FTDI Removes Driver From Windows Update That Bricked Cloned Chips

New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. In their statement, FTDI CEO Fred Dart said, "The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user's hardware being directly affected." This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software.

If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?

Computer Missues Act 1990

[jabuzz]

They are a Scottish firm subject to U.K. Law (specifically Scottish law). As such unauthorised modification of computer materials is a criminal offence punishable with a maximum sentence of six months in jail or a 5000GBP fine.

Stopping their device driver working with clone/counterfeit chips is fine. Making modifications to data help on such chips is outright illegal.

Re:Computer Missues Act 1990

[cdrudge]

Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill.

FTDI doesn't have to ensure that their driver doesn't break chips. It sounds however that FTDI went out of their way to detect whether the chip was a counterfeit or not, and if it was, specifically write to it to disable it when it could have just as easily done nothing (as disabling the driver from functioning).

Re:Computer Missues Act 1990

And that argument would absolve them if the bricking was accidental due to the VID/PID issue. Unfortunately their subsequent blog post on the topic has them admit it was intentional. This makes their actions illegal.

Re:Computer Missues Act 1990

[TheGratefulNet]

just yesterday, there was a linux kernel patch (on the usb drivers mailing list) that now allows a 0000 pid for ftdi devices.

also, there was a tool by mark lord that allows you to write back any pid value you want, for example, when I ran it, I got this output (and it 'fixed' the chip again, too):

% ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001

ft232r_prog: version 1.24, by Mark Lord.
              eeprom_size = 128
                  vendor_id = 0x0403
                product_id = 0x0000
            self_powered = 0
          remote_wakeup = 1
suspend_pull_downs = 0
          max_bus_power = 90 mA
            manufacturer = FTDI
                      product = FT232R USB UART
                  serialnum = (elided...)
      high_current_io = 0
    load_d2xx_driver = 0
            txd_inverted = 0
            rxd_inverted = 0
            rts_inverted = 0
            cts_inverted = 0
            dtr_inverted = 0
            dsr_inverted = 0
            dcd_inverted = 0
              ri_inverted = 0
                      cbus[0] = TxLED
                      cbus[1] = RxLED
                      cbus[2] = TxDEN
                      cbus[3] = PwrEn
                      cbus[4] = Sleep
Rewriting eeprom with new contents.

Re:Computer Missues Act 1990

[gweihir]

Actually, it is not. "Their" USB VID/PID can legally be used by anybody, it just means that the USB logo may not be used. AFAIK (and just checked on some FT232 I have), there is no USB logo on these chips.