FTDI Reportedly Bricking Devices Using Competitors' Chips. 700
janoc writes It seems that chipmaker FTDI has started an outright war on cloners of their popular USB bridge chips. At first the clones stopped working with the official drivers, and now they are being intentionally bricked, rendering the device useless. The problem? These chips are incredibly popular and used in many consumer products. Are you sure yours doesn't contain a counterfeit one before you plug it in? Hackaday says, "It’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip."
Update: 10/24 02:53 GMT by S : In a series of Twitter posts, FTDI has admitted to doing this.
On the other hand... (Score:4, Insightful)
Now consumers are becoming aware that there's a massive counterfeiting problem and can be better educated to ask their vendors "Hey, is my device legit?" I certainly had no idea that this was going on.
Re:On the other hand... (Score:5, Insightful)
If they work, I don't care. The scumbags bricking devices are the problem.
Re:On the other hand... (Score:5, Insightful)
>We've discovered some non-factory parts in your car.
-Oh, really? Well, I'm going to drive over to the dealership take that up with them.
>We've already handled the problem. We crushed your car into a cube.
-Uhhh...
>You have 15 seconds to move your cube.
Re:On the other hand... (Score:5, Insightful)
Re:On the other hand... (Score:5, Insightful)
Right, that makes all the difference, because this is perfectly reasonable:
>We've discovered some counterfeit parts in your car.
-Oh, really? Well, I'm going to drive over to the dealership take that up with them.
>We've already handled the problem. We crushed your car into a cube.
-Uhhh...
>You have 15 seconds to move your cube.
do you even tinfoil, bro? (Score:5, Funny)
This is just another nail in the coffin pushed by none other than then N S A.
They want to be able have a documented chain of custody for every component in every piece of your equipment so the cyberpolice can backtrace any illegal encryption and punish scapegoats to justify their exponentially growing budgets. This way they can automatically tell if you done goofed and make sure the consequences will never be the same.
WARNING : may contain MKPUPPET triggers. Processed on machinery that may have also been used to process peanuts. Oops, maybe we should have put that up front.
Re: (Score:3, Interesting)
Humor aside... It honestly wouldn't surprise me if supply chain documentation is what lead to some of this... the Aerospace and Defense industries are very very picky about knowing exactly what they're getting (aircraft falling out of the sky due to counterfeit components would be bad...).
Re: (Score:3)
Except that it doesn't happen in "the controlled environment of a driver update". It happens when the USB device is plugged into the computer that had the driver update done months ago.
And no, that you can write some code that detects the fake chip and bricks it while also detecting a legit chip and not bricking it does not provide any evidence one way or another about those chips working perfectly fine.
Re:On the other hand... (Score:5, Informative)
Problem is that all of this stuff on USB is using vendor-specific protocols. FTDI is the most popular because it is the most popular. Thus you don't have to hunt down obscure drivers, it works on Macs and Linux and BSD, you can find source code to implement your own driver just about anywhere, and so forth. For something plugged into a Windows PC you don't care, you just use the CD that came in the box with the serial adapter, but it becomes a much bigger problem if you're using an alternative device for a machine that can't just accept a Windows driver or you're writing an embedded system that needs to talk to it.
Overall it would be better if USB had just created a standard for this class of devices. Vendor specific drivers are a pain in the ass if you're not using Windows, and it's not just serial adapters, but things like ethernet adapters, printers, etc.
Re:On the other hand... (Score:5, Informative)
Overall it would be better if USB had just created a standard for this class of devices.
You mean like the USB CDC standard? http://en.wikipedia.org/wiki/U... [wikipedia.org]
Re: (Score:3)
It's a really lousy standard though. It does not do a good job of supporting an ethernet bridge or a UART bridge. It's possible to adapt it this way though however nothing actually supported it that I could ever find except for some cable modems, so everyone has a proprietary protocol instead. I suspect the reason is because CDC is complex enough that it's difficult to implement efficiently on a tiny hub-powered device.
Re: (Score:3)
CDC works fine on windows. I've implemented several devices that use it to pretend to be serial ports.
Re: (Score:3)
There is a standard, and FTDI devices support it. It's called CDC, or Communication Device Class. It's been part of the USB spec since the early days. It supports RS232 serial and parallel printer ports.
