IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices

from the that's-not-how-it's-supposed-to-work dept

Not this again. For years, we were perplexed by the war on mod chips, which could be used to allow people to play pirated games, but also had plenty of legitimate uses as well, especially for developers and hackers. The same was true of the war on smart card readers. Yes, they could be used to get pirated TV, but they were also useful for lots of other, perfectly legitimate projects as well. The latest, however, appears to be a Microsoft update with some new drivers that were completely destroying devices that have fake FTDI chips. People started noticing that right after the Windows update devices using those chips were suddenly dead. Bricked. It's not that they wouldn't connect any more -- it's that the software update actively bricked the devices and you can't get them back.

FTDI chips are quite popular with hackers and there are plenty of them out there -- both real and fake. And, quite frequently, developers/hackers have no idea if their FTDI chips are legit or not, because they just buy devices that include them, and they assume they're legit. But the drivers in that Windows update didn't care and bricked any one using a fake FTDI chip. As Ars Technica notes, this really sucks for a bunch of hackers who never even did anything wrong.
The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it's not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts. It can be difficult to tell, and stories of OEMs and ODMs quietly ignoring design specs and using knock-offs instead of official parts are not uncommon. As such, even hardware that was designed and specified as using proper FTDI chips could be affected.

Every USB device has a pair of IDs. One, the Vendor ID (VID), is allocated by the USB group. Each vendor has its own unique VID and uses that VID on every USB device it makes. The second is the Product ID (PID), allocated by the vendor, with each distinct chip type having its own PID. Windows uses the VID/PID pair to figure out which driver a given piece of hardware needs. The counterfeit chips use FTDI's VID and set the PID to the PID of whichever chip it is they're cloning (FTDI has a range of similar parts, each with their own PIDs).

The new driver reprograms the PID of counterfeit chips to 0000. Because this PID does not match any real FTDI part, it means that FTDI drivers no longer recognize the chips and, hence, no longer provide access to them. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.
It's not entirely clear if this is something FTDI did on purpose or not (though, their comments below suggest they did), but it is worrisome, and it's simply not okay -- whether it was on purpose (in which case it's potentially illegal) or not (in which case it's just bad).

Sherwin Siy, over at Public Knowledge does a nice job explaining why copyright (or other IP laws) are never a legitimate reason to break a device -- even if a contract warns it might happen (as is apparently the case with FTDI).

The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do. And if they’re doing this deliberately, this is wrong not just in the sense of being unethical, but illegal, too.

This is something that people seem to forget in the IP space, and also in the technology space, which makes it unsurprising that we see it here. It’s the same impulse that leads people to ask if they can shotgun a drone that strays onto their property (No, no more than you can torch a car that parks in your driveway), or whether you can destroy the computers of people who have illegally downloaded your song.

So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.

Unfortunately, in this era of intellectual property maxmalism, people seem to forget these things. They assume that if you have a "fake" chip then obviously it's "okay" to break the device, because they falsely seem to believe that copyrights and trademarks and the like give the holder "all the rights over everything," rather than a limited set of rights over certain things. FTDI's response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose:
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
Honorable intentions or not, counterfeit products or not, actively going in and breaking the property of others is not an acceptable response.

Filed Under: bricking, copyright, counterfeit, drivers, ftdi chips, microsoft update, property, property rights, trademark, update
Companies: ftdi, microsoft


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    John Fenderson (profile), 24 Oct 2014 @ 8:06am

    Yet another reason

    And we get to add yet another reason to the lengthy list of reasons why people should avoid Windows.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:14am

      Re: Yet another reason

      Ultimately it doesn't matter that there are plenty of problems with windows, as long as most businesses use it, and as long as most PC video games only support windows

      reply to this | link to this | view in chronology ]

      • icon
        Machin Shin (profile), 24 Oct 2014 @ 8:53am

        Re: Re: Yet another reason

        Really one of the big reasons windows has been hanging in there was your point of "most PC video games only support windows".

        The really good news is, that is changing. With Steam supporting Linux and many major game makers moving to support Linux as well. I think the end of Microsoft's reign is within sight. As kids who grew up using Linux move into the workforce Windows will start to loose a hold there pretty quickly. After all, it is an easy decision between at least $200 a copy and FREE. Only thing holding people back is lack of qualified users. Linux gaming takes care of the linux training part....

        reply to this | link to this | view in chronology ]

      • identicon
        John Nemesh, 24 Oct 2014 @ 9:42am

        Re: Re: Yet another reason

        Fortunately, we are seeing more and more "AAA" games being ported over to Linux. There is very little reason for most home users to use Windows these days (especially since Windows 8 was released!)...once we have Office 365 accessible on Linux, there won't be much reason to use it at work, either...other than the entrenched preferences of the IT people who make such choices.

        reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 24 Oct 2014 @ 8:22am

      Re: Yet another reason

      Indeed. But I'd say that it's another reason why we need to enshrine into law the simple fact that once you buy a product nobody has the right to do anything to it that may make it stop functioning. And then people would sue (if they aren't already even without it) and these companies would think twice before doing such thing.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Oct 2014 @ 8:45am

        Re: Re: Yet another reason

        I agree. In fact, I think that existing laws (should) already cover this. It's vandalism, pure and simple.

        reply to this | link to this | view in chronology ]

      • identicon
        JEDIDIAH, 24 Oct 2014 @ 10:21am

        Re: Yet another reason

        This is willful destruction of other people's property. It isn't just a tort. This is criminal. Someone should be doing some jail time over this.

        reply to this | link to this | view in chronology ]

      • icon
        dml (profile), 24 Oct 2014 @ 4:15pm

        Re: Re: Yet another reason

        It is not "make it stop functioning".
        They have no obligation to support something they did not make.

