Slashdot Mirror
FTDI Reportedly Bricking Devices Using Competitors' Chips.
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.
If they work, I don't care. The scumbags bricking devices are the problem.
A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.
If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.
This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.
It looks like they are trying to hide behind their EULA, which says that "Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT." But there are reports that this new driver is being delivered via Windows Update, which presumably doesn't show you this EULA.
Microsoft would be wise to pull this update.
>We've discovered some non-factory parts in your car.
-Oh, really? Well, I'm going to drive over to the dealership take that up with them.
>We've already handled the problem. We crushed your car into a cube.
-Uhhh...
>You have 15 seconds to move your cube.
Not quite. Non-factory parts are fine. There are alternatives to the FTDI chips, just like there are alternative parts for your car. The problem here is the part is pretending to be genuine when it's not.
This all goes out the window the minute you write code that intentionally does harmful things to your hardware. And it would be fairly easy to prove said intent: no driver should be mucking with USB PIDs ever, especially not when they've proven that the hardware in question isn't theirs. A driver that says, "Okay, this hardware clearly isn't mine, let's go break it" is malicious software.
This is shit that Nintendo flashcart vendors do.
My $3 generic eBay FTDI clone USB->Serial cable (that I bought to program my Baofeng radio via Chirp) came with no drivers and Windows pulled down the real FTDI driver. Over the summer, it only worked sporadically. Usually didn't work. Swapping out the cable for a $12 legit cable from Trendnet solved all issues. It isn't just that these chinese places are making a clone, it's that they are making a crappy sort-of compatible clone and passing it off as the real thing, and directing you to use the FTDI drivers. It totally makes FTDI look bad. I didn't find out until after researching with some guys from chirp that my cable was a knock off. I thought I was buying a supported chipset. Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners in their tracks. I spent way too much time and hassle on a problem they caused.
It is. And if they get their own USB:ID and are otherwise a complete knock-off, that's great.
http://www.linux-usb.org/usb.i...
The problem is all the phone calls to FTDI's customer support line complaining that the cheap-shit underdesigned parts aren't working to spec. or that the drivers are broken and the users "demand a fix" when the problem is with a device FTDI didn't build, and didn't make any money from to support driver development and customer support.
They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.
I own several fake FTDI chips (thanks DealExtreme for those $2 USB -> RS232 adapters). They do not have anything "FTDI" written on the chips (I opened them up to check). When using newer (but not these) windows drivers the chips are, however, detected as counterfeits and the FTDI driver throws an error, which seems like fair play. I have enough to test and see if this new driver rewrites the VID. Betcha it does.
Destroying this hardware that doesn't have their name on it, however, isn't fair play, especially when the driver is built into windows. Not like I went and downloaded it from FTDI on purpose.
Fine, I'll just come out and say it, it's what we're all secretly thinking anyhow.
This is just another nail in the coffin pushed by none other than then N S A.
They want to be able have a documented chain of custody for every component in every piece of your equipment so the cyberpolice can backtrace any illegal encryption and punish scapegoats to justify their exponentially growing budgets. This way they can automatically tell if you done goofed and make sure the consequences will never be the same.
WARNING : may contain MKPUPPET triggers. Processed on machinery that may have also been used to process peanuts. Oops, maybe we should have put that up front.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
What did companies learn from the Sony rootkit? That the criminal penalty for perpetrating literally tens of millions of felonies on behalf of a corporation is... absolutely nothing? Sure, that'll teach'em!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
So is it illegal to own counterfeit products or only to sell them? For example, if you have a fake Gucci handbag can a Gucci employee come up to you with a can of spray-paint and spray it to ruin it? Or if you took it to a legit store and they discovered it was counterfeit could they do the same thing? I'm thinking this steps way way over the line of what they're allowed to do to stop counterfeiting and they're going to get their asses sued big-time.
Overall it would be better if USB had just created a standard for this class of devices.
You mean like the USB CDC standard? http://en.wikipedia.org/wiki/U...
See http://zeptobars.ru/en/read/FT... for an example of a fake chip - labelled FTDI on the outside, but supereal on the silicon.
The problem is that the fake chips are buggy and slow compared to the genuine article, causing headaches for USB peripheral designers and support and reputation headaches for FTDI. There is a huge market for USB UART chips, and it is quite competitive, but few of the products on the market are actually as reliable, fast and robust as you would expect them to be. The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.
It appears that FTDI have reverse engineered the fake chips and found that they can be reprogrammed. When their driver detects a fake chip, it uses the internal configuration commands to erase the EEPROM memory containing the Vendor Unique ID. With this EEPROM blanked, the chip is unable to complete the device detection process in the OS's USB stack.