Most operating systems include a generic driver for USB serial converters that uses the CDC standard, including Windows. The reason FTDI provide a driver is that their chips have more features than the basic spec allows. They have some GPIOs, better support for surprise disconnects, better interrupt emulatio
Re:On the other hand... (Score:5, Insightful)
This has the potential though to backfire quite badly on FTDI. The vast majority of users don't know that the thing they bought is fake, all they know is that it's FTDI branded and all of a sudden it doesn't work, and they blame FTDI, and FTDI gets a bad reputation for unreliable crap (even though the hardware was counterfeit).
Re:On the other hand... (Score:5, Insightful)
It is. And if they get their own USB:ID and are otherwise a complete knock-off, that's great.
http://www.linux-usb.org/usb.i... [linux-usb.org]
The problem is all the phone calls to FTDI's customer support line complaining that the cheap-shit underdesigned parts aren't working to spec. or that the drivers are broken and the users "demand a fix" when the problem is with a device FTDI didn't build, and didn't make any money from to support driver development and customer support.
They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.
Re:On the other hand... (Score:5, Insightful)
So is it illegal to own counterfeit products or only to sell them? For example, if you have a fake Gucci handbag can a Gucci employee come up to you with a can of spray-paint and spray it to ruin it? Or if you took it to a legit store and they discovered it was counterfeit could they do the same thing? I'm thinking this steps way way over the line of what they're allowed to do to stop counterfeiting and they're going to get their asses sued big-time.
Re: (Score:3)
You get what you pay for. Unless good counterfeits are a high percentage of the market you will know the price. You KNOW the real price. Those discounts are "too good to be true".
This is a driver issue, and a manufacturer can certainly code solely to their hardware (who doesn't? other than general hardware providers that can implement an existing interface, and expose the fact of this implementation). And they can enforce this (enforcing a driver/hardware interface).
The solution is simple, the knockoff
Re:On the other hand... (Score:5, Informative)
Re: (Score:3)
They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.
Agreed. I'd have no problem if their driver reported it as unusable/illegal hardware and refused to work with it. Bricking my hardware is just being vicious to me, the customer, that possibly unwittingly purchased the device - and that kind of policy would make me want to avoid FTDI products in anything I own, real or 'fake'.
Re:On the other hand... (Score:5, Insightful)
If they work, I don't care. The scumbags bricking devices are the problem.
Indeed. This will end badly for whoever thought this was clever. You'd think companies would have learned from the Sony rootkit fiasco, but no.
FTDI just bought a ticket to the "fuck with the DoJ lottery". If they happen to brick anything used by the US Government for any official purpose, they're a winner! Who's that at the door, Ed McMahon with a giant check? No, it's the the DoJ with a giant fine! You may also have won: "being made an example of", with complementary federal prison time!
Re:On the other hand... (Score:5, Insightful)
What did companies learn from the Sony rootkit? That the criminal penalty for perpetrating literally tens of millions of felonies on behalf of a corporation is... absolutely nothing? Sure, that'll teach'em!
Re:On the other hand... (Score:5, Funny)
Sony was slapped with a fine so large the shareholders winced. The CEO resigned. The DoJ said they got the benefit of the doubt that the effect on government computers was unintended, but if Sony didn't learn the DoJ would simply ... end ... Sony America.
Re: (Score:3, Insightful)
Well you'd have to prove the devices were bricked on purpose. Given that large number of clones I don't think they have a solution that could brick them all. This probably just bricks one big counterfeiter, and it's possible it's bricked by accident.
In fact, bricking by accident sounds plausible given that many of these devices do the minimum work necessary to work with the popular drivers. If the drivers change the devices stop working. Even for things like USB mass storage where there's a real standar
Re:On the other hand... (Score:5, Informative)
I think you misunderstood "brick" here. By that, TFA does not mean that the driver returns an error and doesn't init the device. It means the driver detects the counterfeit and then takes a positive action to maliciously re-program the chip so that it no longer works at all even for the old driver or a third party driver.
The initial report was plug device into Linux box, works fine. Plug into windows box with latest FTDI driver, no work. Plug back into the linux box, no work.
Re:On the other hand... (Score:5, Insightful)
Really, you think that they have a DOJ and or any fed regulator problem???
Hmm...
Specific chip driver, designed for that chip only
Copycat chip using the above chip driver
Change the driver code slightly for improvement or whatever reason
Results:
Your system crashed, if it was using the fake chip.
Not the fault of the manufacture of the specific chip.
The liability goes towards whom sold that configuration to you with the promise of that specific chip. They lied.
I am guessing that this should be happening more often in the next 5 to 10 years, built in clones killing.
Re: (Score:3)
They're also playing the class-action lawsuit lottery.