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 24 Oct 2014 @ 5:32pm

          Re: Re: Re: Yet another reason

          Was the device working before the update? Yes.
          Is the device working after the update? No.

          They absolutely 'made it stop functioning'.

          As others have noted, no, they don't have an obligation to offer support for something they didn't make. However, they do have an obligation not to intentionally brick things that they didn't make.

          If they've got a problem with forgeries, take it up with the people selling the fake chips, don't screw over the customers who had no way of knowing, or checking, the validity of their purchases.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 24 Oct 2014 @ 5:51pm

            Re: Re: Re: Re: Yet another reason

            >As others have noted, no, they don't have an obligation to offer support for something they didn't make. However, they do have an obligation not to intentionally brick things that they didn't make.

            Wrong, they have an obligation to limit who uses their IDs. If hardware needs an ID to function they the manufacture had better get a legitimate ID. Using another vendor's ID give them control over that device. All FTDI did was take back their ID. FTDI can't issue a new ID so it just put in zeros which is not a valid ID.

            reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 24 Oct 2014 @ 8:54pm

              Re: Re: Re: Re: Re: Yet another reason

              "they have an obligation to limit who uses their IDs."

              They have no such obligation, although their desire to do so is understandable.

              "Using another vendor's ID give them control over that device. All FTDI did was take back their ID. "

              What does that even mean? The counterfeiters weren't taking control of anyone else's device, and FTDI wasn't "taking back" anything.

              But regardless, none of that excuses damaging the property that belongs to other people.

              reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:30am

      Re: Yet another reason

      Sorry, but they provided the driver to Microsoft. The same exact thing could happen on MacOS or Linux if they provide a driver to Apple or a binary for Linux.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 8:39am

        Re: Re: Yet another reason

        Yes, and I think it might. I generally work with standalone ATMega's but I use arduino with FTDI to program the atmega. I using linux, but I am afraid that the next time I use the arduino to program the mega, my arduino may be bricked. I try very hard to ensure my arduinos are authentic, but there are a lot of counterfeits out there.

        "Honorable intentions or not.." FTDI's reputation is now shot.

        reply to this | link to this | view in chronology ]

        • identicon
          jackn, 24 Oct 2014 @ 8:40am

          Re: Re: Re: Yet another reason

          clarification, I don't know if this is affecting linux drivers, yet.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 24 Oct 2014 @ 9:06am

            Re: Re: Re: Re: Yet another reason

            clarification, I don't know if this is affecting linux drivers, yet.
            This affects Linux only in the sense that, once your Windows machine reprograms the counterfeit device, Linux, Mac OS X and Windows systems (including those that lack the bad driver) correctly fail to recognize the unknown identifier. Linux works fine with a conforming FTDI-compatible chip, whether counterfeit or not. Also, as one comment here speculated and was already confirmed elsewhere, the chip is not technically bricked. It can be repaired in the field with the right software and right information. However, until repaired, it cannot be used with any computer, Windows, Linux, or Mac OS X. Once repaired, it can be used with any of them, provided you do not connect it to a Windows system running the chip-killing driver.

            As far as I know, there is currently no automated repair mechanism, so you need a computer which can reflash the damaged chip, you need to know what PID it had before FTDI broke it, and you need to explicitly run the reflashing program with the right inputs.

            reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Oct 2014 @ 8:44am

        Re: Re: Yet another reason

        This is true, but is far more likely with Windows than with Linux. I don't know about Macs (it depends on the testing requirements Apple has). The main problem with Windows is that Microsoft does not actually test the drivers for anything other than compatibility prior to inclusion.

        In Linux, manufacturer-provided binary blobs are only accepted in a small number of special cases (NVIDA chipsets, certain almost-network chipsets, and certain RAID controllers.) In pretty much every other case, the drivers aren't provided by the manufacturer at all, and manufacturer-provided or not, there is full source code available. Also, even with the binary blobs, someone other than the manufacturer has actually tested the driver before it gets included in a distro.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Oct 2014 @ 9:15am

          Re: Re: Re: Yet another reason

          In Linux, manufacturer-provided binary blobs are only accepted in a small number of special cases (NVIDA chipsets, certain almost-network chipsets, and certain RAID controllers.)
          Also, although hardly universal, there is a non-trivial element within the community that for ideological reasons refuses to run blobs even in those limited cases. Members of that group generally take the attitude that, if the device cannot be run with Free software, then it simply should not be run at all. These people avoid nVidia hardware where possible and use the Nouveau (open source reverse engineered) driver where nVidia hardware is unavoidable. Such people would likely be immune to this type of bad behavior, and may even seize upon this to bolster the charge that running non-Free software is a Bad Idea.

          Disclaimer: I avoid binary blobs on Linux, but I am not particularly aggressive at pushing others to do the same.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 24 Oct 2014 @ 9:19am

            Re: Re: Re: Re: Yet another reason

            "I avoid binary blobs on Linux, but I am not particularly aggressive at pushing others to do the same."

