IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices
from the that's-not-how-it's-supposed-to-work dept
Not this again. For years, we were perplexed by the war on mod chips, which could be used to allow people to play pirated games, but also had plenty of legitimate uses as well, especially for developers and hackers. The same was true of the war on smart card readers. Yes, they could be used to get pirated TV, but they were also useful for lots of other, perfectly legitimate projects as well. The latest, however, appears to be a Microsoft update with some new drivers that were completely destroying devices that have fake FTDI chips. People started noticing that right after the Windows update devices using those chips were suddenly dead. Bricked. It’s not that they wouldn’t connect any more — it’s that the software update actively bricked the devices and you can’t get them back.
FTDI chips are quite popular with hackers and there are plenty of them out there — both real and fake. And, quite frequently, developers/hackers have no idea if their FTDI chips are legit or not, because they just buy devices that include them, and they assume they’re legit. But the drivers in that Windows update didn’t care and bricked any one using a fake FTDI chip. As Ars Technica notes, this really sucks for a bunch of hackers who never even did anything wrong.
The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts. It can be difficult to tell, and stories of OEMs and ODMs quietly ignoring design specs and using knock-offs instead of official parts are not uncommon. As such, even hardware that was designed and specified as using proper FTDI chips could be affected.
Every USB device has a pair of IDs. One, the Vendor ID (VID), is allocated by the USB group. Each vendor has its own unique VID and uses that VID on every USB device it makes. The second is the Product ID (PID), allocated by the vendor, with each distinct chip type having its own PID. Windows uses the VID/PID pair to figure out which driver a given piece of hardware needs. The counterfeit chips use FTDI’s VID and set the PID to the PID of whichever chip it is they’re cloning (FTDI has a range of similar parts, each with their own PIDs).
The new driver reprograms the PID of counterfeit chips to 0000. Because this PID does not match any real FTDI part, it means that FTDI drivers no longer recognize the chips and, hence, no longer provide access to them. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.
It’s not entirely clear if this is something FTDI did on purpose or not (though, their comments below suggest they did), but it is worrisome, and it’s simply not okay — whether it was on purpose (in which case it’s potentially illegal) or not (in which case it’s just bad).
Sherwin Siy, over at Public Knowledge does a nice job explaining why copyright (or other IP laws) are never a legitimate reason to break a device — even if a contract warns it might happen (as is apparently the case with FTDI).
The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do. And if they?re doing this deliberately, this is wrong not just in the sense of being unethical, but illegal, too.
This is something that people seem to forget in the IP space, and also in the technology space, which makes it unsurprising that we see it here. It?s the same impulse that leads people to ask if they can shotgun a drone that strays onto their property (No, no more than you can torch a car that parks in your driveway), or whether you can destroy the computers of people who have illegally downloaded your song.
So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn?t have the right to break them. A French vintner can?t stroll down the aisles of an American wine store with a hammer, shattering bottles of ?California Champagne.? Roving gangs of Nike enforcers can?t rip fake Jordans off the feet of passing kids. And we don?t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.
Unfortunately, in this era of intellectual property maxmalism, people seem to forget these things. They assume that if you have a “fake” chip then obviously it’s “okay” to break the device, because they falsely seem to believe that copyrights and trademarks and the like give the holder “all the rights over everything,” rather than a limited set of rights over certain things. FTDI’s response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose:
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
Honorable intentions or not, counterfeit products or not, actively going in and breaking the property of others is not an acceptable response.
Filed Under: bricking, copyright, counterfeit, drivers, ftdi chips, microsoft update, property, property rights, trademark, update
Companies: ftdi, microsoft
Comments on “IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices”
Yet another reason
And we get to add yet another reason to the lengthy list of reasons why people should avoid Windows.
Re: Yet another reason
Ultimately it doesn’t matter that there are plenty of problems with windows, as long as most businesses use it, and as long as most PC video games only support windows
Re: Re: Yet another reason
Really one of the big reasons windows has been hanging in there was your point of “most PC video games only support windows”.
The really good news is, that is changing. With Steam supporting Linux and many major game makers moving to support Linux as well. I think the end of Microsoft’s reign is within sight. As kids who grew up using Linux move into the workforce Windows will start to loose a hold there pretty quickly. After all, it is an easy decision between at least $200 a copy and FREE. Only thing holding people back is lack of qualified users. Linux gaming takes care of the linux training part….
Re: Re: Yet another reason
Fortunately, we are seeing more and more “AAA” games being ported over to Linux. There is very little reason for most home users to use Windows these days (especially since Windows 8 was released!)…once we have Office 365 accessible on Linux, there won’t be much reason to use it at work, either…other than the entrenched preferences of the IT people who make such choices.
Re: Yet another reason
Indeed. But I’d say that it’s another reason why we need to enshrine into law the simple fact that once you buy a product nobody has the right to do anything to it that may make it stop functioning. And then people would sue (if they aren’t already even without it) and these companies would think twice before doing such thing.
Re: Re: Yet another reason
I agree. In fact, I think that existing laws (should) already cover this. It’s vandalism, pure and simple.
Re: Re: Yet another reason
This is willful destruction of other people’s property. It isn’t just a tort. This is criminal. Someone should be doing some jail time over this.
Re: Re: Yet another reason
It is not “make it stop functioning”.
They have no obligation to support something they did not make.
Re: Re: Re: Yet another reason
Was the device working before the update? Yes.
Is the device working after the update? No.
They absolutely ‘made it stop functioning’.
As others have noted, no, they don’t have an obligation to offer support for something they didn’t make. However, they do have an obligation not to intentionally brick things that they didn’t make.
If they’ve got a problem with forgeries, take it up with the people selling the fake chips, don’t screw over the customers who had no way of knowing, or checking, the validity of their purchases.
Re: Re: Re:2 Yet another reason
Re: Re: Re:3 Yet another reason
“they have an obligation to limit who uses their IDs.”
They have no such obligation, although their desire to do so is understandable.
“Using another vendor’s ID give them control over that device. All FTDI did was take back their ID. “
What does that even mean? The counterfeiters weren’t taking control of anyone else’s device, and FTDI wasn’t “taking back” anything.
But regardless, none of that excuses damaging the property that belongs to other people.
Re: Yet another reason
Sorry, but they provided the driver to Microsoft. The same exact thing could happen on MacOS or Linux if they provide a driver to Apple or a binary for Linux.
Re: Re: Yet another reason
Yes, and I think it might. I generally work with standalone ATMega’s but I use arduino with FTDI to program the atmega. I using linux, but I am afraid that the next time I use the arduino to program the mega, my arduino may be bricked. I try very hard to ensure my arduinos are authentic, but there are a lot of counterfeits out there.
“Honorable intentions or not..” FTDI’s reputation is now shot.
Re: Re: Re: Yet another reason
clarification, I don’t know if this is affecting linux drivers, yet.
