Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday October 23 2014, @07:55PM   Printer-friendly
from the no-longer-so-widely-used dept.

Spotted over at Hackernews is a link to an eevblog posting on FTDI drivers recognising and disabling "fake" devices.

Future Technology Devices International, commonly known by its abbreviation FTDI, is a Scottish privately held semiconductor device company, specializing in Universal Serial Bus technology.

The FTDI FT232 is a widely used USB to serial converter component; there are, however, some cases of compatible "clone" devices being used in products rather than the official FTDI chips.

It appears that the latest official FTDI driver now recognises these devices and when it encounters them it reprograms the product ID so that the device is no longer recognised, and will not work. (These devices can, however, be reprogrammed and recovered using Windows/XP or Linux.) FTDI have stated that the user has allowed them to do this as part of the driver license agreement.

The Linux driver is still safe, but the binary blob from Windows update is now something that we should all blacklist and uninstall, for our own safety. I've already bricked one of my FTDI boards. Will FTDI reimburse me for the purchase and time it will now take to undo all this damage? I doubt it. Did they think this fully through before launching a hostile attack on their end-users? I doubt that, too.

More comments on the original hackernews thread.

Related Stories

Update: FTDI Yanks Chip-Bricking Driver from Windows Update, Vows to Fight on 29 comments

The Register Follows with, FTDI yanks chip-bricking driver from Windows Update, vows to fight on:

Chipmaker FTDI has pulled a driver from Windows Update that could brick devices containing knockoff versions of its USB-to-serial bridge chips, but says it won't back down on its aggressive anti-counterfeiting stance.

Earlier this week, hackers from various hardware forums began noticing that FTDI's latest driver would set a USB device's USB product ID to 0 if it contained a fake version of one of FTDI's chips. Once zeroed, neither Windows, OS X, nor Linux would recognize the device anymore, rendering it useless.

Naturally, owners of devices containing the counterfeit chips were less than pleased.

Responding to the growing furor, FTDI now says it has yanked the offending driver from Windows Update so that Windows users will no longer receive it automatically. But it says it has no intention of giving up the fight against (presumably) Chinese chip knockoff artists.

Related article: FTDI Driver is Disabling Fake Chips

FTDI-Gate 2.0 37 comments

FTDI, not bound to stop at last year's anti-counterfeiting attempt of bricking fake chips has again pushed a driver update via Windows update that inserts the ASCII Text "NON GENUINE DEVICE FOUND!" in the serial transmission. More information can be found on this EEVBlog forum thread: http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/

Previous coverage:
FTDI Driver is Disabling Fake Chips
Update: FTDI Yanks Chip-Bricking Driver from Windows Update, Vows to Fight on


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @08:07PM

    by Anonymous Coward on Thursday October 23 2014, @08:07PM (#109342)

    "Did they think this fully through before launching a hostile attack on their end-users? I doubt that, too."

    I think the entire point is that you AREN'T their end user, but supporting counterfeiters.

    • (Score: 2, Insightful) by Anonymous Coward on Thursday October 23 2014, @08:25PM

      by Anonymous Coward on Thursday October 23 2014, @08:25PM (#109350)

      Yeah, well that argument would hold water if you could tell if the product you are buying was genuine or not. From the linked threads, it appears you could buy a product in good faith, not knowing it had a counterfeit chip in it, and end up encountering this issue. FTDI is going after the wrong parties here.

    • (Score: 1, Insightful) by Anonymous Coward on Thursday October 23 2014, @08:35PM

      by Anonymous Coward on Thursday October 23 2014, @08:35PM (#109356)

      This seems rather suicidal from a companies POV.

      Basically it means you have no idea if the FTDI chip is any good and you could be throwing money away. To a possible customer that means do not buy FTDI chips as its basically 'caveat emptor'. It also means from a customer POV FTDI goes out of its way to break your equipment even if if they didnt make it. Yeah that is a big skip on buying that...

      • (Score: 2) by emg on Thursday October 23 2014, @09:29PM

        by emg (3464) on Thursday October 23 2014, @09:29PM (#109369)

        Sounds like the kind of thing an MBA would do.

        • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @09:59PM

          by Anonymous Coward on Thursday October 23 2014, @09:59PM (#109382)

          Or a basement geek with such absolutist beliefs about right and wrong that proportionality is a foreign concept.

    • (Score: 5, Insightful) by sjames on Thursday October 23 2014, @08:53PM

      by sjames (2882) on Thursday October 23 2014, @08:53PM (#109360) Journal

      Since the end user can't readily determine if the chip is genuine or not, the rational action now is to avoid anything that says it's FTDI. It's the only way to make sure FTDI doesn't brick you.

      Surely it would have been better for FTDI to either ignore it or just put up a warning message.

      • (Score: 2) by Grishnakh on Friday October 24 2014, @03:25AM

        by Grishnakh (2831) on Friday October 24 2014, @03:25AM (#109467)

        Your average Windows user isn't going to be savvy about avoiding FTDI chips.

        My solution is simple: don't use Windows, and stick with Linux.

    • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @09:27PM

      by Anonymous Coward on Thursday October 23 2014, @09:27PM (#109368)

      > Enough righteous outrage

      From your subject line I thought you would be criticizing FTDI. After all this situation is 100% the result of their righteous outrage. They think themselves so righteous that they don't see anything wrong with deliberately and willfully breaking people's equipment and then justifying it with fine print. That sort of myopia always backfires. Between all the uncertainty they've created in their brand and the inevitable class-action lawsuit, they will be lucky to survive as a corporate entity.

      • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @09:47PM

        by Anonymous Coward on Thursday October 23 2014, @09:47PM (#109377)

        It isn't righteous outrage when a company refuses to support a counterfeit product and changes the vendorid that the chip is using illegally.

        • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @09:57PM

          by Anonymous Coward on Thursday October 23 2014, @09:57PM (#109381)

          > It isn't righteous outrage when a company refuses to support a counterfeit product and changes the vendorid that the chip is using illegally.

          Lol. That is precisely righteous outrage. Perhaps you are unfamiliar with the term "righteous" as in "acting in accord with divine or moral law : free from guilt or sin." FTDI thinks they are morally correct because they've been injured and are just making things right with no care for whom they injure in the process.

          • (Score: 0) by Anonymous Coward on Thursday October 23 2014, @10:03PM

            by Anonymous Coward on Thursday October 23 2014, @10:03PM (#109383)

            I perfectly familiar, what you don't get is that there is no outrage in FTDI's actions. It's simply what a business has to do to protect their product.

            • (Score: 0) by Anonymous Coward on Friday October 24 2014, @12:01AM

              by Anonymous Coward on Friday October 24 2014, @12:01AM (#109414)

              > I perfectly familiar, what you don't get is that there is no outrage in FTDI's actions. It's simply what a business has to do to protect their product.

              Yeah, sure it is. They don't make the rules!

            • (Score: 3, Funny) by hemocyanin on Friday October 24 2014, @12:06AM

              by hemocyanin (186) on Friday October 24 2014, @12:06AM (#109418) Journal

              An AC on /. basically nailed this issue:

              >We've discovered some non-factory parts in your car.
              -Oh, really? Well, I'm going to drive over to the dealership [and] take that up with them.
              >We've already handled the problem. We crushed your car into a cube.
              -Uhhh...
              >You have 15 seconds to move your cube.

              http://hardware.slashdot.org/comments.pl?sid=5861063&cid=48205875 [slashdot.org]

              There is a response and a totally hilarious follow up.

        • (Score: 2) by hemocyanin on Friday October 24 2014, @12:14AM

          by hemocyanin (186) on Friday October 24 2014, @12:14AM (#109422) Journal

          This is NOT refusing to support a competitor. This is intentionally attacking the consumer who has no realistic method of determining if the chip is a valid one or not, and then destroying their hardware (at least for 99% of the users who aren't going be able to change the PID on their USB chip). Honestly, I think they are setting themselves up for a huge class action suit because while it is true they do not have to support competitors or clones, they don't have the right to blow them up either -- figuratively or literally. Seriously, if they found a clone manufacturer in the factory next door sold chips to Garmin, would they be in their rights to firebomb Garmin's factory or track down users and stop on their chartplotters or GPS units? "Uhhhhhh .. of course not that's stupid." Exactly. Someone would go to jail. Destroying other people's property is a crime and FTDI just committed one on a large scale, albeit not in person, but isn't everything done over the computer subject to double punishment?

