spray it to ruin it? Or if you took it to a legit store and they discovered it was counterfeit could they do the same thing? I'm thinking this steps way way over the line of what they're allowed to do to stop counterfeiting and they're going to get their asses sued big-time.

    12. Re:On the other hand... by Anonymous Coward · · Score: 1, Insightful

      I think a better analogy would be them grabbing the handbag and shredding the bag and everything inside it.

    13. Re:On the other hand... by suutar · · Score: 4, Insightful

      Fake chips are a problem. Bricking equipment that includes fake chips is also a problem.

    14. Re:On the other hand... by Alioth · · Score: 4, Insightful

      This has the potential though to backfire quite badly on FTDI. The vast majority of users don't know that the thing they bought is fake, all they know is that it's FTDI branded and all of a sudden it doesn't work, and they blame FTDI, and FTDI gets a bad reputation for unreliable crap (even though the hardware was counterfeit).

      --
      Oolite: Elite-like game. For Mac, Linux and Windows
  2. Is this legal? by Calibax · · Score: 5, Insightful

    A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.

    If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.

    This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.

    1. Re:Is this legal? by Gaygirlie · · Score: 5, Insightful

      Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.

      I came here to also say that deliberately destroying property that doesn't belong to you is, as far as I know, illegal. If it was a private person doing that they'd probably land jailtime real fast, but companies tend to get mere slaps on their wrists, so we'll see..

    2. Re:Is this legal? by SirDrinksAlot · · Score: 2, Insightful

      I think the question should be, is this patch they're applying that's bricking these devices a functional patch that does benefit the official FTDI hardware? If the answer is yes then there's no malicious intent or action being taken place here. You cant expect the company to test an update against counterfit hardware and you cant expect them to lose any sleep over it.

      Now if what they're doing is specifically targeted at doing this and doesnt change anythign at all on official hardware? Then there may be a legal argument here. Like if their hardware you cant set a particular register/fuse but the counterfit hardware you can burn said fuse then ya they're trying to brick it.

    3. Re:Is this legal? by Anonymous Coward · · Score: 2, Insightful

      Just how bad is this, really?

      Forum thread states, "The workaround is to use a Windows XP or Linux system to change the PID back, and then don't use the new driver."

      If this USB Product ID is a number that is supposed to represent who manufactured the device, then I'm rather surprised that this can be updated. (ROM would seem to be a sensible way to store such a thing.)

      Apparently the USB VIDs (Vendor IDs) are centralized, meaning a central organization is keeping track of them. Also, there are some ways that someone can use a Vendor ID without needing to pay the central organization.

      So if the driver is made by FTDI, and the driver only affects equipment that identifies itself as FTDI equipment, then shouldn't FTDI be able to determine what happens?
      A quick lookup indicates that FTDI uses VID 0403, so I'll use that number as an example. (Note that I'm not saying that this is FTDI's only VID.)

      If FTDI makes a decision that all such equipment with VID 0403 should act a certain way, like using a Product ID according to guidelines that FTDI determines, then isn't FTDI simply enforcing rules that is within their authority (because they have the right to describe how equipment operates when that equipment is using VID 0403)? And if a competitor's device doesn't like what FTDI's driver does, when FTDI's driver is working with VID 0403, isn't that a problem with the device failing to properly act according to the behaviors that are legitimately expected of a device using VID 0403?

      Finally, the term "brick" seems to be getting misapplied. If FTDI's driver sets my device's PID to 0 in one Windows 7 machine, and then I can no longer take that device to another Win7 computer and have it work, then I understand why someone might think that the device is bricked. But if I can take it to a computer (running XP) and use some software to change the PID to a non-zero value, then the device can work again. To me, the term "brick" refers to when a device is completely worthless, and cannot be fixed so simply (because, like a brick, it won't respond to any signals). But if the problem is just that Win7 doesn't contain the software routines that lets a user set a particular value, that doesn't mean the device is really bricked.

      I'm not actually trying to suggest that FTDI is innocent in any of this. What I'm trying to do is to clarify that the accusations being made have a strong foundation so that I can feel more justified in joining the public outrage. Any clarification to these points would be appreciated.

  3. Why is FTDI the villan? by The+Eight-Bit+Link · · Score: 2, Insightful

    Why should they let people ride their coattails for no compensation? To be fair, bricking a device is a little overkill, and simply refusing to recognize a fake device may have been a better approach.

    1. Re:Why is FTDI the villan? by The+Ickle+Jones · · Score: 3, Insightful

      Whose fault is it that FTDI is intentionally destroying other people's property? FTDI's. The ends don't justify the means.