In fact, it might be worth the $5 to buy one of those cheap shit USB-to-serial adapters, let them brick it, and hope the settlement is that they have to give everyone affected a genuine FTDI one...
Re:On the other hand... (Score:5, Insightful)
Fake chips are a problem. Bricking equipment that includes fake chips is also a problem.
The good news (Score:2, Insightful)
Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.
Re: (Score:2, Insightful)
Now that we know it's happening we can all join the class action lawsuit which will utterly bankrupt FTDI because what they are doing is illegal and they can be held liable for damages, which could easily run into the billions.
You are running a driver/firmware update on a product which isn't theirs. Just like with a laptop if you run a BIOS update on the wrong product and it destroys your machine the vendor isn't responsible.
Re:The good news (Score:5, Insightful)
Intent.
Re: (Score:3, Insightful)
While I don't agree with FTDI's tactic, they're not the only bad guy here by a long shot.
What? So if I shoot my neighbor, I can use the excuse that last night someone robbed a liquor store on the other side of town, so I am "not the only bad guy"?
Look, counterfeiting is wrong. But destroying the property of an end user, most likely unaware of the counterfeit device, is both wrong and illegal. Period.
Re: (Score:3)
I'm not disagreeing with you, I'm just saying the focus seems to be on FTDI when really the issue is much larger.
Re: (Score:3)
Well yeah, but the person who sold them that counterfeit chip must have known it was counterfeit. The manufacturer of said chip definitely knew.
Re: (Score:3)
The problem was that knowing event happened 6 hands ago and probably in China. You buy device at Frys and it gets bricked. You didn't know the chip was fake. Fry's didn't know the chip was fake. The wholesaler Fry's bought from didn't know. The American company the wholesaler bought it from didn't know. The Chinese outsource factory didn't know. The wholesaler they bought the chip from didn't know. The people the wholesaler bought the chip from knew because they paid someone to fab it.
In what way does the e
Re:The good news (Score:5, Informative)
See http://zeptobars.ru/en/read/FT... [zeptobars.ru] for an example of a fake chip - labelled FTDI on the outside, but supereal on the silicon.
The problem is that the fake chips are buggy and slow compared to the genuine article, causing headaches for USB peripheral designers and support and reputation headaches for FTDI. There is a huge market for USB UART chips, and it is quite competitive, but few of the products on the market are actually as reliable, fast and robust as you would expect them to be. The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.
It appears that FTDI have reverse engineered the fake chips and found that they can be reprogrammed. When their driver detects a fake chip, it uses the internal configuration commands to erase the EEPROM memory containing the Vendor Unique ID. With this EEPROM blanked, the chip is unable to complete the device detection process in the OS's USB stack.
Re: (Score:3)
The FTDI FT232RL is one of the best in terms of reliability and has the best drivers, while also providing some handy bonus functionality.
Reliable? Meh. Best drivers? Definitely a lie. They screw those up all the time. Additional features? That part is very true, and it's the reason why you need a real FTDI chip anyway. A lot of stuff won't work right if you don't have one.
Re:The good news (Score:4, Informative)
The driver license explicitly says that fake chips will be bricked. Not very hard to prove intent in this case.
Re: (Score:3)
Re: (Score:3)
And this is the part not discussed yet. People get a bricked device, they get mad, they blame FTDI, but they have no proof. Show the USB sniffing logs that prove intentional bricking, versus a cheap ass counterfeit device that locks up when configured in an unexpected way.
Re:The good news (Score:5, Insightful)
This all goes out the window the minute you write code that intentionally does harmful things to your hardware. And it would be fairly easy to prove said intent: no driver should be mucking with USB PIDs ever, especially not when they've proven that the hardware in question isn't theirs. A driver that says, "Okay, this hardware clearly isn't mine, let's go break it" is malicious software.
This is shit that Nintendo flashcart vendors do.
Re: (Score:3)
You might be a bit out of your depth in understanding the issue.
The information is still a bit sketchy, but from what I gather, the chips in question are widely used to interface Arduino-type boards to your PC to program, debug, get data, etc...