            Yes, this is my stance. With a single exception, I don't use binary blobs on my Linux systems at all. I don't trust them. The single exception is my smartphone -- where the binary blob is the software that implements the actual cellphone functionality and there is no alternative.

            reply to this | link to this | view in chronology ]

      • icon
        ArkieGuy (profile), 24 Oct 2014 @ 8:54am

        Open Source

        This sounds like the PERFECT reason to only use Open Source software on Linux. :)

        reply to this | link to this | view in chronology ]

      • identicon
        JEDIDIAH, 24 Oct 2014 @ 10:24am

        Re: Yet another reason

        Most drivers in Linux are NOT provided by the hardware vendor. This actually works out better the vast majority of the time.

        reply to this | link to this | view in chronology ]

      • identicon
        Lawrence D’Oliveiro, 24 Oct 2014 @ 6:13pm

        Re: they provided the driver to Microsoft

        And Microsoft requires that all drivers for 64-bit Windows be WHQL-certified and signed—by Microsoft.

        In other words, there was effectively a message on the end: “I am Microsoft, and I approve this driver”.

        reply to this | link to this | view in chronology ]

    • icon
      Keroberos (profile), 24 Oct 2014 @ 10:29am

      Re: Yet another reason

      It's not Microsoft's fault. They are merely offering the drivers that were provided by the device manufacturer on the Windows Update service (they do this for all manufacturers). This is a service that makes Windows much easier to configure than Linux (try finding some non standard driver in Linux). Microsoft can't possibly test every possible piece of legitimate hardware--let alone the counterfeits. So how can they be at fault?

      reply to this | link to this | view in chronology ]

      • identicon
        Rich Kulawiec, 24 Oct 2014 @ 10:39am

        Re: Re: Yet another reason

        "So how can they be at fault?"

        Microsoft has the clout to demand that third-party vendors supply the (compiled) drivers and the source code for them. They also have the personnel and financial resources to review those in depth before releasing them. So why don't they?

        reply to this | link to this | view in chronology ]

        • icon
          Keroberos (profile), 24 Oct 2014 @ 1:17pm

          Re: Re: Re: Yet another reason

          They do check. They don't have the personnel and resources to test every possible hardware configuration. And how would they test the fakes?

          Add in the fact that the newer drivers for the real chip were already breaking the fake ones without changing the hardware PID of the fakes. All that changing the Hardware PID of the fake chip does is let the FTDI's support staff see that the non functional chip is a fake.

          Does it suck? Yes. Could FTDI have done something else to identify the fakes? Maybe. But these chips are buggy as hell even when they were semi-functional with FTDI's drivers (they were not a counterfeit with the exact design of the original, but a cheap hack pretending to be something that it is not). This will hopefully stop shoddy manufacturers from using the fake chips just to shave a couple of cents off of manufacturing costs.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 24 Oct 2014 @ 1:52pm

            Re: Re: Re: Re: Yet another reason

            "Could FTDI have done something else to identify the fakes? Maybe."

            Not maybe. FTDI has withdrawn their malicious drivers and replaced them with drivers that detect the fakes and refuse to work with them without breaking them. These drivers also warn you that you have a fake chip.

            Which is precisely how they should have handled this situation in the first place.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 1:23pm

        Re: Re: Yet another reason

        "It's not Microsoft's fault."

        Microsoft signed the off on the driver, certified it and then distributed it. If they didn't check it, they shouldn't have claimed that they did.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 1:55pm

          Re: Re: Re: Yet another reason

          Microsoft only checks drivers for compatibility -- that is, that the drivers won't make Windows malfunction. I'm sure that the drivers meet that standard. If so, Microsoft didn't screw up the validation.

          reply to this | link to this | view in chronology ]

          • identicon
            Lawrence D’Oliveiro, 25 Oct 2014 @ 8:11pm

            Re: Microsoft only checks drivers for compatibility

            Then why is it called “Windows Hardware Quality Labs”, not “Windows Hardware Compatibility Labs”? Clearly, Microsoft are claiming to certify the drivers for quality, not just compatibility—it’s right there in the name.

            reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 27 Oct 2014 @ 8:31am

              Re: Re: Microsoft only checks drivers for compatibility

              Actually, it used to be called compatibility, but they changed the name. You're putting too much importance on the name, though. If you're going to say that the name is chosen for its literal accuracy, then WHQL would be certifying the hardware, not the drivers.

              reply to this | link to this | view in chronology ]

    • icon
      BernardoVerda (profile), 24 Oct 2014 @ 8:20pm

      Re: Yet another reason

      Not Really...

      This hardware-bricking driver "update" is entirely on FTDI.

      I'm even sympathetic to their resentment of counterfeiters. In some sense I'm even sympathetic to their resentment of clones and "freeloaders". But I'm NOT sympathetic to FTDI designating any and all "unapproved" clones as "counterfeit" -- clones and "freeloaders" are the inevitable consequence of being a market front-runner. They might not like it, but that doesn't give them the right to play judge, jury, and vigilante.

      FTDI knowingly and maliciously designed this driver to behave this way, and passed it on to Microsoft. Windows was merely the mechanism to deliver this malware to end-users, and in this case Windows Update was behaving precisely as designed, and as it should.

      Now then, I've been using Linux for nearly 15 years, and I've despised Windows (and especially Microsoft) for longer than that... So I would most cheerfully take advantage of a legitimate opportunity to trash Microsoft -- unfortunately :( this is not that opportunity. This is all on FTDI.

      reply to this | link to this | view in chronology ]

    • identicon
      stoat, 25 Oct 2014 @ 12:12pm

      Re: Yet another reason

      FTDI tried (and failed) to get the same driver mods pulled into the Linux kernel.