Re: Re: Re:2 Yet another reason
This affects Linux only in the sense that, once your Windows machine reprograms the counterfeit device, Linux, Mac OS X and Windows systems (including those that lack the bad driver) correctly fail to recognize the unknown identifier. Linux works fine with a conforming FTDI-compatible chip, whether counterfeit or not. Also, as one comment here speculated and was already confirmed elsewhere, the chip is not technically bricked. It can be repaired in the field with the right software and right information. However, until repaired, it cannot be used with any computer, Windows, Linux, or Mac OS X. Once repaired, it can be used with any of them, provided you do not connect it to a Windows system running the chip-killing driver.
As far as I know, there is currently no automated repair mechanism, so you need a computer which can reflash the damaged chip, you need to know what PID it had before FTDI broke it, and you need to explicitly run the reflashing program with the right inputs.
Re: Re: Yet another reason
This is true, but is far more likely with Windows than with Linux. I don’t know about Macs (it depends on the testing requirements Apple has). The main problem with Windows is that Microsoft does not actually test the drivers for anything other than compatibility prior to inclusion.
In Linux, manufacturer-provided binary blobs are only accepted in a small number of special cases (NVIDA chipsets, certain almost-network chipsets, and certain RAID controllers.) In pretty much every other case, the drivers aren’t provided by the manufacturer at all, and manufacturer-provided or not, there is full source code available. Also, even with the binary blobs, someone other than the manufacturer has actually tested the driver before it gets included in a distro.
Re: Re: Re: Yet another reason
Also, although hardly universal, there is a non-trivial element within the community that for ideological reasons refuses to run blobs even in those limited cases. Members of that group generally take the attitude that, if the device cannot be run with Free software, then it simply should not be run at all. These people avoid nVidia hardware where possible and use the Nouveau (open source reverse engineered) driver where nVidia hardware is unavoidable. Such people would likely be immune to this type of bad behavior, and may even seize upon this to bolster the charge that running non-Free software is a Bad Idea.
Disclaimer: I avoid binary blobs on Linux, but I am not particularly aggressive at pushing others to do the same.
Re: Re: Re:2 Yet another reason
“I avoid binary blobs on Linux, but I am not particularly aggressive at pushing others to do the same.”
Yes, this is my stance. With a single exception, I don’t use binary blobs on my Linux systems at all. I don’t trust them. The single exception is my smartphone — where the binary blob is the software that implements the actual cellphone functionality and there is no alternative.
Re: Re: Open Source
This sounds like the PERFECT reason to only use Open Source software on Linux. 🙂
Re: Re: Yet another reason
Most drivers in Linux are NOT provided by the hardware vendor. This actually works out better the vast majority of the time.
Re: Re: they provided the driver to Microsoft
And Microsoft requires that all drivers for 64-bit Windows be WHQL-certified and signed—by Microsoft.
In other words, there was effectively a message on the end: “I am Microsoft, and I approve this driver”.
Re: Yet another reason
It’s not Microsoft’s fault. They are merely offering the drivers that were provided by the device manufacturer on the Windows Update service (they do this for all manufacturers). This is a service that makes Windows much easier to configure than Linux (try finding some non standard driver in Linux). Microsoft can’t possibly test every possible piece of legitimate hardware–let alone the counterfeits. So how can they be at fault?
Re: Re: Yet another reason
“So how can they be at fault?”
Microsoft has the clout to demand that third-party vendors supply the (compiled) drivers and the source code for them. They also have the personnel and financial resources to review those in depth before releasing them. So why don’t they?
Re: Re: Re: Yet another reason
They do check. They don’t have the personnel and resources to test every possible hardware configuration. And how would they test the fakes?
Add in the fact that the newer drivers for the real chip were already breaking the fake ones without changing the hardware PID of the fakes. All that changing the Hardware PID of the fake chip does is let the FTDI’s support staff see that the non functional chip is a fake.
Does it suck? Yes. Could FTDI have done something else to identify the fakes? Maybe. But these chips are buggy as hell even when they were semi-functional with FTDI’s drivers (they were not a counterfeit with the exact design of the original, but a cheap hack pretending to be something that it is not). This will hopefully stop shoddy manufacturers from using the fake chips just to shave a couple of cents off of manufacturing costs.
Re: Re: Re:2 Yet another reason
“Could FTDI have done something else to identify the fakes? Maybe.”
Not maybe. FTDI has withdrawn their malicious drivers and replaced them with drivers that detect the fakes and refuse to work with them without breaking them. These drivers also warn you that you have a fake chip.
Which is precisely how they should have handled this situation in the first place.
Re: Re: Yet another reason
“It’s not Microsoft’s fault.”
Microsoft signed the off on the driver, certified it and then distributed it. If they didn’t check it, they shouldn’t have claimed that they did.
Re: Re: Re: Yet another reason
Microsoft only checks drivers for compatibility — that is, that the drivers won’t make Windows malfunction. I’m sure that the drivers meet that standard. If so, Microsoft didn’t screw up the validation.
Re: Re: Re:2 Microsoft only checks drivers for compatibility
Then why is it called “Windows Hardware Quality Labs”, not “Windows Hardware Compatibility Labs”? Clearly, Microsoft are claiming to certify the drivers for quality, not just compatibility—it’s right there in the name.
Re: Re: Re:3 Microsoft only checks drivers for compatibility
Actually, it used to be called compatibility, but they changed the name. You’re putting too much importance on the name, though. If you’re going to say that the name is chosen for its literal accuracy, then WHQL would be certifying the hardware, not the drivers.
Re: Yet another reason
Not Really…
This hardware-bricking driver “update” is entirely on FTDI.
I’m even sympathetic to their resentment of counterfeiters. In some sense I’m even sympathetic to their resentment of clones and “freeloaders”. But I’m NOT sympathetic to FTDI designating any and all “unapproved” clones as “counterfeit” — clones and “freeloaders” are the inevitable consequence of being a market front-runner. They might not like it, but that doesn’t give them the right to play judge, jury, and vigilante.
FTDI knowingly and maliciously designed this driver to behave this way, and passed it on to Microsoft. Windows was merely the mechanism to deliver this malware to end-users, and in this case Windows Update was behaving precisely as designed, and as it should.
Now then, I’ve been using Linux for nearly 15 years, and I’ve despised Windows (and especially Microsoft) for longer than that… So I would most cheerfully take advantage of a legitimate opportunity to trash Microsoft — unfortunately 🙁 this is not that opportunity. This is all on FTDI.
Re: Yet another reason
FTDI tried (and failed) to get the same driver mods pulled into the Linux kernel.
The code there shows the bricking is deliberate – write something that the real chip will ignore, but fakes will act on.
At the very least FTDI employees have committed criminal acts under the UK’s Computer Misuse Act and a more likely result will be FTDI’s exit from the usb-serial market entirely.
Uh-oh...a "cyber Pearl Harbor"!
I expect to see a full-scale military response from the DHS any minute now.
If they’re done playing with their new underwear, that is.
Re: Uh-oh...a "cyber Pearl Harbor"!
Maybe they can just roll out in their new underwear, worn on the outside of their outfit of course. They seem to have grand delusions they are superheros after all, so the underwear is a key part of the outfit.