The key thing here is that the counterfeit chips essentially have the same interface, so they can use the same drivers as devices built with the FTDI chips. Inside, however, they aren't using the same "firmware" as the FTDI chips, so the counterfeits have some extra
Re: (Score:3)
First of all, the FTDI chips themselves have no firmware. They are implemented using fixed function logic IIRC. Even if they did have firmware, it'd be on a mask ROM and wouldn't be changeable. What FTDI chips and their clones do have is a configuration EEPROM. On some chips it's internal, but they do support external EEPROM too. That's where the VID, PID and USB descriptors are stored, allowing vendors to use those chips with their own manufacture, serial number and device descriptor strings, as well as th
Re: (Score:3, Insightful)
Except there's a difference between this and your example. When you update your BIOS there are ways to verify that the BIOS you have is compatible with the update you are going to use. With this FTDI crap, if you physically examine the chip, it has all the markings of a legit FTDI chip, down to the model stamp. When you look at the chip driver in Windows before the update, it reports back chip information for a chip that's legitimate. Upon verifying these things, you go ahead and run Windows Update wit
Binary blobs are a bad thing. (Score:3)
Re: (Score:3)
I don't see how it isn't not only illegal, but also terroristic -- and if any device that fails results in loss of life, limb or just economic damages I would think they would be culpable as well.
Re: (Score:2)
Consumers are becoming aware that FTDI is breaking their stuff and will hopefully be replacing it for free...
Re: (Score:3)
It may be that the only way to detect the counterfeit hardware is to see if it breaks. That's still the wrong way to go about it, though.
Re: (Score:3)
No, it's because if they release a firmware that just refuses to work, the people that made these fakes will just release hacked drivers, based on FTDI's.
FTDI wants to destroy your hardware so you, as a consumer, will go to the manufacturer of your device. This will eventually teach them to follow the "pedigree" of their chips, and buy them from reputable sources. And not from "the cheapest seller in china".
Re: (Score:3)
It may be that the driver unintentionally bricks the device. So far there's no direct evidence of hostile intent here. Ie, the PID changed, but in many devices this is just a region of memory right next to other chip parameters, so it's not that difficult to imagine there was some buffer overrun or other cause. Ie, the driver writes to location 128 but the eeprom on the counterfeit device wraps around to location 0.
Re:On the other hand... (Score:4, Interesting)
We're talking about a cheap usb bridge. I probably have dozens of devices that use a ftdi chip or a clone.
Many of these devices were bought on ebay for a couple bucks. Yeah, they were cheaply made, I knew
that when I bought them but they also worked when I bought them. I had no idea what chips were in them
or even how to check because I didn't care. It worked. Now here comes someone who is mad because
you bought a cheap knockoff and decides to break all the cheap knockoffs. I have a few cheap android
tablets too that may or may not have paid google rights to use android. I don't have any idea how to
even check. I wouldn't want google to make them not function after the fact. If you could do it early
somehow while the consumer still has a chance to back out of the transaction then I think it would be fine
but disabling devices months after the fact because you feel the clone/knockoff is unauthorized is wrong.
It would be like apple frying any non-apple chargers that you try to charge your iphone with.
Is this legal? (Score:5, Insightful)
A component manufacturer is unhappy that someone else is using his product id so he puts code in a driver that sets the product id to zero. This prevents the fake component being recognized by his driver or any other driver. The license for the driver explicitly states that using the driver with a fake component may irretrievably damage the component.
If the component manufacturer doesn't want the fake product to work with his driver he can code his driver to ignore the fake. Modifying the product id to brick the component is another matter entirely.
This doesn't hurt the people who created the fake, or even the people who purchased the fake and used them in their manufacturing. It only hurts end users who have done nothing except purchase a product in retail channels. Deliberately destroying equipment because it uses a fake component goes to a whole new level of nastiness.
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
I think the question should be, is this patch they're applying that's bricking these devices a functional patch that does benefit the official FTDI hardware? If the answer is yes then there's no malicious intent or action being taken place here. You cant expect the company to test an update against counterfit hardware and you cant expect them to lose any sleep over it.
Now if what they're doing is specifically targeted at doing this and doesnt change anythign at all on official hardware? Then there may be a
Re: (Score:3)
Two things. One, the cloned FTDI subcomponents are in and of themselves essentially indefensible. The notion of "unclean hands" absolutely applies here. Two, that notion further applies to the manufacturer who included the cloned subcomponent in their product. To use a car metaphor, if a car is supposed to use a Bosch-made airbag sensor that has been well-tested and proven to be reliable, but the manufacturer instead knowingly uses counterfeit sensors, they open themselves up to enormous risk in any sit
Re:Is this legal? (Score:5, Interesting)
Not necessarily. It is not a crime to use the USB ID of a competing product. It is a violation of the rules set by the USB standards body, but if you are not a member of that organization and have no prior business relationship with them, you are under no legal obligation to comply with those rules. More to the point, reusing a USB ID is absolutely not the same thing as counterfeiting. As far as I know, no country in the entire world has a law that says that devices are counterfeit merely because they conform to another device's programming interface. For something to be counterfeit, it has to be designed and marketed as the real thing, with the intent to defraud the purchaser.