      The code there shows the bricking is deliberate - write something that the real chip will ignore, but fakes will act on.

      At the very least FTDI employees have committed criminal acts under the UK's Computer Misuse Act and a more likely result will be FTDI's exit from the usb-serial market entirely.

      reply to this | link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 24 Oct 2014 @ 8:08am

    Uh-oh...a "cyber Pearl Harbor"!

    I expect to see a full-scale military response from the DHS any minute now.

    If they're done playing with their new underwear, that is.

    reply to this | link to this | view in chronology ]

    • icon
      Machin Shin (profile), 24 Oct 2014 @ 8:56am

      Re: Uh-oh...a "cyber Pearl Harbor"!

      Maybe they can just roll out in their new underwear, worn on the outside of their outfit of course. They seem to have grand delusions they are superheros after all, so the underwear is a key part of the outfit.

      reply to this | link to this | view in chronology ]

      • identicon
        Rich Kulawiec, 24 Oct 2014 @ 9:50am

        Re: Re: Uh-oh...a "cyber Pearl Harbor"!

        Well...we've been treated to an endless litany of fear-mongering from people in and out of government, all stoking the machinery of fear in order to justify massive spending and the systematic shredding of the Constitution. Now here we have a real live honest-to-goodness incident where attackers have deliberately physically destroyed hardware on a mass scale. We know they did it. We know why they did it. We know who they are. We know where they are.

        So why isn't a SWAT team kicking down their door at this very moment and beating, tasering, pepper-spraying, and tear-gassing the employees of that company? (And arresting any survivors.) You know damn well that if this had been done by J. Random Hacker that this is exactly the sort of response that would ensue, so why not in this case? Do they get a pass because they're a corporation? Or do they get one because they're waving the "IP" banner?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Oct 2014 @ 10:16am

          Re: Re: Re: Uh-oh...a "cyber Pearl Harbor"!

          "So why isn't a SWAT team kicking down their door at this very moment and beating, tasering, pepper-spraying, and tear-gassing the employees of that company?"

          Too busy collecting the credit card info, names and addresses of people buying infringing underwear. They'll be right along after raiding houses, tumble-dryers, washing machines, underwear drawers, and forcibly stripping the real criminals. Priorities man, priorities.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:16am

    I don't know about this. While some of the device manufacturers may have been duped into using counterfeit FTDI chips, others likely turned a blind eye. If you're a shopkeeper and someone passes you a counterfeit note should you be able to use it to give change if it being counterfeit is discovered? It seems like a bit more vigilance by the initial purchaser of the chip is in order

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:19am

      Re:

      If you accept a counterfeit note, you cannot legally use it in a transaction once you know it is counterfeit. This does not, however, give the mint the right to set your wallet on fire.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 6:05pm

        Re: Re:

        No but the Secret Service will most certainly empty your wallet of any counterfeit notes and burn them later.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:30am

      Re:

      not sure you got the gist of this.

      It is just simply not possible for the vast majority of people to even know or be able to determine if the hardware they just purchased is legit or not. And neither should that be "actively" PUNISHED for it.

      And most important of all... when you buy a piece of hardware you are supposed to own it... not freaking Microsoft, Sony, or Apple. And it should be considered criminal for them to brick any device because they did not like it! They have a solution... deny access to their networks.

      reply to this | link to this | view in chronology ]

      • identicon
        JEDIDIAH, 24 Oct 2014 @ 10:26am

        Right to the family jewels.

        It's almost like they should have informed the end user that they have been a victim of counterfeiting instead of just summarily destroying their hardware.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 10:36am

        Re: Re:

        And since they purchased the hardware they almost surely have a cause of action for breach of contract against the seller. Rather than railing against the rights holder, why not rail against the seller who sold the product to the customer?

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 11:04am

          Re: Re: Re:

          Perhaps because it wasn't the seller who actively engaged in outright vandalism. Maybe the customer has cause to sue the seller (although it's rather doubtful that the seller knew that counterfeit chips were in the device, so I'm not sure that would go anywhere) -- but that doesn't and shouldn't let FTDI off the hook for their own criminal behavior.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 24 Oct 2014 @ 11:49am

            Re: Re: Re: Re:

            What criminal act specifically did the company commit? Not saying that they are blameless, but only trying to identify with specificity what crime is being complained of.

            reply to this | link to this | view in chronology ]

      • icon
        dml (profile), 24 Oct 2014 @ 4:17pm

        Re: Re:

        Yes, you own it.
        You don't have any right to demand support from someone who did not make it.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 4:37pm

          Re: Re: Re:

          Who's making such a demand?

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Oct 2014 @ 12:19am

          Re: Re: Re:

          This is the second time you've made this type of comment.

          The driver did not say "I'm not going to recognize this device." It said "I'm going to reprogram this device so no driver can recognize it."

