Slashdot Mirror
FTDI Reportedly Bricking Devices Using Competitors' Chips.
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
If you were me, you'd be good lookin'. - six string samurai
A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.
If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.
This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.
It looks like they are trying to hide behind their EULA, which says that "Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT." But there are reports that this new driver is being delivered via Windows Update, which presumably doesn't show you this EULA.
Microsoft would be wise to pull this update.
Most people won't have any technical knowhow to understand why their device bricked, just that it bricked. Bricked devices will be blamed on the device manufacturer not the chip supplier.
Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.
Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Intent.
Tortuous interference and trespass to chattels with an identifiable, numerous class with commonality of injury, and an easily identifiable tortfeasor acting with clearly malicious intent?
I hope no one is paying you to be their lawyer, since the suit practically writes itself.
Whose fault is it that FTDI is intentionally destroying other people's property? FTDI's. The ends don't justify the means.
This all goes out the window the minute you write code that intentionally does harmful things to your hardware. And it would be fairly easy to prove said intent: no driver should be mucking with USB PIDs ever, especially not when they've proven that the hardware in question isn't theirs. A driver that says, "Okay, this hardware clearly isn't mine, let's go break it" is malicious software.
This is shit that Nintendo flashcart vendors do.
My $3 generic eBay FTDI clone USB->Serial cable (that I bought to program my Baofeng radio via Chirp) came with no drivers and Windows pulled down the real FTDI driver. Over the summer, it only worked sporadically. Usually didn't work. Swapping out the cable for a $12 legit cable from Trendnet solved all issues. It isn't just that these chinese places are making a clone, it's that they are making a crappy sort-of compatible clone and passing it off as the real thing, and directing you to use the FTDI drivers. It totally makes FTDI look bad. I didn't find out until after researching with some guys from chirp that my cable was a knock off. I thought I was buying a supported chipset. Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners in their tracks. I spent way too much time and hassle on a problem they caused.
Are there alternatives to this tech? I would happily buy from a competitor if one is available and boycott a company who would fuck over consumers like this. Is there even a way to choose or tell the difference between fakes or competitor products?
Where are they used? Who uses them? What alternatives are there?
Some people say they're going to "avoid FTDI chips in the future". Good luck with that because FTDI makes the most reliable Serial-to-USB ICs on the planet. Going with anything else is just asking for trouble.
Get free satoshi (Bitcoin) and Dogecoins
I own several fake FTDI chips (thanks DealExtreme for those $2 USB -> RS232 adapters). They do not have anything "FTDI" written on the chips (I opened them up to check). When using newer (but not these) windows drivers the chips are, however, detected as counterfeits and the FTDI driver throws an error, which seems like fair play. I have enough to test and see if this new driver rewrites the VID. Betcha it does.
Destroying this hardware that doesn't have their name on it, however, isn't fair play, especially when the driver is built into windows. Not like I went and downloaded it from FTDI on purpose.
The driver license explicitly says that fake chips will be bricked. Not very hard to prove intent in this case.
Fine, I'll just come out and say it, it's what we're all secretly thinking anyhow.
This is just another nail in the coffin pushed by none other than then N S A.
They want to be able have a documented chain of custody for every component in every piece of your equipment so the cyberpolice can backtrace any illegal encryption and punish scapegoats to justify their exponentially growing budgets. This way they can automatically tell if you done goofed and make sure the consequences will never be the same.
WARNING : may contain MKPUPPET triggers. Processed on machinery that may have also been used to process peanuts. Oops, maybe we should have put that up front.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
I would say that modifying the PID on the chip is pretty far from "intentional and willful destruction." From one of the comments in the support board posting masquerading as TFA:
And
While it is rather underhanded, had FTDI done this the *correct* way and just interrogated the chip and refused to work with a fake, this would be a non-story. At the same time, just modifying the PID is far from "destroying" the device. If FTDI's driver did something that actually did damage to the hardware, I might be more sympathetic. That's not to say that I think FTDI did the right thing, just that the did not actually damage or "brick" anything. The device isn't broken, it just needs to have its PID reset. Once that happens (and I guess that's what FTDI was trying to do), the end user will be painfully aware that they have a counterfeit chip.
As I said, poorly executed and likely to cause some backlash, but no hardware is damaged or destroyed. Unless you're an idiot.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:
Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.
Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.
Editor, A1-AAA AmeriCaptions
For the vast majority of consumers, changing the PID to 0 is absolutely damaging the product. Product works one day, plug it into the computer with the new driver and it stops working. It's broken. Yes it can be fixed, but it's well beyond the comfort zone of the average consumer, which means they need to either pay someone to fix it, go begging for help, or buy a new one.
Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.
The chip was pretty killed. With a PID of 0, Windows, Mac OS, and Linux wouldn't recognize it. It's theoretically possible to fix the PID, but most end users wouldn't really know how to do that.
Why should FTDI support chips it didn't make?
They shouldn't have to support chips that they didn't make, but at the same time, they shouldn't brick* chips that they didn't manufacture.
What FTDI really should have done is to set a generic PID for the chip type. That way, the chip would no longer use the FTDI driver, and they wouldn't have to support it.
*I use "brick" in the sense that using their Windows driver to set the PID to 0 makes the chip no longer function in other OSs, either. I am aware that an unbricking procedure is available.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
I've had issues with many non-FTDI USB to serial adapters but the real FTDI ones have been rock solid. I pushed for integrating a quad FTDI USB to serial chip into one of our products since the FTDI chip can also do i2c and JTAG. I'm sure a knock-off chip would have a lot of problems. I've had the FTDI serial chip reliably running at 10Mbps.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
See http://zeptobars.ru/en/read/FT... for an example of a fake chip - labelled FTDI on the outside, but supereal on the silicon.
The problem is that the fake chips are buggy and slow compared to the genuine article, causing headaches for USB peripheral designers and support and reputation headaches for FTDI. There is a huge market for USB UART chips, and it is quite competitive, but few of the products on the market are actually as reliable, fast and robust as you would expect them to be. The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.
It appears that FTDI have reverse engineered the fake chips and found that they can be reprogrammed. When their driver detects a fake chip, it uses the internal configuration commands to erase the EEPROM memory containing the Vendor Unique ID. With this EEPROM blanked, the chip is unable to complete the device detection process in the OS's USB stack.
However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.
You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.
This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.
One difference I've noticed between Windows and Linux...
* in Linux, plug in a USB key, or hard drive, or other USB device, and if you have the appropriate driver, "it just works". One USB "mass storage device" driver works for all USB keys and hard drives
* in Windows...
--- plug in a brand X USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Y USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Z USB key the first time, and Windws goes off onto the internet and installs a special driver
Come on guys, a USB key is a USB key, is a USB key. If it has some esoteric functionality, OK, otherwise don't clog up the registry and the hard drive with drivers for every USB key model that has ever been inserted into the machine..
I have a USRobotics USR5637 http://www.usr.com/en/products... USB CDC "56K" dialup modem for backup on the rare occasions my broadband goes down. It's a hardware modem that works in Windows, Mac, Linux, DOS, etc. Once I set up the kernel options in linux "it just works", without constantly downloading updates. WTF is Windows always updating?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user