Re: Re: Uh-oh...a "cyber Pearl Harbor"!
Well…we’ve been treated to an endless litany of fear-mongering from people in and out of government, all stoking the machinery of fear in order to justify massive spending and the systematic shredding of the Constitution. Now here we have a real live honest-to-goodness incident where attackers have deliberately physically destroyed hardware on a mass scale. We know they did it. We know why they did it. We know who they are. We know where they are.
So why isn’t a SWAT team kicking down their door at this very moment and beating, tasering, pepper-spraying, and tear-gassing the employees of that company? (And arresting any survivors.) You know damn well that if this had been done by J. Random Hacker that this is exactly the sort of response that would ensue, so why not in this case? Do they get a pass because they’re a corporation? Or do they get one because they’re waving the “IP” banner?
Re: Re: Re: Uh-oh...a "cyber Pearl Harbor"!
“So why isn’t a SWAT team kicking down their door at this very moment and beating, tasering, pepper-spraying, and tear-gassing the employees of that company?”
Too busy collecting the credit card info, names and addresses of people buying infringing underwear. They’ll be right along after raiding houses, tumble-dryers, washing machines, underwear drawers, and forcibly stripping the real criminals. Priorities man, priorities.
I don’t know about this. While some of the device manufacturers may have been duped into using counterfeit FTDI chips, others likely turned a blind eye. If you’re a shopkeeper and someone passes you a counterfeit note should you be able to use it to give change if it being counterfeit is discovered? It seems like a bit more vigilance by the initial purchaser of the chip is in order
Re: Re:
If you accept a counterfeit note, you cannot legally use it in a transaction once you know it is counterfeit. This does not, however, give the mint the right to set your wallet on fire.
Re: Re: Re:
No but the Secret Service will most certainly empty your wallet of any counterfeit notes and burn them later.
Re: Re:
not sure you got the gist of this.
It is just simply not possible for the vast majority of people to even know or be able to determine if the hardware they just purchased is legit or not. And neither should that be “actively” PUNISHED for it.
And most important of all… when you buy a piece of hardware you are supposed to own it… not freaking Microsoft, Sony, or Apple. And it should be considered criminal for them to brick any device because they did not like it! They have a solution… deny access to their networks.
Re: Re: Right to the family jewels.
It’s almost like they should have informed the end user that they have been a victim of counterfeiting instead of just summarily destroying their hardware.
Re: Re: Re:
And since they purchased the hardware they almost surely have a cause of action for breach of contract against the seller. Rather than railing against the rights holder, why not rail against the seller who sold the product to the customer?
Re: Re: Re: Re:
Perhaps because it wasn’t the seller who actively engaged in outright vandalism. Maybe the customer has cause to sue the seller (although it’s rather doubtful that the seller knew that counterfeit chips were in the device, so I’m not sure that would go anywhere) — but that doesn’t and shouldn’t let FTDI off the hook for their own criminal behavior.
Re: Re: Re:2 Re:
What criminal act specifically did the company commit? Not saying that they are blameless, but only trying to identify with specificity what crime is being complained of.
Re: Re: Re:3 Re:
Vandalism: intentionally destroying or defacing other people’s property.
Re: Re: Re:
Yes, you own it.
You don’t have any right to demand support from someone who did not make it.
Re: Re: Re: Re:
Who’s making such a demand?
Re: Re: Re: Re:
This is the second time you’ve made this type of comment.
The driver did not say “I’m not going to recognize this device.” It said “I’m going to reprogram this device so no driver can recognize it.”
Not allowing someone to stay in your hotel because you suspect they’re using the room to have an affair is not the same thing as forcibly putting them in a chastity belt.
Re: Re:
“It seems like a bit more vigilance by the initial purchaser of the chip is in order”
If by “initial purchaser” you mean the OEM, then I agree totally. But that still doesn’t excuse destroying the chip for the end user. If you mean the end user, then I disagree as there is no reasonable way that the end user can know if the chip is counterfeit or not.
Re: Re: Re:
Yes. OEM. I’d guess once their devices no longer work, they’ll have a greater incentive to be vigilant.
Re: Re: Re:
Actually, according to the ARS article, the chips CAN be identified quite easily, assuming, of course, that the end purchaser knows the bloody thing is even in their new toy. The fake chips are identified by PRINTED labels whereas the true chips are laser etched.
Then again, who does a chip-level inspection of a new device before purchase? That involves opening the thing up and possibly voiding the warranty. I certainly don’t.
Re: Re: Re: Re:
One particular kind of fake chip has printed labels. One particular kind of legitimate chip has laser etched labels.
We don’t know if:
a) There are fakes which are laser etched;
b) There are legitimate chips which are not laser etched.
Manufacturing isn’t static, designs change. One genuine chip might be made on a factory which laser etches the label, while another genuine chip (with the same design, perhaps even with wafers from the same factory) is made on a different factory which prints the label.
Re: Re: Re: Re:
So long as it is not buried in plastic, or in a difficult to open enclosure. Even then, they have to know which chip it is on the the board, and if it is a surface mount chip, they probably need a magnifying glass to read the bloody label, and maybe a movable light source to get the contrast up to where the label is readable.
Hmm, if all the FTDI drivers are doing is reprogramming the PID ot 0000 then it should be a simple hack to detect this invalid PID and reprogram the PID to the “correct” value – so long as the host-side USB controller will talk with a device with 0 PID.
Re: Re:
That “Report” was an OOPS, not a real report. Sorry.
Re: Re: Re:
… no. The real driver would simply reprogram it back to 0000 again. A driver replacement is necessary (and has since been released) which won’t do this.
As this chip is used by Arduino and the like, there are many small businesses that will likely have unhappy customers, and probably no easy way of checking for the impacted chips in in stock products. So it is not just the users that are impacted, but also a lot of small businesses.
http://hackaday.com/2014/10/24/ftdi-screws-up-backs-down/
Re: Re:
It’s good that FTDI backed down. Now, are they going to replace the equipment they destroyed?
If you accept a counterfeit $100 bill and its detected, you are out the money. If you buy a counterfeit handbag cops can confiscate it.
Just know what you are buying. Why do you think it should be different in the digital world?
Re: Re:
Yes.
In both of those cases, the police can confiscate the items.
The manufacturer who’s IP rights MAY have been violated CANNOT confiscate them. When the police confiscate them – they become evidence in a trial, then people can argue and someone can mount a defense – none of that due process is happening here, the manufacturer is simply detecting and disabling something someone else owns.
Re: Re: Counterfeit is irrelevant.
This is the age of civil forfeiture.
Cops can seize your money, wallet, penguins, whatever regardless of whether it’s counterfeit.
Re: Re:
if I go into a major retailer and buy a USB to serial cable, how am I to peek inside the molded plastic and identify the fake chips before I buy the cable?
I have no way to identify fake chips inside equipment.
The retailer has no way of identifying fake chips inside equipment.
The manufacturer may know that there are fake chips in the equipment, or they may have been duped by a supplier.
The supplier probably knows that the chips are fakes.
So I’m expected to dig three levels deep into the supply chain just so I don’t have to worry about some software update bricking my $20 cable?