What this means is that if the outside of the packaging claims that the part was made by FTDI, then the counterfeits are indefensible. However, if they were sold as FTDI-compatible chips, then the chips are almost certainly not in violation of counterfeiting laws. And if there's no way for the software to know the difference between those two, and if even one single device that was sold legitimately as a clone gets bricked, then FTDI is committing the crime of destruction of property. And if their actions ends up destroying medical equipment, they could be charged with even more serious crimes, up to and including manslaughter.
The reality is that in this sort of cat-and-mouse game, nobody wins, because everybody loses. It is vital that the authorities in Scotland take immediate legal action against FTDI to ensure that other companies are not tempted to pull similar stunts in the future. Their actions are clearly indefensible criminal actions, and should be treated as such, regardless of who fired the first salvo or how much harm they believe they have suffered at the hands of the counterfeiters.
Re: (Score:3)
no, SOME of the chips are marked FTDI...
Many of the chips are not - they are differently marked or in fact not marked AT ALL.
That makes them FTDI compatible, not counterfeits.
Care to try again?
Re: (Score:3)
The end user who gets harmed DOES have clean hands. He has no way to know if the parts are or are not legit but also has no reason to suspect they are not.
The unclean hands happen several transactions back in the chain and belong to someone who doesn't suffer in the slightest for this.
Re: (Score:3)
And I hope FTDI wins. Eventually this should go back to whoever made the counterfeit chip. Those companies should be the ones who get called out by their customers that they supply to, they should receive the blame. If I'm using counterfeit chips in my products and an update from FTDI stops things from working, I'm not going to be pissed off at FTDI, I'm going to be pissed off at whoever sold me a chip and told me that it was an FTDI chip, and I'm going to sue them for selling me counterfeit products whi
Re: (Score:3)
And I hope FTDI wins. Eventually this should go back to whoever made the counterfeit chip.
FTDI's deliberate intent is to damage people's equipment. How is that not illegal? I'd bet that it is.
If I'm using counterfeit chips in my products and an update from FTDI stops things from working, I'm not going to be pissed off at FTDI, I'm going to be pissed off at whoever sold me a chip and told me that it was an FTDI chip,
I'm going to be pissed off at both, and I hope FTDI dies and someone else takes over for them. They're not very good at their job anyway.
Why is FTDI the villan? (Score:2, Insightful)
Re: (Score:2)
Because they destroy a device of someone who doesn't even know about the bickering behind the scenes. If I have a restaurant and the customers of my competitor park on my parking lot I can tell them to get lost because it's my parking lot and I can decide who may and who may not use it. I may NOT, though, simply go there and trash their cars because, hey, they were parked on my ground.
Re:Why is FTDI the villan? (Score:4, Insightful)
Whose fault is it that FTDI is intentionally destroying other people's property? FTDI's. The ends don't justify the means.
Re: (Score:3)
As an EE, I will think twice about designing in FTDI products from now on.
Even if you happen to think that FTDI's approach is morally justified and hilarious, it'd still be worth considering avoiding them: some counterfeits don't even bother to pretend; but there are some very, very, convincing fakes that manage to sneak into more respectable parts of the supply chain. It's bad enough that you might get slipped counterfeits that don't meet spec, worse if you might get slipped counterfeits that appear to work and then get destroyed once in the hands of your customers.
Cloners respond .... (Score:3, Funny)
They are playing with fire (Score:5, Informative)
It looks like they are trying to hide behind their EULA [ftdichip.com], which says that "Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT." But there are reports that this new driver is being delivered via Windows Update, which presumably doesn't show you this EULA.
Microsoft would be wise to pull this update.
Re: (Score:3, Informative)
"Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT."
That only covers their asses for incidental damage. If they went out of their way to deliberately damage property, they are in trouble. If there is an internal email that touts this as a feature and not a bug...even jokingly...they are in deep shit. Some class action firm is going to have fun with this.
Re:They are playing with fire (Score:5, Interesting)
Their EULA could say that if you use their software with something other than a genuine FTDI component they may send a hit man round, but I doubt that would stand up too well in court either. If they think they're going to get away with deliberately breaking someone's gear because of some weasel words in the EULA, they need better lawyers. Or they needed better lawyers, I should say, because if the reporting of what's going on is accurate then by this point I suspect they're already in serious trouble even if they don't realise it yet.