        • (Score: 0) by Anonymous Coward on Friday October 24 2014, @07:04AM

          by Anonymous Coward on Friday October 24 2014, @07:04AM (#109495)

          A vendor id is simply a four-digit number. There is no such thing as using a four digit number illegally. OK, there could be if we were talking about a trade mark, but this is simply an identification number given out on a first come first serve basis.

          The best you can do is the contract you sign before getting a vendor id, but guess what... Only the legitimate manufacturers need such a contract. The clone manufacturers don't need their own id, as the clones use the id they are a clone of.

          Apart from that, you need to use the same id to be 100% compatible. That likely makes it explicitly legal over here in the EU.

  • (Score: 3, Informative) by skullz on Thursday October 23 2014, @08:11PM

    by skullz (2532) on Thursday October 23 2014, @08:11PM (#109344)

    This brings back memories of the early USB days... back when you had to install a driver from a floppy on your Win 2000 box to get USB to work. Some devices crashed the system, some didn't work, some bricked and some bricked your system. Fun times.

    But no fun enough for these guys to bring them back.

  • (Score: 2) by frojack on Thursday October 23 2014, @08:11PM

    by frojack (1554) on Thursday October 23 2014, @08:11PM (#109346) Journal

    binary blob from Windows update is now something that we should all blacklist

    Is there a name or a specific microsoft patch number to look out for?
    A lot of these updates are pretty opaque.

    --
    No, you are mistaken. I've always had this sig.
    • (Score: 3, Funny) by skullz on Thursday October 23 2014, @08:17PM

      by skullz (2532) on Thursday October 23 2014, @08:17PM (#109348)

      Its right there:

      Optional Recommended Critical Minor Windows Security Update 123456WhiskeyTangoFoxtrot v0.0001.2.2.111OMG

      What could be clearer?

    • (Score: 1) by BananaPhone on Thursday October 23 2014, @08:26PM

      by BananaPhone (2488) on Thursday October 23 2014, @08:26PM (#109351)

      I'd black list ALL Products from FTDI.

      today USB converters. Tomorrow the world.

  • (Score: 2, Interesting) by codemachine on Thursday October 23 2014, @09:12PM

    by codemachine (1333) on Thursday October 23 2014, @09:12PM (#109363)

    I've already bricked one of my FTDI boards.

    First off, it obviously was not an FTDI board. Secondly, it was not bricked. Its ID was rewritten. You could even argue that this is the correct thing to do, since the device was misrepresenting its vendor ID. FTDI paid money to the USB consortium to use that ID, so why should someone else who is counterfeit their chips get to use it for free?

    The person who should reimburse you is the one who sold you counterfeit goods, not FTDI. They are not attacking their end users at all. Their end users are fine. End users who have (most likely unknowingly) purchased counterfeit goods are the ones affected.

    The fact is, most end users will have no idea who FTDI is. The USB converter will be one tiny chip inside of the USB device they are using. When that device stops working, they won't be blaming FTDI for it. They'll be (correctly) blaming the device manufacturer, or (incorrectly) blaming Microsoft.

    • (Score: 5, Insightful) by emg on Thursday October 23 2014, @09:26PM

      by emg (3464) on Thursday October 23 2014, @09:26PM (#109366)

      So, let's see. Suppose I have some critical device hooked up to a Windows PC with one of these converters. They kindly brick it for me. The critical device goes down.

      But it's OK, because I have another one. Oh, except it has the same kind of converter. Now my critical systems are both down.

      Guess what? When I find out that some third party killed my critical hardware, there'll be a big lawsuit heading their way.