Re: Re: Re:
If it doesn’t work take it back to whoever sold it to you.
Don’t ask someone who did not sell you anything to help you out.
Re: Re: Re: Re:
No one is asking FTDI to help them out. They’re asking FTDI to not go out of their way (spending time and money) solely to do something that offers no benefit to consumers while offering drawbacks to consumers.
Since that logic is pretty sound, that’s exactly what FTDI did- after they spent the original time and money. They could have saved resources and avoided uproar.
Re: Re:
If you accept a counterfeit $100 bill and its detected, you are out the money.
Not in Canada, Take it to the nearest bank.
Re: Re: Re:
God, Canada rocks. I’m so jealous of you guys in so many ways.
Re: Re: Re: Re:
No need to be. Our Government is worse in that they are playing follow the leader. We just lag along behind you.
Don’t you use fiat money? Then your Government is obligated to honor it. It isn’t your fault if it is easily copied.
Re: Re: Re:2 Re:
“Don’t you use fiat money? Then your Government is obligated to honor it.”
Not if the government is the US. If you get a counterfeit bill, you lose. You’re supposed to turn the bill in to authorities, but the only thing you’ll get from doing that is a thank you.
That said, I have never seen or possessed a counterfeit bill to the best of my knowledge. By the same token, I don’t exactly examine the currency in my possession to find the fakes. The law is that you aren’t committing a crime when spending counterfeit money unless you are aware the money is counterfeit. If I find a counterfeit bill in my wallet, I suffer an immediate financial loss, so it’s in my best interest to not look too hard.
Re: Re: Re:3 Re:
“If I find a counterfeit bill in my wallet, I suffer an immediate financial loss, so it’s in my best interest to not look too hard.”
How’s that for the creation of a patriotic society? Thanks, government friends!
Re: Re:
Well, this is the equivalent of a fashion designer sending hit teams to schoolyards that cut counterfeit clothes into shreds when they see someone wearing them.
Need to stop it before it spreads...
… Look at our history here folks. Where would we be if Chevrolet, Ford, Dodge, et al had gone around the country and “bricked” every car that every enthusiast “modded”. Accel, Crane, Cragar, Edelbrock, Holly, Hurst, Weiand.. NASCAR… none would exist. And most of those mods were done LONG BEFORE THE CAR WAS PAID OFF! Hell, Oldsmobile even bought the parts and put them on in the factory – look up “Hurst Olds” if you don’t remember.
You wouldn’t have the PC’s you have today if it weren’t for “modders”. Turtle Beach – Hayes – NVidia – all started with boards to “mod” the PC you bought.
So… when did this lunacy start? And who needs to be shot to stop it?
Re: Need to stop it before it spreads...
Apple? at least thats a good start.
Re: Need to stop it before it spreads...
“So… when did this lunacy start? And who needs to be shot to stop it?”
Congress.
Re: Need to stop it before it spreads...
“Where would we be if Chevrolet, Ford, Dodge, et al had gone around the country and “bricked” every car that every enthusiast “modded””
There was indeed a huge fight, starting in the 1960s hot-rod era, when Detroits’ Big Three automakers tried to kill off the aftermarket parts industry, basically by saying that if a car owner put a single non-OEM part on his car, then the entire warrantee was null and void. And not just for things directly related to the part (say like a leaking oil gasket causing clutch failure) but anything and everything on the car completely unrelated to that part. So taking your new Ford to the dealer to have the air conditioner fixed, and they see it has non-factory wheels and tires, then they could flatly refuse to do warantee work on the A/C (at least in theory) despite that the two things have absolutely nothing to do with each other. It was not just a matter of whether the automakers carried through with their threats or not, since most people believed they would, as that’s what the dealers would (unsurprisingly) tell them all the time.
The early ’70s Magnuson–Moss Warranty Act put a stop to that practice by forcing automakers to accept owner-installed parts made by aftermarket companies. Ironically, the automakers ended up buying up many of the companies (and incorporating their products and operations) that they had earlier argued were making dangerously defective products, when they were trying to shut them out and kill them off.
But that was an entirely different era, individualism was in fashion, the Cold War was at its height, monopolies were still being broken up by the government, and anthing with a whif of top-down control smacked of communism or corporatism. It was an era when small private companies flourished, and the US government tended to side with small upstart innovators –and especially consumers– rather than being bowled over by the “too big to fail” behemoth corporations, which as we’re all painfully aware is the government’s operating environment today.
Downstream responsibility
‘If you accept a counterfeit note, you cannot legally use it in a transaction once you know it is counterfeit.’
Passing on counterfeit currency as real money is fraud, and even without a specific ban on counterfeit money the act of obtaining anything of value by false pretenses should with appropriate limitations and caveats still be illegal.
However, what does use in a transaction mean regarding downstream responsibility for all actors?
If I haven’t paid for a counterfeit watch but gotten it as a gift, I haven’t deceived anyone or disturbed the legal market in any way.
The only plausible argument for downstream responsibility for the enduser whom may not even be synonymous with the original buyer is third or fourth party liability which is really troubling given the multiplicity of possible IP claims.
If one chip in my computer is counterfeit, or the embedded software in my pacemaker is subject to a valid IP claim, am I liable after being aware of the illegality, and I continue to use the product?
It’s really a logic that ain’t far from reality and drives me to the IP abolition camp.
Re: Downstream responsibility
“the act of obtaining anything of value by false pretenses should with appropriate limitations and caveats still be illegal.”
Well crap! Guess that means no more sex for me.
Re: Re: Downstream responsibility
Well, you know the tale of Hansel and Gretel. You have to give back any orgasms faked with a bone rather than a boner.
So I guess I can’t chance updating my system then? Thank-you for keeping everyone safe and secure.
“…this is wrong not just in the sense of being unethical, but illegal, too”
How about dangerous? How does the manufacturer know their chips aren’t being used in medical devices or safety equipment? What about mission critical applications? it’s not just unethical, it’s negligent.
Re: Re:
“How about dangerous? How does the manufacturer know their chips aren’t being used in medical devices or safety equipment?”
Kill a few people and maybe others will learn proper respect for copyrights.
/s
Re: Re:
God I hope they’re not. The fakes are horribly buggy and would be dangerous to use in any life critical device.
Re: Re: Quality Assurance is not one of the sector's strong points.
The reals are horribly buggy and would be dangerous to use in any life critical device as well.
so, who’s going to instigate the ‘Class Action Law Suit’ then? it’s only something like this that they and others in this ridiculous copyrighted world understand. think just for a second how FTDI does and would act if their stuff was hacked. i’m not condoning the manufacture of counterfeit parts, but the company whose goods have been copied, should not have the right to destroy anything.
then look at things in the other light. what is actively happening when a web site is accused of selling counterfeit and/or copyrighted items? the web sites are closed, almost instantly. when something like this issue happens, there is never a damn thing done in retaliation by the courts. they all seem to be waiting for it to happen and are thinking of ways what has happened can be twisted round so the perpetrators, the genuine maker/seller, can be let off, scot free!!
