Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTDI Reportedly Bricking Devices Using Competitors' Chips.

Posted by Soulskill on from the playing-dirty dept.

janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip." Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.

22 of 700 comments (clear)

  1. On the other hand... by Rinikusu · · Score: 4, Insightful

    Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.

    --
    If you were me, you'd be good lookin'. - six string samurai
    1. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      If they work, I don't care. The scumbags bricking devices are the problem.

    2. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      >We've discovered some non-factory parts in your car.
      -Oh, really? Well, I'm going to drive over to the dealership take that up with them.
      >We've already handled the problem. We crushed your car into a cube.
      -Uhhh...
      >You have 15 seconds to move your cube.

    3. Re:On the other hand... by The+Eight-Bit+Link · · Score: 5, Insightful

      Not quite. Non-factory parts are fine. There are alternatives to the FTDI chips, just like there are alternative parts for your car. The problem here is the part is pretending to be genuine when it's not.

    4. Re:On the other hand... by nedlohs · · Score: 4, Insightful

      Right, that makes all the difference, because this is perfectly reasonable:

      >We've discovered some counterfeit parts in your car.
      -Oh, really? Well, I'm going to drive over to the dealership take that up with them.
      >We've already handled the problem. We crushed your car into a cube.
      -Uhhh...
      >You have 15 seconds to move your cube.

    5. Re:On the other hand... by Anonymous Coward · · Score: 5, Insightful

      It is. And if they get their own USB:ID and are otherwise a complete knock-off, that's great.

      http://www.linux-usb.org/usb.i...

      The problem is all the phone calls to FTDI's customer support line complaining that the cheap-shit underdesigned parts aren't working to spec. or that the drivers are broken and the users "demand a fix" when the problem is with a device FTDI didn't build, and didn't make any money from to support driver development and customer support.

      They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.

    6. Re:On the other hand... by lgw · · Score: 4, Insightful

      If they work, I don't care. The scumbags bricking devices are the problem.

      Indeed. This will end badly for whoever thought this was clever. You'd think companies would have learned from the Sony rootkit fiasco, but no.

      FTDI just bought a ticket to the "fuck with the DoJ lottery". If they happen to brick anything used by the US Government for any official purpose, they're a winner! Who's that at the door, Ed McMahon with a giant check? No, it's the the DoJ with a giant fine! You may also have won: "being made an example of", with complementary federal prison time!

      --
      Socialism: a lie told by totalitarians and believed by fools.
    7. Re:On the other hand... by mrchaotica · · Score: 5, Insightful

      You'd think companies would have learned from the Sony rootkit fiasco, but no.

      What did companies learn from the Sony rootkit? That the criminal penalty for perpetrating literally tens of millions of felonies on behalf of a corporation is... absolutely nothing? Sure, that'll teach'em!

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    8. Re:On the other hand... by onepoint · · Score: 4, Insightful

      Really, you think that they have a DOJ and or any fed regulator problem???
      Hmm...
      Specific chip driver, designed for that chip only
      Copycat chip using the above chip driver
      Change the driver code slightly for improvement or whatever reason
      Results:
      Your system crashed, if it was using the fake chip.
      Not the fault of the manufacture of the specific chip.
      The liability goes towards whom sold that configuration to you with the promise of that specific chip. They lied.

      I am guessing that this should be happening more often in the next 5 to 10 years, built in clones killing.

      --
      if you see me, smile and say hello.
    9. Re:On the other hand... by Russ1642 · · Score: 5, Insightful

      So is it illegal to own counterfeit products or only to sell them? For example, if you have a fake Gucci handbag can a Gucci employee come up to you with a can of spray-paint and spray it to ruin it? Or if you took it to a legit store and they discovered it was counterfeit could they do the same thing? I'm thinking this steps way way over the line of what they're allowed to do to stop counterfeiting and they're going to get their asses sued big-time.

    10. Re:On the other hand... by suutar · · Score: 4, Insightful

      Fake chips are a problem. Bricking equipment that includes fake chips is also a problem.

    11. Re:On the other hand... by Alioth · · Score: 4, Insightful

      This has the potential though to backfire quite badly on FTDI. The vast majority of users don't know that the thing they bought is fake, all they know is that it's FTDI branded and all of a sudden it doesn't work, and they blame FTDI, and FTDI gets a bad reputation for unreliable crap (even though the hardware was counterfeit).

      --
      Oolite: Elite-like game. For Mac, Linux and Windows
  2. Is this legal? by Calibax · · Score: 5, Insightful

    A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.

    If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.

    This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.

    1. Re:Is this legal? by Gaygirlie · · Score: 5, Insightful

      Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.

      I came here to also say that deliberately destroying property that doesn't belong to you is, as far as I know, illegal. If it was a private person doing that they'd probably land jailtime real fast, but companies tend to get mere slaps on their wrists, so we'll see..

  3. In a way they are going after the manufacturers by flu1d · · Score: 3, Insightful

    Most people won't have any technical knowhow to understand why their device bricked, just that it bricked. Bricked devices will be blamed on the device manufacturer not the chip supplier.

  4. It's risky and unlikely to succeed. by steelfood · · Score: 4, Insightful

    Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.

    Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.

    --
    "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
  5. Re:The good news by Richy_T · · Score: 4, Insightful

    Intent.

  6. Re:Why is FTDI the villan? by The+Ickle+Jones · · Score: 3, Insightful

    Whose fault is it that FTDI is intentionally destroying other people's property? FTDI's. The ends don't justify the means.

  7. Re:The good news by Anonymous Coward · · Score: 5, Insightful

    This all goes out the window the minute you write code that intentionally does harmful things to your hardware. And it would be fairly easy to prove said intent: no driver should be mucking with USB PIDs ever, especially not when they've proven that the hardware in question isn't theirs. A driver that says, "Okay, this hardware clearly isn't mine, let's go break it" is malicious software.

    This is shit that Nintendo flashcart vendors do.

  8. Congratulations, FTDI, You Just Killed Yourselves by ewhac · · Score: 4, Insightful
    Assuming FTDI manages to weasel out of lawsuits for willful destruction of property (do NOT let them hide behind the so-called EULA), they have basically made themselves the vendor to avoid for either chips or drivers for said chips.

    Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:

    • Work (old non-destructive drivers),
    • Not work (new, non-destructive drivers),
    • Ruin the device (new, destructive drivers), so that it not only Not Works, but also Stops Working on every other machine on which it previously worked.

    • Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.

      Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.

    --
    Editor, A1-AAA AmeriCaptions
  9. Re:This might have been incompetence, not malice by Slashdot+Parent · · Score: 4, Insightful

    Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.

    The chip was pretty killed. With a PID of 0, Windows, Mac OS, and Linux wouldn't recognize it. It's theoretically possible to fix the PID, but most end users wouldn't really know how to do that.

    Why should FTDI support chips it didn't make?

    They shouldn't have to support chips that they didn't make, but at the same time, they shouldn't brick* chips that they didn't manufacture.

    What FTDI really should have done is to set a generic PID for the chip type. That way, the chip would no longer use the FTDI driver, and they wouldn't have to support it.

    *I use "brick" in the sense that using their Windows driver to set the PID to 0 makes the chip no longer function in other OSs, either. I am aware that an unbricking procedure is available.

    --
    They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
  10. Re:"Reasonable" my ass by ChumpusRex2003 · · Score: 3, Insightful
    However, a lot of manufacture is contracted out. If you're buying 10 or 20 chips for internal R&D you'll likely get genuine ones.

    However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.

    You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.

    This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.