    • (Score: 1, Interesting) by Anonymous Coward on Thursday October 23 2014, @09:54PM

      by Anonymous Coward on Thursday October 23 2014, @09:54PM (#109380)

      And then good luck getting any money back. Where you bought it will laugh at you as its way past the 7 day return, no matter what any "law" might say. Then where can you turn?
      Most such devices don't come with a transparent cover so you can inspect the chips inside. The end user needs a device to do A, and the shop has maybe only one model or option. Even if you could see the chips, Joe Average does not have any clue what to look for or have a hi-tech chip probe handy to test the (sealed) device in-store.

      • (Score: 1) by tftp on Friday October 24 2014, @06:03AM

        by tftp (806) on Friday October 24 2014, @06:03AM (#109483) Homepage

        Most such devices don't come with a transparent cover so you can inspect the chips inside. The end user needs a device to do A, and the shop has maybe only one model or option. Even if you could see the chips, Joe Average does not have any clue what to look for or have a hi-tech chip probe handy to test the (sealed) device in-store.

        A transparent cover won't help. If the counterfeiter is capable of duplicating the silicon, why can't they laser-etch "FTDI" on the chips themselves? It's a standard marking method, and nobody cares what the customer wants etched.

        As the fake chips are (were) using the FTDI's driver, they are literally indistinguishable from the original part. I guess FTDI found something to identify fakes (or, more likely, added something unobvious into their latest masks.) Nobody can tell who is responsible for the fake ICs besides the entity that ordered the silicon. Fabs do not care - they cannot run compare on thousands of designs; and besides, if FTDI makes their ICs on fab A, how the fab B would ever know that masks delivered to them by a non-FTDI customer are identical?

        Now, one could say that if you buy your parts from Avnet or Digikey you expect them not to be counterfeits. Perhaps. But if you buy from Avnet, your converter will cost $50. You buy a bunch of trays on Alibaba [alibaba.com]. You pay with Western Union or PayPal. What will you get? It's a very good question. What will you be guilty of if you receive working ICs that carry the FTDI logo but are not, actually, made by FTDI? How would you even figure it out? Are you even required to do so by law? I buy lots of ICs, but I must confess that I never tested any of them for being made by someone else.

        If FTDI is so much concerned about counterfeits, they should embed a little PKI signature module into each IC, or something like that. Make sure that the key is not easy to access, even in a good lab. Allow the API to verify the signature. Allow the driver to refuse to load if a fake IC is detected. Allow the user to roll back the driver.

        As other people already pointed out, if the driver detects a non-FTDI IC with a FTDI VID/PID, the driver has no right to mess with it - just because it's not FTDI's IC. The crime here is a wrongful use of FTDI's VID/PID, nothing else. Intentional access and effective bricking of someone else's hardware is also called being the judge, the jury and the executioner. FTDI has no right to take law into its own hands, for obvious reasons. Furthermore, use of someone else's VID/PID is not a criminal matter; but intentional destruction of property may well be. Looks like this was coded by some engineer, without ever asking the legal department.

        • (Score: 1) by gargoyle on Friday October 24 2014, @10:00AM

          by gargoyle (1791) on Friday October 24 2014, @10:00AM (#109512)

          If FTDI is so much concerned about counterfeits, they should embed a little PKI signature module into each IC... Allow the API to verify the signature.

          They either already have that or it's not necessary because the drivers are already able to tell the difference between FTDI and counterfeit chips.

          That means that all that is left to do is decide how to respond to the discovery of a chip, and there were a couple of possibilities:

          1. Don't let the current driver run
          2. Modified the chip in a way to stop it being used with this or any other driver, on any other PC

          They decided to use option 2. I think option 1 would have been completely justified, it costs them nothing, keeps as much good will for their end users (or at least people who genuinely believe they are FTDI customers) but also sends a message saying that counterfeit chips will not be supported.

          Option 2 doesn't gain them any revenue or reduce their costs compared to Option 1, does cost them far more goodwill (which is probably going to hit them in future revenue) and probably has a lot of class action lawyers salivating.

          That decision about how to handle a counterfeit chip once discovered just looks plain stupid to me. It incurs far more risk for no extra gain. I wonder how far up the chain of command the decisions goes, I suspect a middle manager thinking he's just found a way to make himself look good while not planning out all the likely consequences.