Re:
‘In both of those cases, the police can confiscate the items.’
So you are seriously arguing that the police could forcibly remove the pacemaker or medical equipment from anyone if there was an infringement of IP?
Let’s consider a hypothetical, I buy a knock off medical device from China because I suffer from a disability or a cronic disease and the counterfeit works.
Whether I am aware of the infringement is an issue but let’s assume I am not aware at the time of purchase.
Suddently the IP owner files a lawsuit and requests a seizure order and gets my address.
Are you seriously arguing that (1) my medical device should be confiscated regardless of the consequences for my life or health, and/or (2) there should be a viable legal claim against me for infringement of IP if I was aware of the infringement?
Re: Re:
“Are you seriously arguing that (1) my medical device should be confiscated regardless of the consequences for my life or health, and/or (2) there should be a viable legal claim against me for infringement of IP if I was aware of the infringement?”
Under copyright law, you don’t even have to be aware in order to be liable.
They did it on purpose
> FTDI’s response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose
There’s no doubt they did it on purpose. Someone reverse-engineered the bricking routine from the driver. It unconditionally writes 0 to the PID and a matching value to the checksum, but does so in a specific way that fails to write on genuine parts*.
There’s no legitimate purpose for the bricking routine. It’s a no-operation on genuine parts. It’s not “something useful the driver does which happens to do the wrong thing on non-genuine parts”. The only possible explanation for the existence of that routine is to zero the PID on counterfeit or compatible parts**.
* From what I could understand, the genuine parts can only write to the EEPROM in 32-bit units, sent as a pair of 16-bit units. The bricking code sent only one of the 16-bit units, so the write never happened. The compatible parts write each 16-bit unit as it’s received, so the write happened.
** My guess as to why they only erased the PID, and not the VID: due to word alignment, if they erased the VID it would happen even on genuine parts. Luckly, this makes it easier to recover: if the VID is FTDI and the PID is zero, it’s a part which used to have a PID of 6001 but was bricked. The Linux driver has been patched to recognize a bricked part as a valid FTDI part.
Re: They did it on purpose
I wondered if other drivers would be patched.
re:
‘Under copyright law, you don’t even have to be aware in order to be liable.’
Then I propose a new business method:
Sue the owners of cheap medical devices i.e the blind, deaf, or parapletic but be kind and offer them a settlement of $100 to settle the claim.
If you do not have to be aware of the infringing nature of your hardware, or if one algorithm violates a patent, you should be happy that the generous IP owner will offer you a
settlement in exchange for continued enjoyment of his property.
Downstream responsibility for IP claims is really a ticking timebomb.
The mouse and keyboard stopped working on my friend’s Win8 computer after this weeks patch Tuesday. Restarting Win8 doesn’t help. My friend even bought a new mouse and keyboard, but the new ones didn’t work either. Win8 is stuck on the date/time login screen and none of the Human Interface Devices (HID) work.
I wonder if this is related to FTDI’s cyber attack. I’m glad I run GNU/Linux and don’t have to worry about cyber sabotage operations being carried out by rogue chip manufactures.
Re: Re:
Your friend’s response to the post-update failure was to replace the mouse and keyboard? That seems like a pretty huge jumping of the gun.
Your friend can do two things: if he just wants to check if the mouse and keyboard have been affected by this, have him plug them into your Linux machine and see if they work there. If they do, then the problem is something else.
In the end, your friend will need to roll the update back out. The lack of HID devices is a problem, of course. He’ll probably have to use some sort of recovery disk to do it (unless he’s lucky and has an old-timy serial port and a serial keyboard. If so, that might work.)
This might be worth a call to Microsoft.
Won't this drive business away from FTDI?
Most people who are going to read the articles and ask, “Who’s chip does this use?” And pretty much everyone will say, “Oh these are FTDIs!” whether or not it’s true.
So won’t the result have people shying away from any of their chips in the future?
Seems like another reason why killing the devices is a bad move.
Downstream responsibility
Actually, there is controversy over the proposition that obtaining sex by false pretense is a kind of rape which should be punished by the state.
Some states have considered if not enacted such legislation.
But what I meant by value in this context was only economic value.
there is a place to work this out...
For the FTDI guys to go after those acting in bad faith would be logical, but targeting consumers that acted in good faith with their purchases is hopefully illegal. This is destruction of property.
And let us not forget what paragon of reliability is deciding what property to respect and what to trash: Microsoft. As others have mentioned, this is one of many reasons to avoid Windows. Are there any reasons left to stay? My luck has been that even wireless cards work smoother now with Linux now than with Windows 7.
Last night, my youngest son was happydancing over Counterstrike having been ported over to Linux, but he said that my computer probably would have trouble, since it is a few years old with an outdated video card. Nah, it runs rings around a fresh Windows 7 box.
I’m afraid I’ve become somewhat hardened, though. For those people losing hardware because they plugged into a device running Windows, they may have been truly wronged, but they were also asking for it. … and NO, do not try to compare this to any other ‘asking for it’ analogies. Recovering a lost electronic device is nothing like assault or other injury. For that matter, I would say that a case of critical medical device failure should lie with the hospital or doctor involved. If a patient dies because someone plugged an FTDI device into a Windows box, then the plugger should be charged, as well as the IT ‘professionals’ that allowed Windows in as a spec.
Re: there is a place to work this out...
Yeah. Much better someone’s vital organs get bricked and someone in the financial department get fired than take a chance that doctors and nurses might all ignore a “counterfeit component detected, please replace ASAP” message box.
Epitaph: “It ain’t so bad… The IT guy had to take a pay cut.”
Re:
‘Do they get a pass because they’re a corporation? Or do they get one because they’re waving the “IP” banner? ‘
Yes to both, barring outright bribery which is rare, the legal system and government have difficulty stopping inherently bad actors exploiting corporate status and enforcement of intellectual property for their own ends.
The courts were happy to nail Prenda, but they were only able to do so after a long time because Prenda made a lot of other obvious stupid missteps which weren’t germane to the legality of their copyright trolling operations.
Prenda waged a dirty pay up or else campaign against alleged file sharers, but RIAA did exactly the same but in a more ‘legal’ manner and got away only with a bloody nose.
Ignoring the important point
I think the important point is being overlooked; specifically:
This reveals that it is possible to permanently brick any USB device by software command.
This is a lovely target for both malware and planned obsolescence.
Re: Ignoring the important point
“This reveals that it is possible to permanently brick any USB device by software command.”
This isn’t really news. There are hundreds of ways to subvert USB devices like this, but no single technique will work on all devices. For even more fun, it’s also possible to put malware into many USB devices and subvert machines that they plug into. There have been a few viruses that have spread through keyboards and mice this way.
Re: Ignoring the important point
Not any USB device.
The FTDI devices have an EEPROM (a small amount of nonvolatile memory, a few hundred bytes) which stores configuration parameters. The “bricking” in this case is overwriting a few of these bytes with an invalid value.
Other USB devices have firmware in nonvolatile memory, and most of these are updateable via USB. Send an invalid firmware to them, and they are bricked.