  4. The good news by Overzeetop · · Score: 2, Insightful

    Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:The good news by Tharkkun · · Score: 2, Insightful

      Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.

      You are running a driver/firmware update on a product which isn't theirs. Just like with a laptop if you run a BIOS update on the wrong product and it destroys your machine the vendor isn't responsible.

    2. Re:The good news by Richy_T · · Score: 4, Insightful

      Intent.

    3. Re:The good news by Anonymous Coward · · Score: 5, Insightful

      This all goes out the window the minute you write code that intentionally does harmful things to your hardware. And it would be fairly easy to prove said intent: no driver should be mucking with USB PIDs ever, especially not when they've proven that the hardware in question isn't theirs. A driver that says, "Okay, this hardware clearly isn't mine, let's go break it" is malicious software.

      This is shit that Nintendo flashcart vendors do.

    4. Re:The good news by RavenLrD20k · · Score: 2, Insightful

      Except there's a difference between this and your example. When you update your BIOS there are ways to verify that the BIOS you have is compatible with the update you are going to use. With this FTDI crap, if you physically examine the chip, it has all the markings of a legit FTDI chip, down to the model stamp. When you look at the chip driver in Windows before the update, it reports back chip information for a chip that's legitimate. Upon verifying these things, you go ahead and run Windows Update with the new FTDI driver... OOPS! Your chip was misrepresenting itself to you and now you have bricked hardware. If you're lucky, your hardware vendor will supply you with a new board under warranty, and hopefully they've verified that the chip is truly legit. If not...you're screwed and FTDI just broke an otherwise perfectly working system that was paid for legally in good faith (that last bit is the important part when contemplating a lawsuit and who to go after; hint: same considerations for a BIOS update that goes awry because it misrepresented itself to the user/system prior to flashing).

      The fact that this is an automatic Windows Update that can potentially brick a system without warning (thinking of the non-tech-savvy here), this can make for a very bad nightmare on FTDI's end. I wouldn't be surprised to hear something coming out of the FTC about this before long.

    5. Re:The good news by ShanghaiBill · · Score: 2, Insightful

      While I don't agree with FTDI's tactic, they're not the only bad guy here by a long shot.

      What? So if I shoot my neighbor, I can use the excuse that last night someone robbed a liquor store on the other side of town, so I am "not the only bad guy"?

      Look, counterfeiting is wrong. But destroying the property of an end user, most likely unaware of the counterfeit device, is both wrong and illegal. Period.

  5. In a way they are going after the manufacturers by flu1d · · Score: 3, Insightful

    Most people won't have any technical knowhow to understand why their device bricked, just that it bricked. Bricked devices will be blamed on the device manufacturer not the chip supplier.

  6. It's risky and unlikely to succeed. by steelfood · · Score: 4, Insightful

    Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.

    Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  7. Congratulations, FTDI, You Just Killed Yourselves by ewhac · · Score: 4, Insightful
    Assuming FTDI manages to weasel out of lawsuits for willful destruction of property (do NOT let them hide behind the so-called EULA), they have basically made themselves the vendor to avoid for either chips or drivers for said chips.

    Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:

    • Work (old non-destructive drivers),
    • Not work (new, non-destructive drivers),
    • Ruin the device (new, destructive drivers), so that it not only Not Works, but also Stops Working on every other machine on which it previously worked.

    • Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.

      Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.

    --
    Editor, A1-AAA AmeriCaptions
  8. Re:This might have been incompetence, not malice by Slashdot+Parent · · Score: 4, Insightful

    Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.

    The chip was pretty killed. With a PID of 0, Windows, Mac OS, and Linux wouldn't recognize it. It's theoretically possible to fix the PID, but most end users wouldn't really know how to do that.

    Why should FTDI support chips it didn't make?

    They shouldn't have to support chips that they didn't make, but at the same time, they shouldn't brick* chips that they didn't manufacture.

    What FTDI really should have done is to set a generic PID for the chip type. That way, the chip would no longer use the FTDI driver, and they wouldn't have to support it.

    *I use "brick" in the sense that using their Windows driver to set the PID to 0 makes the chip no longer function in other OSs, either. I am aware that an unbricking procedure is available.

    --
    They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
  9. Re:"Reasonable" my ass by ChumpusRex2003 · · Score: 3, Insightful
    However, a lot of manufacture is contracted out. If you're buying 10 or 20 chips for internal R&D you'll likely get genuine ones.

    However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.

    You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.

    This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.