          • (Score: 2) by TheGratefulNet on Friday October 24 2014, @01:59PM

            by TheGratefulNet (659) on Friday October 24 2014, @01:59PM (#109573)

            see ftdi's official statement, by the CEO himself!

            http://www.ftdichipblog.com/?p=1053 [ftdichipblog.com]

            We appreciate your feedback, comments and suggestions.

            As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honorable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.

            The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.

            As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm [ftdichip.com]

            If you are concerned that you might have a non-genuine device, our support team would be happy to help out.

            Yours Sincerely

            Fred Dart – CEO

            --
            "It is now safe to switch off your computer."
    • (Score: 4, Insightful) by bornagainpenguin on Thursday October 23 2014, @10:18PM

      by bornagainpenguin (3538) on Thursday October 23 2014, @10:18PM (#109388)

      First off, it obviously was not an FTDI board. Secondly, it was not bricked. Its ID was rewritten.

      I don't have a dog in this fight since I do not use any USB to Serial port adapters at this time, but if I had a working device and this company did something--which they have admitted to--and my formerly working hardware suddenly stops working as far as I'm concerned that was a hostile action and I would consider it a malicious social engineering hack on my system by an unauthorized entity. This is supposed to be an update for FTDI hardware right? This "update" more or less only exists to disable the supposed counterfeit hardware, right? That means this company is knowingly altering hardware interaction for which it does not have any rights to, they've already declared it to not be theirs.

      How the hell is this not hacking?

      If FTDI has issues with counterfeit devices that is its problem not mine, they perhaps need to advertise better who makes what. My issue is buying hardware and not having it maliciously rendered inoperable by updates from someone other than the manufacturer. And if FTDI was not the manufacturer of the board then I do not have any license with them and they have no agreement from me to disable anything because I was never their customer. Their issue is with the counterfeit manufacturer not me.

      I hope someone sues them to oblivion for this so it never catches on...

      Certainly I will never knowingly purchase from this company in the future.

      • (Score: 0) by codemachine on Thursday October 23 2014, @10:55PM

        by codemachine (1333) on Thursday October 23 2014, @10:55PM (#109394)

        I'm curious what you think a device driver should do when it detects it is talking to hardware that it isn't supposed to be a driver for.

        If my Microsoft Zune reports itself as an Apple iPod to the USB system, and the Apple driver loads and is able to detect that it is not actually communicating with an iPod, should it continue to run the driver code anyhow and just hope that everything works? The end result in some cases could be BSODs, which could bring down the whole system rather than the offending device (this is what an FTDI competitor's driver did when handling counterfeit chips).

        I'd argue that it should just fail to operate altogether. Rewriting the device ID is perhaps going a step too far. Though to most end users, they'll see the same result: "it doesn't work".

        • (Score: 0) by Anonymous Coward on Friday October 24 2014, @12:05AM

          by Anonymous Coward on Friday October 24 2014, @12:05AM (#109417)

          > Rewriting the device ID is perhaps going a step too far.

          Massive understatement.

          > Though to most end users, they'll see the same result: "it doesn't work".

          Most end-users will then roll the driver back. At which point everything would work just fine if FTDI hadn't explicitly broken their hardware.

        • (Score: 2, Insightful) by Horse With Stripes on Friday October 24 2014, @12:09AM

          by Horse With Stripes (577) on Friday October 24 2014, @12:09AM (#109419)

          I'm curious what you think a device driver should do when it detects it is talking to hardware that it isn't supposed to be a driver for.

          It should not support the hardware. But it should also not alter the hardware. The driver not loading/running would effectively prevent the counterfeit device from working without preventing the user from using a different driver. Remember that the user is not the bad actor is this scenario.

          • (Score: 1) by codemachine on Monday October 27 2014, @05:27PM

            by codemachine (1333) on Monday October 27 2014, @05:27PM (#110599)

            I do agree that this would've been the better approach. Just stop communicating with the hardware.