A few USB devices might have invalid states which can cause physical damage to the device (for instance, setting an output GPIO to “high” while the device’s board has it tied to ground).
But if none of these cases apply? Then the device cannot be permanently (or even temporarily) bricked by software command. I don’t know how common these resilient devices are (updateable firmware can pop up in the most surprising places), but they do exist.
Re: Re: Ignoring the important point
“I don’t know how common these resilient devices are”
Not as common as they should be. This problem with USB controllers is commonly discussed in security circles and is considered a “hard problem” because of how common it is, how difficult it is to get hardware manufacturers to take it seriously, and how hard it is to convince people to throw away their perfectly functional devices and replace them with ones that are more secure.
Re: Planned Obsolescence
A strategy that Microsoft has used before, and suffered for it.
Remember Zune?
Re: Ignoring the important point
No. Because the device is not really “bricked”. All the driver update does is change the Hardware PID that identifies what it is. The device still works, the drivers just no longer identify it as valid for that driver. Most if not all other consumer hardware does not have changeable PIDs.
I smell an opportunity
As this seems to affect the hacker hobbyist using the do it yourself development kits…
perhaps they could kickstart and create an authentication system using those development kits to help IT/service departments around the world verify components, their authenticity and their applicable license.
Heck governments, companies alike could add their use into purchasing contracts.
Someone with the know-how go make some money and make this happen.
'
And since they purchased the hardware they almost surely have a cause of action for breach of contract against the seller. Rather than railing against the
rights holder, why not rail against the seller who sold the product to the customer? ‘
Two wrongs do not make a right.
Do you know that the actual user affected is the same person who is responsible for buying the product alleged to be counterfeit?
Even assuming that the product is counterfeit, the rights holder is not the government and has no authority to stop the end user from enjoying any product prior to a judicial ruling.
Do you know whether possession or use of a counterfeit product is illegal in all nations affected by the action?
Do you know whether the fact that a product is counterfeit bars all tort actions for incidental destruction of property?
Well, it was before the DMCA came around. Now, though, between the DMCA Takedown system and the protection of DRM, IP vigiliantism on digital devices is firmly enshrined in law.
This is what I’ve been saying for years: unless the DMCA is repealed and replaced by something that affirmatively protects the rights of computer owners as the first priority, acts like this will inevitably continue. This isn’t the first time it’s happened (multiple gaming DRM systems have broken CD/DVD burners in the past) and it won’t be the last, unless we get rid of the DMCA.
This update bricked one specific chip. But a lot of computers these days are being sold with a TPM, an incredibly sinister chip that integrates DRM into the entire system. Just imagine the ramifications! Some people worry about the government of Iran getting nuclear weapons. I worry about them infiltrating a single engineer into the right division at Microsoft.
Re: Re:
” I worry about them infiltrating a single engineer into the right division at Microsoft.”
This.
Everyone who thinks that the Iranians, Russians, Chinese, Israelis, French, Germans, Japanese, Turks, and everyone else haven’t already had a serious discussion about trying this…or haven’t already done it…raise your hands.
Implausible? Feh. The intelligence agencies of every major nation routinely infiltrate each other. Getting an engineer into Microsoft or Google or Twitter or Oracle or wherever is child’s play by comparison. It’s such an obvious, cheap, low-risk, high-reward strategy that there is no way they’ve all passed it up.
legally speaking…
how is this extremely different than
DHS revoking the DNS entries of stores selling counterfeit products, (https://www.techdirt.com/articles/20140701/17420627752/feds-seize-domain-social-network-sex-workers.shtml), or legitimate products thru unauthorized channels (https://www.techdirt.com/articles/20101213/09353512255/supreme-court-ruling-you-may-not-be-able-to-legally-sell-product-first-made-outside-us.shtml)
or todays Aereo ruling: https://www.techdirt.com/articles/20130927/14101224679/comcasts-ceo-as-long-as-i-keep-saying-aereo-is-illegal-sooner-later-someone-will-believe-me-right.shtml
haven’t we established that it is legal to (cripple, disable, break) services or equipment that you just don’t like?
Just in case anyone needed one more reason to not use anything Microsoft makes.
Where are these chips used?
I’m concerned about where these chips might be used and then disabled. Could they be used in:
– Equipment at police departments and fire departments for emergency response purposes?
– 911 systems?
– Building alarm systems?
– Medical devices in hospitals’ emergency rooms, operating rooms, intensive care rooms where failure could cause death?
and the list goes on.
I’m not sure widows operates some of these devices and would be connected to the Internet for update. Both producers of the fake devices, if they could be discovered, and the company writing the stupid dll should be in deep trouble if serious problems resulted form their actions.
Re: Where are these chips used?
yes, possibly all of them. Anywhere where a cheap, simple serial(TX and RX) needs to interface with USB.
Re: Where are these chips used?
So what?
If important services buy defective devices, that is their fault for doing so in the first place.
Re: Re: Where are these chips used?
If women wear low cut tops, it’s their fault for doing so in the first place. They should understand how important it is to prevent rape.
Re: Re: Where are these chips used?
you are disgusting and do not deserve to exist on this earth.
Who cares if it kills people, so long as IP is not abused?
Disgusting.
counterfeit electronics are the real problem
The problem with counterfeit chips is now coming to the mainstream, apparently. Good, this day has been too long in coming. Perhaps we’ll actually get enough people to care to start fixing the problem.
Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers? Why they shouldn’t attempt to detect fakes and lock them out? After all, it is their business and their reputation on the line with the counterfeit chips, even though they had nothing to do with them.
To BentFranklin: I would hope that people who build safety critical and medical electronics verify their supply chains. They’re required to for certification.
Anyway, if you want to see the difference between a real FTDI chip and a fake FTDI chip, there’s an interesting teardown (with die photos) here: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal
Re: counterfeit electronics are the real problem
I suspect I’m being trolled, but on the off chance you are this clueless:
No one says they should be required to have the driver make the counterfeit work as well as the original. Everyone is saying that FTDI has an obligation not to knowingly damage or destroy hardware, whether legitimate or counterfeit. Detecting a fake and refusing to use it is fine. Detecting a fake and actively modifying it to ensure it cannot be used elsewhere is not fine.
Yes, their reputation is on the line with this. They have seriously harmed their reputation by pulling such a braindead stunt.
Re: counterfeit electronics are the real problem
Re: counterfeit electronics are the real problem
Okay, I have gone back and done some more reading on the new drivers they put out. I was thinking they were still using the old tactic (only writing zeros to the fake devices).
resetting the PID to all zeros is annoying, but it’s not fatal. If you know what you’re doing, you can get by the solf lock and, using teh old FTDI drivers, still use the device.
My point still stands, though. Would you have FTDI just sit aside and do nothing while their business is eroded by Chinese counterfeiters and companies that don’t want to pay the few extra cents to buy a genuine chip? There’s nothing stopping the manufacturers of products with the fake chips in them from releasing their own drivers that continue to use the chip, or use the bricked chips with the zeroed PID. They just want to use the money that FTDI is investing in developing their own drivers while not paying FTDI for the chips. That seems underhanded to me.