In a way they are going after the manufacturers (Score:3, Insightful)
A hearty meh (Score:2)
I've used FTDI products for *years* and with just a very few exceptions have had zero issues with compatibility and performance. They are my number one supplier of USB to serial chips, and I still don't have any issues recommending them. Their drivers are very stable, and they work hard to make them for every platform. If they want to go after the counterfeiters, more power to them. Filing a lawsuit against a small shell company selling back-room chips pretending to be FTDI chips won't do any good. Bri
Re: (Score:2, Interesting)
>Brick a thousand shitty chips and things might change.
Yeah, I'll stop buying devices with genuine FTDI chips so I can avoid having to put FTDI malware on my system. That's what will happen.
It's risky and unlikely to succeed. (Score:5, Insightful)
Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.
Worse, since it's coming through Windows Update, the engineers working on Windows Update might outright blacklist FTDI. And Microsoft would be at least partially liable for any bricked device, which would make their lawyers a bit uncomfortable. I wouldn't be surprised to see Microsoft release a patch in the future to automatically unbrick the affected devices.
Re: (Score:2)
Device manufacturing companies may just avoid FTDI chips outright. This is especially true if some suppliers are mixing the real chips with the counterfeit chips.
Excellent point. Why take a chance that some otherwise perfectly functional fakes get into your supply chain and costs you hundreds of thousands down the line? Just go with a different provider.
Re: (Score:3)
Yup. And now they've got a surefire test for genuine chips.
Seriously - these people using counterfeit chips have to be testing the final product. If that final product dies with an official FTDI driver, they can sue the crap out of their supplier for selling them counterfeits.
This is just wrong. (Score:3, Informative)
Re: (Score:3)
OK, your main argument is wrong. Second-sourcing is when a company licences its IP to another manufacturer.
There was no licencing here.
Re: (Score:3)
The fakes do use the FTDI logo and part numbers. They also use FTDI's VID/PID pair and usually ship with the FTDI driver. That doesn't excuse FTDI's actions of course, but these are proper fakes and not just compatible/second source parts.
The standard Windows CDC serial driver (usbser.sys) leaves a few things to be desired. It works, but can have issues with unexpected device disconnects and stuff that serial ports were never designed to do. It doesn't support GPIOs either, a common feature of FTDI chips. T
Re:This is just wrong. (Score:5, Interesting)
I own several fake FTDI chips (thanks DealExtreme for those $2 USB -> RS232 adapters). They do not have anything "FTDI" written on the chips (I opened them up to check). When using newer (but not these) windows drivers the chips are, however, detected as counterfeits and the FTDI driver throws an error, which seems like fair play. I have enough to test and see if this new driver rewrites the VID. Betcha it does.
Destroying this hardware that doesn't have their name on it, however, isn't fair play, especially when the driver is built into windows. Not like I went and downloaded it from FTDI on purpose.
Re: (Score:3)
FTDI driver never detected fakes, you are thinking of Prolific and their CODE 10
Are there alternatives? (Score:3, Informative)
Are there alternatives to this tech? I would happily buy from a competitor if one is available and boycott a company who would fuck over consumers like this. Is there even a way to choose or tell the difference between fakes or competitor products?
Where are they used? Who uses them? What alternatives are there?
Re: (Score:3)
Well the arduino guys switched to using a small ATMega chip to do their serial to USB conversion on the Uno, so at the very least that's an option.
Also, since I haven't seen it mentioned anywhere yet, you can reprogram the bricked chips using the FTDI tools and get them working again, supposedly it requires linux for WinXP but it is possible
Some people here have no idea (Score:4, Informative)
Some people say they're going to "avoid FTDI chips in the future". Good luck with that because FTDI makes the most reliable Serial-to-USB ICs on the planet. Going with anything else is just asking for trouble.
Congratulations, FTDI, You Just Killed Yourselves (Score:5, Insightful)
Can you tell, by merely looking at it, whether a given device is using GenuineFTDI(TM)(R)(C)(BFD) chips, or whether it's a counterfeit? Can you tell by using whatever the Windows equivalent of lsusb is? No? Then there is a random, non-trivial chance that plugging in your serial-ish device will either:
Thus, in the mind of the user, FTDI == Flaky. And Flaky == Avoid.
Congratulations, FTDI. Ten points for avoiding your feet, but minus several million for shooting yourself straight in the head.