            The only leg they'd have to stand on is if they also rewrite the PID for genuine FTDI chips that have been found to be misbehaving. There is a slim chance that this is what this code was intended to do, and it just happens to harm the clone chips. But given their recent statements about their intent to deal with the counterfeit chips, I find this highly unlikely.

            I do find it amusing that people's solution is to stop using FTDI chips. Those who are using genuine FTDI chips are completely fine. Those who are using counterfeit chips that lie about their vendor ID to piggy back on FTDI's driver work, without contributing anything to the company that did the work, are the ones who are having problems.

        • (Score: 3, Informative) by Arik on Friday October 24 2014, @02:01AM

          by Arik (4543) on Friday October 24 2014, @02:01AM (#109446) Journal
          "I'm curious what you think a device driver should do when it detects it is talking to hardware that it isn't supposed to be a driver for."

          It should report an error.
          --
          If laughter is the best medicine, who are the best doctors?
        • (Score: 0) by Anonymous Coward on Friday October 24 2014, @02:15PM

          by Anonymous Coward on Friday October 24 2014, @02:15PM (#109579)

          I'm curious what you think a device driver should do when it detects it is talking to hardware that it isn't supposed to be a driver for.

          Leave it alone. Certainly not alter it.

      • (Score: 2) by tibman on Friday October 24 2014, @05:46PM

        by tibman (134) Subscriber Badge on Friday October 24 2014, @05:46PM (#109663)

        Maybe you should contact the counterfeiters and ask them for a driver then. Because FTDI has zero reasons to support your counterfeit hardware. Who knows what that chip was doing there. You should be extremely concerned that you have hardware that is lying to you. That isn't FTDI's fault, but whoever made your hardware. FTDI just bumping it off their usbid was not very helpful though. When connecting to a com-port it should have opened a prompt informing the user that the hardware is counterfeit. From there the user could have the option of bumping the usbid, contacting support, or ignore it until the next com port connection.

        Saying that you will never knowingly purchase from FTDI is like saying you won't buy EEPROM made by Atmel. You will have no idea unless you look at the chips themselves. 99% of products don't give parts lists or photos of the boards, they list features. TTL Serial to USB is a feature. FT232R is a chip by FTDI that perfoms that feature. You simply won't know if your product has this part without inspecting it.

        Imagine you received a windows update that detected your Chrome install was an impostor and it had no idea who compiled those binaries. You'd probably be freaking out and actually glad that the update disabled this rogue program.

        --
        SN won't survive on lurkers alone. Write comments.
      • (Score: 2) by cafebabe on Friday October 24 2014, @09:13PM

        by cafebabe (894) on Friday October 24 2014, @09:13PM (#109727) Journal

        What happens if a bit flip occurs between a genuine device and its device driver? In this case, a device driver could permanently disable a genuine device. On that basis, it is worthwhile to avoid the brand.

        --
        1702845791×2
    • (Score: 1) by TK-421 on Friday October 24 2014, @01:31AM

      by TK-421 (3235) on Friday October 24 2014, @01:31AM (#109437) Journal

      Everything you say is true. However, just because you CAN do something doesn't mean you SHOULD.

      Someone posted below what I believe to be the true consequence of FTDIs actions, that the only safe move for a consumer is to avoid purchasing any device that reports one of FTDIs controllers inside.

  • (Score: 4, Interesting) by FatPhil on Thursday October 23 2014, @09:27PM

    by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Thursday October 23 2014, @09:27PM (#109367) Homepage
    https://lkml.org/lkml/2014/10/23/129

    Read the whole thread. Including it's earlier mention: http://marc.info/?l=linux-usb&m=141403510729881&w=2 which is a fix for the windows driver "bricking". So yes, this is not a bricking at all - it (the windows patch) makes windows unable to use the device, but that's because windows choses to no longer communicate with such devices. Linux is desperate for friends, and will chat to anything.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    • (Score: 2) by TheGratefulNet on Friday October 24 2014, @02:06PM

      by TheGratefulNet (659) on Friday October 24 2014, @02:06PM (#109577)

      yes, there's a kernel update. that's great. but it will be a while before it gets into everyone's systems.