Re: Re: counterfeit electronics are the real problem
“resetting the PID to all zeros is annoying, but it’s not fatal. If you know what you’re doing, you can get by the solf lock and, using teh old FTDI drivers, still use the device.”
But if, like the majority of people, you don’t know what you’re doing, then they have effectively destroyed your device.
“Would you have FTDI just sit aside and do nothing while their business is eroded by Chinese counterfeiters and companies that don’t want to pay the few extra cents to buy a genuine chip?”
No. But if the choice is between doing nothing and damaging other people’s property (which it’s not), then doing nothing is the only ethical and legal option. Why do you think that FTDI has any right whatsoever to break stuff they don’t own?
Re: Re: Re: counterfeit electronics are the real problem
“But if, like the majority of people, you don’t know what you’re doing, then they have effectively destroyed your device.”
If you are stupid, and a thief, that’s your problem.
You should go to the crooks that sold you the fraudlent equipment, since the legitimate owner owes you nothing.
Re: Re: Re:2 counterfeit electronics are the real problem
So, you’re saying that people who buy things in retail outlets are stupid and thieves? Interesting.
“the legitimate owner owes you nothing”
The people who bought the equipment are the legitimate owners. I’m not so sure why this is so difficult to understand. It’s not a matter of people I assume you mean, FTDI, owing anything to the customers, it’s a matter of FTDI not intentionally destroying things they don’t even own.
Re: Re: counterfeit electronics are the real problem
“They just want to use the money that FTDI is investing in developing their own drivers while not paying FTDI for the chips. That seems underhanded to me.”
That used to be the way science progressed. All the time.
Re: counterfeit electronics are the real problem
“Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers?”
Nobody is saying that they should be. And they aren’t.
“Why they shouldn’t attempt to detect fakes and lock them out?”
If by “lock them out” you mean to FTDI making their drivers so they won’t work with counterfeit chips (just like they’re now doing since they got caught), then there’s no issue with that at all.
If by “lock them out” you mean altering them so that they no longer function properly at all, then the reason they shouldn’t do that is because those chips are not their property. They have no right to break equipment they don’t own.
Re: Re: counterfeit electronics are the real problem
They do if they say so in their license agreement.
Whether they do or not I do not know.
Re: Re: Re: counterfeit electronics are the real problem
No, they don’t. I would be very surprised if a license agreement that says “by using this software, you are granting us the right to destroy your equipment whenever we wish” would be legally enforceable.
Re: Re: Re: counterfeit electronics are the real problem
I found the term in teh EULA that FTDI was pointing to:
However, that doesn’t get them legally in the clear. That’s a disclaimer that the software was not certified for use on such components and may damage them as a result. It is not a statement that gives them any kind of right to intentionally damage your equipment. I’m also interested in the first part, about how the license only gives you the right to use the driver with genuine FTDI components. That seems like it would render the clause void because it’s asking users to accomplish the impossible. How is an end user supposed to know if their device contains a counterfeit chip?
This action by FTDI was so egregious, malicious, and disdainful of end users that I am hoping they get slapped hard in a court of law.
Re: Re: Re:2 counterfeit electronics are the real problem
Not to mention that the Windows users who got the malicious driver in the windows update were not given the option to see this new EULA clause, and in many cases, don’t immediately see that the driver was even downloaded due to it being in a more obscure subset of Windows Update specifically for drivers. This isn’t something put in a click-through agreement that the user might ignore; the EULA wasn’t given to them in the first place, so there’s no reasonable expectation that the user would know about or agree to it, and so be bound by it.
Re: Re: Re:2 counterfeit electronics are the real problem
Hanlon’s Razor: Never account to malice what can be readily explained by stupidity (or ignotance, as the case may be).
FTDI cannot possibly know how each of the counterfeits is made. In a good design, the VID and PID should not be able to be changed post manufacture. The genuine FTDI chips have this stored in a bit of EEPROM either located in the package (As in teh FT232) or external (as in the FT2232). I’d have to check my programming manuals, but i don’t think this is modifiable from the USB interface. It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all.
FTDI’s setting the PID to 0000 is questionable, but I think it was done as a matter of something that worked to prevent communications with the counterfeits, and they couldn’t possibly test it with all variants of the counterfeits to ensure that there were no problems in the wild (such as soft locking some of the counterfeits).
With the BadUSB exploit coming onto the market here recently, I think that the emphasis is not on USB manufacturers to do some of their own housecleaning to prevent counterfeit products masquerading as legitimate from becoming an attack vector in the wild. This means 1. being able to detect the counterfeit and 2. stopping communications with the counterfeit.
This is the second attempt that FTDI has issued to prevent comms with the counterfeit chips. The first round, released several months ago, simply sent all zeros along the serial channel. This variant attempted to shut down all USB communications when it detected a fake. Granted, ti was done in a haphazard manner, but that strikes me as just sloppy coding.
I just think that this is representative of the points of view of some people. Companies put fake chips into products on teh market masquerading as a legitimate communication chip. Then, when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer? That just seems damn entitled to me. You’re in effect saying that the legitimate company must test each new driver with potentially hundreds of variants of the fake to ensure that the new drivers don’t do anything catastrophic when used with the sloppily put together fakes. Nobody’s going to do that, and it has nothing to do with IP.
Re: Re: Re:3 counterfeit electronics are the real problem
Re: Re: Re:3 counterfeit electronics are the real problem
“Never account to malice what can be readily explained by stupidity (or ignotance, as the case may be).”
This is provably a case of malice. FTDI’s driver has been reverse engineered, and the code makes it clear this was an intentional operation aimed at a particular counterfeit.
“It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all. “
True, it should not be modifiable, but in nearly every USB controller (including FTDI’s chips), it is.
“FTDI’s setting the PID to 0000 is questionable, but I think it was done as a matter of something that worked to prevent communications with the counterfeits”
You know what works just as well? Their driver simply refusing to talk with the counterfeit, perhaps while also warning the cuser of the counterfeit’s existence. There’s no need to damage the device. In fact, now that FTDI has been caught, this is exactly what their replacement drivers do. And even if that wasn’t an alternative, it’s still very much the wrong thing to intentionally damage other people’s equipment.
“I just think that this is representative of the points of view of some people.”
And those are people whose equipment and software can’t be trusted.
“when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer?”
yes indeed, because it wasn’t a side-effect. It was absolutely an intentional effect. Going after them for this is entirely appropriate.
“That just seems damn entitled to me.”
So, expecting that nobody is going to come onto my property and smash things up now considered “damn entitled”?
“You’re in effect saying that the legitimate company must test each new driver with potentially hundreds of variants of the fake”
Not at all. Where do you get that from? Again, this wasn’t some kind of incompatibility or accident. This was an intentional act.
Re: Re: counterfeit electronics are the real problem
Re: Re: Re: counterfeit electronics are the real problem
“FTDI has the right to remove their ID’s from counterfeit hardware.”