          Not allowing someone to stay in your hotel because you suspect they're using the room to have an affair is not the same thing as forcibly putting them in a chastity belt.

          reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Oct 2014 @ 8:51am

      Re:

      "It seems like a bit more vigilance by the initial purchaser of the chip is in order"

      If by "initial purchaser" you mean the OEM, then I agree totally. But that still doesn't excuse destroying the chip for the end user. If you mean the end user, then I disagree as there is no reasonable way that the end user can know if the chip is counterfeit or not.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 1:01pm

        Re: Re:

        Yes. OEM. I'd guess once their devices no longer work, they'll have a greater incentive to be vigilant.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 6:36pm

        Re: Re:

        Actually, according to the ARS article, the chips CAN be identified quite easily, assuming, of course, that the end purchaser knows the bloody thing is even in their new toy. The fake chips are identified by PRINTED labels whereas the true chips are laser etched.

        Then again, who does a chip-level inspection of a new device before purchase? That involves opening the thing up and possibly voiding the warranty. I certainly don't.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Oct 2014 @ 6:45pm

          Re: Re: Re:

          One particular kind of fake chip has printed labels. One particular kind of legitimate chip has laser etched labels.

          We don't know if:

          a) There are fakes which are laser etched;
          b) There are legitimate chips which are not laser etched.

          Manufacturing isn't static, designs change. One genuine chip might be made on a factory which laser etches the label, while another genuine chip (with the same design, perhaps even with wafers from the same factory) is made on a different factory which prints the label.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Oct 2014 @ 2:02am

          Re: Re: Re:

          the chips CAN be identified quite easily, assuming, of course, that the end purchaser knows the bloody thing is even in their new toy.

          So long as it is not buried in plastic, or in a difficult to open enclosure. Even then, they have to know which chip it is on the the board, and if it is a surface mount chip, they probably need a magnifying glass to read the bloody label, and maybe a movable light source to get the contrast up to where the label is readable.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:22am

    Hmm, if all the FTDI drivers are doing is reprogramming the PID ot 0000 then it should be a simple hack to detect this invalid PID and reprogram the PID to the "correct" value - so long as the host-side USB controller will talk with a device with 0 PID.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:23am

    As this chip is used by Arduino and the like, there are many small businesses that will likely have unhappy customers, and probably no easy way of checking for the impacted chips in in stock products. So it is not just the users that are impacted, but also a lot of small businesses.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:36am

    If you accept a counterfeit $100 bill and its detected, you are out the money. If you buy a counterfeit handbag cops can confiscate it.

    Just know what you are buying. Why do you think it should be different in the digital world?

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 24 Oct 2014 @ 8:45am

      Re:

      Yes.

      In both of those cases, the police can confiscate the items.

      The manufacturer who's IP rights MAY have been violated CANNOT confiscate them. When the police confiscate them - they become evidence in a trial, then people can argue and someone can mount a defense - none of that due process is happening here, the manufacturer is simply detecting and disabling something someone else owns.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 24 Oct 2014 @ 12:23pm

        Counterfeit is irrelevant.

        This is the age of civil forfeiture.

        Cops can seize your money, wallet, penguins, whatever regardless of whether it's counterfeit.

        reply to this | link to this | view in chronology ]

    • icon
      Chris-Mouse (profile), 24 Oct 2014 @ 8:47am

      Re:

      if I go into a major retailer and buy a USB to serial cable, how am I to peek inside the molded plastic and identify the fake chips before I buy the cable?
      I have no way to identify fake chips inside equipment.
      The retailer has no way of identifying fake chips inside equipment.
      The manufacturer *may* know that there are fake chips in the equipment, or they may have been duped by a supplier.
      The supplier probably knows that the chips are fakes.

      So I'm expected to dig three levels deep into the supply chain just so I don't have to worry about some software update bricking my $20 cable?

      reply to this | link to this | view in chronology ]

      • icon
        dml (profile), 24 Oct 2014 @ 4:18pm

        Re: Re:

        If it doesn't work take it back to whoever sold it to you.
        Don't ask someone who did not sell you anything to help you out.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Oct 2014 @ 12:25am

          Re: Re: Re:

          No one is asking FTDI to help them out. They're asking FTDI to not go out of their way (spending time and money) solely to do something that offers no benefit to consumers while offering drawbacks to consumers.

          Since that logic is pretty sound, that's exactly what FTDI did- after they spent the original time and money. They could have saved resources and avoided uproar.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:53am

      Re:

      If you accept a counterfeit $100 bill and its detected, you are out the money.


      Not in Canada, Take it to the nearest bank.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Oct 2014 @ 9:14am

        Re: Re:

        God, Canada rocks. I'm so jealous of you guys in so many ways.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Oct 2014 @ 11:10am

          Re: Re: Re:

          No need to be. Our Government is worse in that they are playing follow the leader. We just lag along behind you.

          Don't you use fiat money? Then your Government is obligated to honor it. It isn't your fault if it is easily copied.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 24 Oct 2014 @ 11:39am

            Re: Re: Re: Re:

            "Don't you use fiat money? Then your Government is obligated to honor it."

            Not if the government is the US. If you get a counterfeit bill, you lose. You're supposed to turn the bill in to authorities, but the only thing you'll get from doing that is a thank you.

            That said, I have never seen or possessed a counterfeit bill to the best of my knowledge. By the same token, I don't exactly examine the currency in my possession to find the fakes. The law is that you aren't committing a crime when spending counterfeit money unless you are aware the money is counterfeit. If I find a counterfeit bill in my wallet, I suffer an immediate financial loss, so it's in my best interest to not look too hard.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 25 Oct 2014 @ 12:26am

              Re: Re: Re: Re: Re:

              "If I find a counterfeit bill in my wallet, I suffer an immediate financial loss, so it's in my best interest to not look too hard."