      I have old linux boxes that no longer get updates. ubuntu (et al) often abandon older releases and apt-get no longer brings in new kernels or updates. and I'm not about to trash all my legacy systems (at home and at the lab) by messing with them when they work Just Fine(tm).

      if you can get a kernel module update for the exact kernel you are running, you can rmmod the module and modprobe the new one, but again, I have older linux distros deployed and they use vendor created kernels that I don't have exact sources to. I could GET them, but its a bit of time and effort and I'd rather not have to.

      at least there is the linux fixer app that will restore the 0x6001 to the pid, so I don't need a patched kernel driver.

      it is nice that linux has a patched driver to allow 0x0000, but that, alone, is not enough; it should actually write BACK the 0x6001 pid if it finds a 0x0000 pid, if for no other reason than for the benefit of systems that don't have the patch.

      --
      "It is now safe to switch off your computer."
    • (Score: 2) by cafebabe on Friday October 24 2014, @09:19PM

      by cafebabe (894) on Friday October 24 2014, @09:19PM (#109730) Journal

      Linux is desperate for friends, and will chat to anything.

      That's not entirely true:-

      Unix is user-friendly; it's just picky about who its friends are.

      --
      1702845791×2
      • (Score: 2) by FatPhil on Saturday October 25 2014, @09:23AM

        by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Saturday October 25 2014, @09:23AM (#109853) Homepage
        You're talking to a guy who hasn't had a windows machine in his house for 15 years. And when Apple gave me a freebie machine, I installed linux on it as I wanted a real unix not the fake shit they peddle.
        --
        Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
  • (Score: 3, Insightful) by tftp on Thursday October 23 2014, @10:11PM

    by tftp (806) on Thursday October 23 2014, @10:11PM (#109384) Homepage

    But, unfortunately, it's a war by proxy - and you, the user, are that proxy. FTDI cannot hit some Yin Yang Industries directly, so it instead attacks an innocent 3rd party that bought their products in good faith. It's the users that suffer, not the manufacturer of counterfeit ICs. It's not even like the user buys from the counterfeiter directly. One OEM makes a converter from cheap parts that he buys locally, with a certificate that the ICs are not fake. Then some other OEM buys those converters and installs them into a larger system. Then you, the user, buy that larger system. When the driver strikes, the expenses accumulate at your end, and maybe at the OEM that you bought the system from. But since they do not control the converter - and never opened it up, though that wouldn't help anyway - they only can send you another one, and another... until they realize that something is wrong. But what can they do? They only can stop buying from the converter's OEM. That is not going to make an impact, as these things are made in millions and sold retail.

    FTDI has no right to involve innocent users in their war. What they have done is pretty bad. Perhaps a lawyer can demonstrate that their actions are intentionally interfering with the user's business.

    • (Score: 1) by codemachine on Thursday October 23 2014, @11:02PM

      by codemachine (1333) on Thursday October 23 2014, @11:02PM (#109397)

      If the counterfeit ones become useless, it will eventually hurt the company making the counterfeits. Unfortunately it is a situation where users and device manufacturers will feel the pain well before it works its way back up to the distributors and manufacturers of those chips.

      • (Score: 1) by tftp on Thursday October 23 2014, @11:12PM

        by tftp (806) on Thursday October 23 2014, @11:12PM (#109400) Homepage

        Not much unlike a great medieval tradition of burning villages and killing peasants just to deliver a message to a particular feudal.

      • (Score: 0) by Anonymous Coward on Friday October 24 2014, @12:48PM

        by Anonymous Coward on Friday October 24 2014, @12:48PM (#109541)

        If the counterfeit ones become useless, it will eventually hurt the company making the counterfeits.

        Well, the counterfeiting company only needs to have their chips refuse to change the ID. Or alternatively, analyse the driver code that detects the fake chips, and update the chips so that the code doesn't detect them.

  • (Score: 2, Insightful) by forkazoo on Thursday October 23 2014, @10:29PM

    by forkazoo (2561) on Thursday October 23 2014, @10:29PM (#109390)

    It seems like the safest move as a consumer is to avoid buying anything that claims to have an FTDI chip in it, right?