No, they emphatically do not have that right. It’s not their hardware, and they have no right to modify it. What they have a right to do is to sue the companies that are using counterfeit chips and to have their driver refuse to talk to counterfeit chips.
They don’t have the right to damage other people’s property.
I am utterly amazed that anyone supports a company breaking other people’s things. Would you be so cavalier if Firestone discovered that you had counterfeit tires on your car and slashed them in response? It’s exactly the same thing.
Re: Re: Re:2 counterfeit electronics are the real problem
It’s not the first time this sort of thing has been done. One of the early CD-writing softwares, CDRWin, became famous because of it’s below-the-belt tactics deployed against suspected warez users. If CDRWin detected a “pirated” serial number, it would accept it and run, but intentionally burn bad CDs. This was way back when a blank CD cost several dollars apiece. So a warez user (or perhaps some poor sap who bought a counterfeit disk, or even mistyped the serial number) would soon end up spending far more money than if he’d legitimately paid for the software.
This was shocking news back in the 1990s, but maybe other software companies have done similar things since then.
some things wrong with this article. First, it is untrue that the devices are hard bricked. They can be recovered.
Second, the VID and PID are not free, FTDI has to pay for them. They should have the right to stop hardware from using their IDs without their permission. That this bricks counterfeit devices is not their problem. People should be mad at the vendors who sold the counterfeit chips. The shear number of soft-bricked devices shows how little component vendors actually policy the products they sell.
Re: Re:
That’s all true. The correct solution involves lawyers, court cases, and notifications or refusal to operate, NOT resetting a programmed number in someone else’s hardware. Doing so sets THEM up for lawsuits.
Re: Re:
Having to pay for the authority to use an infinitely reproducible result does not give someone the authority to take away my ability to use that infinitely reproducible result.
This goes for both hardware and software. If you don’t want to do business with me that’s your problem. I’m free to go do business with someone else- even if they’re not licensed to give me the authority to use said infinitely reproducible results.
Re: Re:
When you agree to, or allow the powerful, to take control of the property that is the mainstay of your life, and exercise arbitrary control, you become a serf. In olden times it was the land, and it seizure by warriors that created serfs. Nowadays it is computers, and the rich and powerful are trying to seize total control over your devices, which will give them control over the information you can obtain, which also helps in reducing people to being serfs.
Same things to make clear!!
i think same thinngs must be cleared:
Bricked chips cease to work on linux and osx where the drivers aren’t provided from ftdi.
There are multiple makers of fake ftdi chips; most fakes work well, same not.
The final customer has no way to know if the chip he buy is legit or not, even the marks on the chips can vary a lot.
Often even builder inplementing ftdi on their equipment can have no idea from where the chips come form.
Before the bricking fake issue, the only way to discover a fake that work fine was to dismantel the chip and observe with electronic microscope, so you can’t compare with fake moneys or goodies.
This is their biggest mistake: Ftdi did never provided a tool or a method to detect fakes.
Ftdi drivers never told users that the chip that was installed in their equipment was a fake, they just bricked it.
I can understand if they took another approach like telling “you’re using a fake chip, we gave you 30 day for fix it then the driver will cease to wok every 10 minutes”.
Eula can’t apply at all even if the laws allow their action; windows update deployment are silent so no you can’t read them unless they’re already installed.
Re: Same things to make clear!!
I can understand if they took another approach like telling “you’re using a fake chip, we gave you 30 day for fix it then the driver will cease to wok every 10 minutes”.
That would be acceptable only if they also offered to reimburse anyone who suddenly had to replace the affected part, given I’m sure the vast majority of people using the fake chips had no idea(and no way to know) that they were fake when they made the original purchase of the hardware.
Teapot Tempest
C’mon people! All of this fuss for a limited use chip that’s probably NOT in your device to begin with. How about a list of who uses them, how many there are, and how many are actually fake? There are several other RS-422 to USB solutions out there.
Planned Obsolescence
A few months back, all of my Mice stopped working on both my Win8 and Vista boxes.
The mouse loads and seems to work fine until one moves the mouse with some speed and then it literally disconnects itself and seconds later, reconnects itself.
Every single mouse I have – dating back many years – now does this, with one exception. A Razor Gaming mouse that I have to put taped protectors on to prevent pushing the buttons the silly idiots placed on both sides where you hold the mouse. I would never use this mouse if it were not the only one that works.
I would buy a new mouse, but the chances that it will fail seems high and means I will simply be stuck with another dead mouse.
Could this be due to this FTDI chip thing.
—
Are these devices real or fake devices?
This device is very complex. How in the world did anyone reverse engineer it? Just what kind of an operation would it take to make these devices? Are these devices being sampled out to test it all of the devices can be shut down at a critical point without taking down the older parts? No judge in the world has made any judgement that allowed this, but they took the law in their own hands permanently contaminating any further legal actions.
I have two boards that may have these devices. There is no way for anyone except for FT to know. Did they check where these devices may be. Were they in medical equipment that may fail because of premeditated murder. If someone dies because of failure does Microsoft / FT answer the charges? How in the world can a consumer or designer know for sure that this companies parts are in their products. In my opinion it will be safer to design with parts that cannot be by designed to be shut off at the discretion of the manufacture. Many of the Arduino boards now use another Atmel device programmed to handle USB. The include a program header to re-flash the device. Is there any reason not to go this route in the design of new devices? Is FT the only company that makes USB interface drivers? Since the underlying IO is actually TTL RS232 why not get a new interface and use it. It is really hard to hack this system. It makes no since to use devices that can at will be sabotaged.
What have the courts said?
In a case such as this a court of law would be needed to make the ultimate decision as to the penalty. There is no way to know where these chips are and how dangerous it would be to just shut all of them down. If this is a loss or money then it should be an issue of finding who can give them their money back. If if is revenge then they need to express how they feel to the court that has jurisdiction over where all of these devices are. It is quite expensive to be an international company. The responsibility of the business to be able to sue. If they can not handle the responsibility they should restrict their market. This company thinks that they have the right to decide what actions can be taken. Even if they find a way to ignore clone devices without the benefit of a court decision they have once again broken the law. Actions like this need to be studied. Each country has its own laws and protections for its citizens. If they universally make a decision they may have broken tens of thousands of laws. In the United States we have due process. No one can be punished without the benefit of a trail. If this happens it is a violation of our rights. For each violation of this Federal law there needs to be a separate case; times the number of devices that were damaged can lead to millions of individual cases. This also can lead to damages. If something like a death or damage of property occurs this is responsibility of who changed anything. Even if the equipment was at fault if someone outside the designers did anything to change the original working device is now 100% responsible of anything that happens after the modifications. Most of these devices are inside OEM equipment. The manufacture of this device did nothing to train the end users that at any time they can render any USB device unusable. They still have the ability to do the same thing to their, “Genuine,” parts. I think that serious designers need to consider using a device other this this to save money, Save board space by having the USB inside the controller and creating their own USB / RS232 driver. FTDI should be made to put up a security to protect the users. Since they took the law in their own hands they should not expect to get any returns from this other than the billions of dollars in damages they created without any legal decisions.