              How's that for the creation of a patriotic society? Thanks, government friends!

              reply to this | link to this | view in chronology ]

    • identicon
      David, 24 Oct 2014 @ 9:58am

      Re:

      Well, this is the equivalent of a fashion designer sending hit teams to schoolyards that cut counterfeit clothes into shreds when they see someone wearing them.

      reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 24 Oct 2014 @ 8:36am

    Need to stop it before it spreads...

    ... Look at our history here folks. Where would we be if Chevrolet, Ford, Dodge, et al had gone around the country and "bricked" every car that every enthusiast "modded". Accel, Crane, Cragar, Edelbrock, Holly, Hurst, Weiand.. NASCAR... none would exist. And most of those mods were done LONG BEFORE THE CAR WAS PAID OFF! Hell, Oldsmobile even bought the parts and put them on in the factory - look up "Hurst Olds" if you don't remember.

    You wouldn't have the PC's you have today if it weren't for "modders". Turtle Beach - Hayes - NVidia - all started with boards to "mod" the PC you bought.

    So... when did this lunacy start? And who needs to be shot to stop it?

    reply to this | link to this | view in chronology ]

    • identicon
      jackn, 24 Oct 2014 @ 8:49am

      Re: Need to stop it before it spreads...

      Apple? at least thats a good start.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 9:19am

      Re: Need to stop it before it spreads...

      "So... when did this lunacy start? And who needs to be shot to stop it?"

      Congress.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 10:02am

      Re: Need to stop it before it spreads...

      "Where would we be if Chevrolet, Ford, Dodge, et al had gone around the country and "bricked" every car that every enthusiast "modded""

      There was indeed a huge fight, starting in the 1960s hot-rod era, when Detroits' Big Three automakers tried to kill off the aftermarket parts industry, basically by saying that if a car owner put a single non-OEM part on his car, then the entire warrantee was null and void. And not just for things directly related to the part (say like a leaking oil gasket causing clutch failure) but anything and everything on the car completely unrelated to that part. So taking your new Ford to the dealer to have the air conditioner fixed, and they see it has non-factory wheels and tires, then they could flatly refuse to do warantee work on the A/C (at least in theory) despite that the two things have absolutely nothing to do with each other. It was not just a matter of whether the automakers carried through with their threats or not, since most people believed they would, as that's what the dealers would (unsurprisingly) tell them all the time.

      The early '70s Magnuson–Moss Warranty Act put a stop to that practice by forcing automakers to accept owner-installed parts made by aftermarket companies. Ironically, the automakers ended up buying up many of the companies (and incorporating their products and operations) that they had earlier argued were making dangerously defective products, when they were trying to shut them out and kill them off.

      But that was an entirely different era, individualism was in fashion, the Cold War was at its height, monopolies were still being broken up by the government, and anthing with a whif of top-down control smacked of communism or corporatism. It was an era when small private companies flourished, and the US government tended to side with small upstart innovators --and especially consumers-- rather than being bowled over by the "too big to fail" behemoth corporations, which as we're all painfully aware is the government's operating environment today.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:38am

    Downstream responsibility

    'If you accept a counterfeit note, you cannot legally use it in a transaction once you know it is counterfeit.'

    Passing on counterfeit currency as real money is fraud, and even without a specific ban on counterfeit money the act of obtaining anything of value by false pretenses should with appropriate limitations and caveats still be illegal.

    However, what does use in a transaction mean regarding downstream responsibility for all actors?

    If I haven't paid for a counterfeit watch but gotten it as a gift, I haven't deceived anyone or disturbed the legal market in any way.

    The only plausible argument for downstream responsibility for the enduser whom may not even be synonymous with the original buyer is third or fourth party liability which is really troubling given the multiplicity of possible IP claims.

    If one chip in my computer is counterfeit, or the embedded software in my pacemaker is subject to a valid IP claim, am I liable after being aware of the illegality, and I continue to use the product?

    It's really a logic that ain't far from reality and drives me to the IP abolition camp.

    reply to this | link to this | view in chronology ]

    • icon
      steell (profile), 24 Oct 2014 @ 9:46am

      Re: Downstream responsibility

      "the act of obtaining anything of value by false pretenses should with appropriate limitations and caveats still be illegal."

      Well crap! Guess that means no more sex for me.

      reply to this | link to this | view in chronology ]

      • identicon
        David, 24 Oct 2014 @ 12:59pm

        Re: Re: Downstream responsibility

        Well, you know the tale of Hansel and Gretel. You have to give back any orgasms faked with a bone rather than a boner.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 8:56am

    So I guess I can't chance updating my system then? Thank-you for keeping everyone safe and secure.

    reply to this | link to this | view in chronology ]

  • icon
    BentFranklin (profile), 24 Oct 2014 @ 9:03am

    "...this is wrong not just in the sense of being unethical, but illegal, too"

    How about dangerous? How does the manufacturer know their chips aren't being used in medical devices or safety equipment? What about mission critical applications? it's not just unethical, it's negligent.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 9:16am

      Re:

      "How about dangerous? How does the manufacturer know their chips aren't being used in medical devices or safety equipment?"

      Kill a few people and maybe others will learn proper respect for copyrights.

      /s

      reply to this | link to this | view in chronology ]

    • icon
      Keroberos (profile), 24 Oct 2014 @ 10:45am

      Re:

      God I hope they're not. The fakes are horribly buggy and would be dangerous to use in any life critical device.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 24 Oct 2014 @ 12:27pm

        Quality Assurance is not one of the sector's strong points.