    That's clearly not the intended result, and anybody selling chips under a false name is clearly an asshole, but this strategy seems like a terrible idea.

  • (Score: 2) by TheGratefulNet on Friday October 24 2014, @01:54PM

    by TheGratefulNet (659) on Friday October 24 2014, @01:54PM (#109568)

    I have been following this since the start of the eevblog thread and the hack-a-day thread.

    several of my amazon 'clone' boards had the fake chip and win7 proceeded to zero out the pid. I was ready to return them to amazon (the ones still under 30 days, which really is not that many, considering how many ftdi dongles and boards I have) but then the linux 'fix' app came out and I was able to unzero them.

    I had to spend time removing the malicious 2.12 win7 driver, REBOOT THE BOX (since the driver is still mem-resident even after removing it) and force a 2.10 driver to be installed. also had to go thru all my win boxes and remove auto-update on driver search. MS has shown that they don't really watch what companies do when they get 'certified drivers' and so, even MS has a black eye in my view, they helped distribute this malware.

    I design hardware and I'm an influencer at work (large networking company everyone has heard of). my advice to my peers and co-workers is to find other serial converter chips and standardize on those. I can't force my engineers to do this but after being informed, they are all reasonable people and I think they'll see the danger in continued use of ftdi in their designs.

    congrats, ftdi, for being the 2014 'sony rootkit' poster boy...

    --
    "It is now safe to switch off your computer."
    • (Score: 1) by anubi on Monday October 27 2014, @10:40AM

      by anubi (2828) on Monday October 27 2014, @10:40AM (#110465) Journal

      Thats exactly the take I have on it.

      I had believed something like this was non-programmable and safe to put into a design. Not so, I see.

      If FTDI can destruct the interface chips with code, so can anyone else.

      This looks to me just like a digital sleeper cell, just waiting for someone to tell it to shut down.. We are getting too much of this stuff.

      By careless design of brickable devices into our stuff, we are just setting ourselves up for mass infrastructure failures when some arbitrary someone releases a destruct code.

      Both FTDI and Microsoft have just demonstrated they cannot be trusted.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 1) by codemachine on Monday October 27 2014, @06:05PM

        by codemachine (1333) on Monday October 27 2014, @06:05PM (#110611)

        You do know that the programmable ID is a feature of these chips, right? It is well documented. Why did you believe that it was non-programmable when the product supports a programmable EEPROM?

        What I don't know is if the genuine FTDI chips accept an ID of zero, or whether they have some sanity checking to make sure that it can't be set to zero that the clones lack.

        I also don't know if there is a way to protect the EEPROM, but it'd be pretty easy to read their documentation and find out. Many here obviously haven't, but that hasn't stopped them from making assumptions.

        • (Score: 1) by anubi on Tuesday October 28 2014, @04:41AM

          by anubi (2828) on Tuesday October 28 2014, @04:41AM (#110753) Journal

          To be honest, I did not know. I gave it a brief look, like evaluating a level-converter chip, saw it did what I needed, and based on seeing it in other products - designed it in.

          I gave it about as much due diligence as designing in a logic gate. My main concern was: did I think I could buy them in the thousands ten years from now?

          This has come back to bite me.

          There are so many things I have taken for granted... and one of those things is that no one in their right mind would build their stuff from the get-go to be bricked. To me it would be like building a bridge with a little lever on the side which when pulled, the bridge would collapse.

          Both FTDI and Microsoft has made an indelible dent in the trust I have and have heavily reinforced how important it is for me to verify every little thing and not take a company's previous reputation and market status that much into consideration.

          The downside is it will take me just that much longer to bring a design to market.

          For now, I have deleted FTDI from all my designs. I am afraid to use them. I will use a generic download cable, as I am very afraid that if FTDI can brick a device remotely, so can a bunch of script kiddies just for the fun of it - or any nation whose operatives may unleash all sorts of bricking codes on the public internets just to create havoc.

          This charade is why I am quite afraid of allowing my work machine to ever see the internet. I cannot trust Microsoft.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]