Not Bricked (Score:3)
Hmm, interesting (Score:3)
I actually ship a device that implements FTDI's protocol in an MCU, and simply glue an otherwise unused FTDI chip to the board as a physical "license token". It's more reliable that way, and I can offer way better buffering and sync than the FTDI chip would allow. As long as they don't use real crypto in their chip, I'm not worried - an afternoon with a protocol analyzer should solve any issues. And if they do use crypto, then I'll probably have my buddy decap the chip and look for the private key bits on the die.
BADusb (Score:3)
and here we have very first attack of BadUsb. Computer malware infecting and destroying USB connected peripherals, possible because USB device had no firmware signing/authentication and was build to let anyone update it.
oh well (Score:3)
FTDI has .... interesting level of support, they THINK they are the only ones in the universe with a USB to various serial devices, but they are not, prolific chips are easier to design with since they are pretty much a drop n go part, TI and Microchip have some good ones, and any yahoo can take a cheap usb device capable micro and make their own which is what arduino did years ago.
so I applaud you FTDI for taking a stand, DONT make it a pain in the ass for me, the guy who has no problems using someone else's chip in my design
Why does Windows install model-specifc drivers? (Score:5, Interesting)
One difference I've noticed between Windows and Linux...
* in Linux, plug in a USB key, or hard drive, or other USB device, and if you have the appropriate driver, "it just works". One USB "mass storage device" driver works for all USB keys and hard drives
* in Windows...
--- plug in a brand X USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Y USB key the first time, and Windws goes off onto the internet and installs a special driver
--- plug in a brand Z USB key the first time, and Windws goes off onto the internet and installs a special driver
Come on guys, a USB key is a USB key, is a USB key. If it has some esoteric functionality, OK, otherwise don't clog up the registry and the hard drive with drivers for every USB key model that has ever been inserted into the machine..
I have a USRobotics USR5637 http://www.usr.com/en/products... [usr.com] USB CDC "56K" dialup modem for backup on the rare occasions my broadband goes down. It's a hardware modem that works in Windows, Mac, Linux, DOS, etc. Once I set up the kernel options in linux "it just works", without constantly downloading updates. WTF is Windows always updating?
Re:In later news... (Score:5, Informative)
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
Re:In later news... (Score:4, Informative)
Intentional and willful destruction of another person's property for the base reason that he didn't buy with you but with your competitor? I don't know about your country, but over here in socialist Europe we have consumer protection laws that deserve that name.
I would say that modifying the PID on the chip is pretty far from "intentional and willful destruction." From one of the comments in the support board posting masquerading as TFA:
And
While it is rather underhanded, had FTDI done this the *correct* way and just interrogated the chip and refused to work with a fake, this would be a non-story. At the same time, just modifying the PID is far from "destroying" the device. If FTDI's driver did something that actually did damage to the hardware, I might be more sympathetic. That's not to say that I think FTDI did the right thing, just that the did not actually damage or "brick" anything. The device isn't broken, it just needs to have its PID reset. Once that happens (and I guess that's what FTDI was trying to do), the end user will be painfully aware that they have a counterfeit chip.
As I said, poorly executed and likely to cause some backlash, but no hardware is damaged or destroyed. Unless you're an idiot.
Re:In later news... (Score:5, Informative)
For the vast majority of consumers, changing the PID to 0 is absolutely damaging the product. Product works one day, plug it into the computer with the new driver and it stops working. It's broken. Yes it can be fixed, but it's well beyond the comfort zone of the average consumer, which means they need to either pay someone to fix it, go begging for help, or buy a new one.
Re: (Score:3)
Great idea. Will do. Just ... umm... how do I find out just WHICH controller chip is used in the USB stick I plan to buy?
I may not be the best example, considering that I have rather intimate knowledge of USB controller chips due to the nature of my work. I may actually be able to find out what controller chip is used in USB sticks. But because of this I can inform you that it is anything but trivial to find out just what controller is being used in a stick. Let's put it that way: Quite often finding it out
Re: (Score:3)
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying
Re: (Score:3)
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.
We are clearly in agreement here except on a single point: changing the PID is neither attacking the firmware nor damaging the hardware. After a PID change, the hardware (and firmware) is still functional -- as long as either some driver can recognize it or the PID is reset to a valid ID.
It may be that FTDI was unable (or unwilling) to find a way for their driver to stop supporting the counterfeited chips, so they just removed the mask (the PID) on the chip that claimed the counterfeits were genuine. That's not damaging the hardware or the firmware, merely modifying an embedded setting.
All that said, FTDI's actions were not appropriate -- and they will likely end up paying for it in the court of public opinion. However, FTDI's driver did not damage or harm the chips themselves -- and they certainly weren't (as some here have claimed) "bricked."