        The reals are horribly buggy and would be dangerous to use in any life critical device as well.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:05am

    so, who's going to instigate the 'Class Action Law Suit' then? it's only something like this that they and others in this ridiculous copyrighted world understand. think just for a second how FTDI does and would act if their stuff was hacked. i'm not condoning the manufacture of counterfeit parts, but the company whose goods have been copied, should not have the right to destroy anything.
    then look at things in the other light. what is actively happening when a web site is accused of selling counterfeit and/or copyrighted items? the web sites are closed, almost instantly. when something like this issue happens, there is never a damn thing done in retaliation by the courts. they all seem to be waiting for it to happen and are thinking of ways what has happened can be twisted round so the perpetrators, the genuine maker/seller, can be let off, scot free!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:08am

    Re:

    'In both of those cases, the police can confiscate the items.'

    So you are seriously arguing that the police could forcibly remove the pacemaker or medical equipment from anyone if there was an infringement of IP?

    Let's consider a hypothetical, I buy a knock off medical device from China because I suffer from a disability or a cronic disease and the counterfeit works.

    Whether I am aware of the infringement is an issue but let's assume I am not aware at the time of purchase.



    Suddently the IP owner files a lawsuit and requests a seizure order and gets my address.

    Are you seriously arguing that (1) my medical device should be confiscated regardless of the consequences for my life or health, and/or (2) there should be a viable legal claim against me for infringement of IP if I was aware of the infringement?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 9:18am

      Re: Re:

      "Are you seriously arguing that (1) my medical device should be confiscated regardless of the consequences for my life or health, and/or (2) there should be a viable legal claim against me for infringement of IP if I was aware of the infringement?"

      Under copyright law, you don't even have to be aware in order to be liable.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:25am

    They did it on purpose

    > FTDI's response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose

    There's no doubt they did it on purpose. Someone reverse-engineered the bricking routine from the driver. It unconditionally writes 0 to the PID and a matching value to the checksum, but does so in a specific way that fails to write on genuine parts*.

    There's no legitimate purpose for the bricking routine. It's a no-operation on genuine parts. It's not "something useful the driver does which happens to do the wrong thing on non-genuine parts". The only possible explanation for the existence of that routine is to zero the PID on counterfeit or compatible parts**.

    * From what I could understand, the genuine parts can only write to the EEPROM in 32-bit units, sent as a pair of 16-bit units. The bricking code sent only one of the 16-bit units, so the write never happened. The compatible parts write each 16-bit unit as it's received, so the write happened.

    ** My guess as to why they only erased the PID, and not the VID: due to word alignment, if they erased the VID it would happen even on genuine parts. Luckly, this makes it easier to recover: if the VID is FTDI and the PID is zero, it's a part which used to have a PID of 6001 but was bricked. The Linux driver has been patched to recognize a bricked part as a valid FTDI part.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:29am

    re:

    'Under copyright law, you don't even have to be aware in order to be liable.'

    Then I propose a new business method:

    Sue the owners of cheap medical devices i.e the blind, deaf, or parapletic but be kind and offer them a settlement of $100 to settle the claim.

    If you do not have to be aware of the infringing nature of your hardware, or if one algorithm violates a patent, you should be happy that the generous IP owner will offer you a
    settlement in exchange for continued enjoyment of his property.

    Downstream responsibility for IP claims is really a ticking timebomb.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:33am

    The mouse and keyboard stopped working on my friend's Win8 computer after this weeks patch Tuesday. Restarting Win8 doesn't help. My friend even bought a new mouse and keyboard, but the new ones didn't work either. Win8 is stuck on the date/time login screen and none of the Human Interface Devices (HID) work.

    I wonder if this is related to FTDI's cyber attack. I'm glad I run GNU/Linux and don't have to worry about cyber sabotage operations being carried out by rogue chip manufactures.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Oct 2014 @ 10:37am

      Re:

      Your friend's response to the post-update failure was to replace the mouse and keyboard? That seems like a pretty huge jumping of the gun.

      Your friend can do two things: if he just wants to check if the mouse and keyboard have been affected by this, have him plug them into your Linux machine and see if they work there. If they do, then the problem is something else.

      In the end, your friend will need to roll the update back out. The lack of HID devices is a problem, of course. He'll probably have to use some sort of recovery disk to do it (unless he's lucky and has an old-timy serial port and a serial keyboard. If so, that might work.)

      This might be worth a call to Microsoft.

      reply to this | link to this | view in chronology ]

  • icon
    Stephen (profile), 24 Oct 2014 @ 9:55am

    Won't this drive business away from FTDI?

    Most people who are going to read the articles and ask, "Who's chip does this use?" And pretty much everyone will say, "Oh these are FTDIs!" whether or not it's true.

    So won't the result have people shying away from any of their chips in the future?

    Seems like another reason why killing the devices is a bad move.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 9:56am

    Re: Downstream responsibility

    Actually, there is controversy over the proposition that obtaining sex by false pretense is a kind of rape which should be punished by the state.

    Some states have considered if not enacted such legislation.

    But what I meant by value in this context was only economic value.

    reply to this | link to this | view in chronology ]

  • identicon
    mcinsand, 24 Oct 2014 @ 10:00am

    there is a place to work this out...