Regardless of whether they were permanently 'bricked' or not, your initial comment was about 'technologically ignorant users' somehow 'requiring' them to support the fake product - the driver can simply refuse to work with the device.
Now, however, you take that 'technically ignorant user' who went out and bought say 3 x 4GB USB dongles that happened to have fake FTDI chips in them, unaware of that fact of course, who then copies his business critical data, say 3 years worth of work, onto all 3 of them (for
Re: In later news... (Score:4, Interesting)
Tortuous interference and trespass to chattels with an identifiable, numerous class with commonality of injury, and an easily identifiable tortfeasor acting with clearly malicious intent?
I hope no one is paying you to be their lawyer, since the suit practically writes itself.
Re:Is it legal to make code compatible alternative (Score:5, Interesting)
My $3 generic eBay FTDI clone USB->Serial cable (that I bought to program my Baofeng radio via Chirp) came with no drivers and Windows pulled down the real FTDI driver. Over the summer, it only worked sporadically. Usually didn't work. Swapping out the cable for a $12 legit cable from Trendnet solved all issues. It isn't just that these chinese places are making a clone, it's that they are making a crappy sort-of compatible clone and passing it off as the real thing, and directing you to use the FTDI drivers. It totally makes FTDI look bad. I didn't find out until after researching with some guys from chirp that my cable was a knock off. I thought I was buying a supported chipset. Might not be legal or ethical, but I'm all for anything that stops these crappy chinese cloners in their tracks. I spent way too much time and hassle on a problem they caused.
Re:Is it legal to make code compatible alternative (Score:4, Informative)
I've had issues with many non-FTDI USB to serial adapters but the real FTDI ones have been rock solid. I pushed for integrating a quad FTDI USB to serial chip into one of our products since the FTDI chip can also do i2c and JTAG. I'm sure a knock-off chip would have a lot of problems. I've had the FTDI serial chip reliably running at 10Mbps.
Re:Design was not copied. (Score:3)
Re: (Score:3)
So FTDI is pissed that counterfeiters are using FTDI PIDs in their counterfeit chips so that the counterfeit chips get the benefit of FTDI drivers. I certainly sympathize with their gripe there. So FTDI is saying, "Don't use our PID" and setting the PIDs to 0 in counterfeit chips.
My guess is that FTDI didn't really think through the implications of that, that setting a PDI of 0 would brick the chip. What they should have done is just set the PID to some generic USB CDC serial port so that the counterfeit chips would no longer use the FTDI driver and would no longer show ups as FTDI chips to the OS.
This very could have been more of an "oops, sorry about that dude" than an "I KILL YOUR CHIP NOW! MOOHAHAHHA!"
Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it. That FTDI doesn't want to support counterfeited chips with the driver it developed for the real article is reasonable.
Why should FTDI support chips it didn't make?
Re:This might have been incompetence, not malice (Score:5, Insightful)
Except the chip wasn't, as you put it, "killed." The chip is still fully functional with a driver that will support it.
The chip was pretty killed. With a PID of 0, Windows, Mac OS, and Linux wouldn't recognize it. It's theoretically possible to fix the PID, but most end users wouldn't really know how to do that.
Why should FTDI support chips it didn't make?
They shouldn't have to support chips that they didn't make, but at the same time, they shouldn't brick* chips that they didn't manufacture.
What FTDI really should have done is to set a generic PID for the chip type. That way, the chip would no longer use the FTDI driver, and they wouldn't have to support it.
*I use "brick" in the sense that using their Windows driver to set the PID to 0 makes the chip no longer function in other OSs, either. I am aware that an unbricking procedure is available.
Re:"Reasonable" my ass (Score:4, Insightful)
However, when you find a contract manufacturer and ask them to make 100,000. You require an XYZ, Inc. ABC123 chip and ask the manufacturing contractor to source it. Unbeknown to you, they obtain a counterfeit source. The chip is virtually identical externally, and functionally very similar, so that your product passes validation testing.
You as the device designer and seller may have no idea that you have fake chips on your device. Perhaps, your RMA rate is higher than you expected due to chip failures, or perhaps you are getting a lot of bug reports from the field which are not reproducible on your prototypes, but are on production devices.
This isn't the first time a USB->UART vendor has taken vigilante action against fakes. The vendor Prolific had major problems with low-quality, buggy and slow fake chips, causing major support headaches for customers and themselves. I believe they ended up discontinuing their main product and replacing it with an incompatible version, while poisoning the drivers so that they would BSOD/Kernel panic if they detected a fake chip.