    For the FTDI guys to go after those acting in bad faith would be logical, but targeting consumers that acted in good faith with their purchases is hopefully illegal. This is destruction of property.

    And let us not forget what paragon of reliability is deciding what property to respect and what to trash: Microsoft. As others have mentioned, this is one of many reasons to avoid Windows. Are there any reasons left to stay? My luck has been that even wireless cards work smoother now with Linux now than with Windows 7.

    Last night, my youngest son was happydancing over Counterstrike having been ported over to Linux, but he said that my computer probably would have trouble, since it is a few years old with an outdated video card. Nah, it runs rings around a fresh Windows 7 box.

    I'm afraid I've become somewhat hardened, though. For those people losing hardware because they plugged into a device running Windows, they may have been truly wronged, but they were also asking for it. ... and NO, do not try to compare this to any other 'asking for it' analogies. Recovering a lost electronic device is nothing like assault or other injury. For that matter, I would say that a case of critical medical device failure should lie with the hospital or doctor involved. If a patient dies because someone plugged an FTDI device into a Windows box, then the plugger should be charged, as well as the IT 'professionals' that allowed Windows in as a spec.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 8:42pm

      Re: there is a place to work this out...

      Yeah. Much better someone's vital organs get bricked and someone in the financial department get fired than take a chance that doctors and nurses might all ignore a "counterfeit component detected, please replace ASAP" message box.

      Epitaph: "It ain't so bad... The IT guy had to take a pay cut."

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 10:09am

    Re:

    'Do they get a pass because they're a corporation? Or do they get one because they're waving the "IP" banner? '

    Yes to both, barring outright bribery which is rare, the legal system and government have difficulty stopping inherently bad actors exploiting corporate status and enforcement of intellectual property for their own ends.


    The courts were happy to nail Prenda, but they were only able to do so after a long time because Prenda made a lot of other obvious stupid missteps which weren't germane to the legality of their copyright trolling operations.

    Prenda waged a dirty pay up or else campaign against alleged file sharers, but RIAA did exactly the same but in a more 'legal' manner and got away only with a bloody nose.

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 24 Oct 2014 @ 10:27am

    Ignoring the important point

    I think the important point is being overlooked; specifically:

    This reveals that it is possible to permanently brick any USB device by software command.

    This is a lovely target for both malware and planned obsolescence.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Oct 2014 @ 10:43am

      Re: Ignoring the important point

      "This reveals that it is possible to permanently brick any USB device by software command."

      This isn't really news. There are hundreds of ways to subvert USB devices like this, but no single technique will work on all devices. For even more fun, it's also possible to put malware into many USB devices and subvert machines that they plug into. There have been a few viruses that have spread through keyboards and mice this way.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 12:03pm

      Re: Ignoring the important point

      Not *any* USB device.

      The FTDI devices have an EEPROM (a small amount of nonvolatile memory, a few hundred bytes) which stores configuration parameters. The "bricking" in this case is overwriting a few of these bytes with an invalid value.

      Other USB devices have firmware in nonvolatile memory, and most of these are updateable via USB. Send an invalid firmware to them, and they are bricked.

      A few USB devices might have invalid states which can cause physical damage to the device (for instance, setting an output GPIO to "high" while the device's board has it tied to ground).

      But if none of these cases apply? Then the device cannot be permanently (or even temporarily) bricked by software command. I don't know how common these resilient devices are (updateable firmware can pop up in the most surprising places), but they do exist.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Oct 2014 @ 2:02pm

        Re: Re: Ignoring the important point

        "I don't know how common these resilient devices are"

        Not as common as they should be. This problem with USB controllers is commonly discussed in security circles and is considered a "hard problem" because of how common it is, how difficult it is to get hardware manufacturers to take it seriously, and how hard it is to convince people to throw away their perfectly functional devices and replace them with ones that are more secure.

        reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 24 Oct 2014 @ 12:32pm

      Planned Obsolescence

      A strategy that Microsoft has used before, and suffered for it.

      Remember Zune?

      reply to this | link to this | view in chronology ]

    • icon
      Keroberos (profile), 24 Oct 2014 @ 1:51pm

      Re: Ignoring the important point

      No. Because the device is not really "bricked". All the driver update does is change the Hardware PID that identifies what it is. The device still works, the drivers just no longer identify it as valid for that driver. Most if not all other consumer hardware does not have changeable PIDs.

      reply to this | link to this | view in chronology ]

  • identicon
    PW97, 24 Oct 2014 @ 10:43am

    I smell an opportunity

    As this seems to affect the hacker hobbyist using the do it yourself development kits...

    perhaps they could kickstart and create an authentication system using those development kits to help IT/service departments around the world verify components, their authenticity and their applicable license.

    Heck governments, companies alike could add their use into purchasing contracts.

    Someone with the know-how go make some money and make this happen.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 10:49am

    Re: '

    And since they purchased the hardware they almost surely have a cause of action for breach of contract against the seller. Rather than railing against the
    rights holder, why not rail against the seller who sold the product to the customer? '

    Two wrongs do not make a right.

    Do you know that the actual user affected is the same person who is responsible for buying the product alleged to be counterfeit?

    Even assuming that the product is counterfeit, the rights holder is not the government and has no authority to stop the end user from enjoying any product prior to a judicial ruling.

    Do you know whether possession or use of a counterfeit product is illegal in all nations affected by the action?

    Do you know whether the fact that a product is counterfeit bars all tort actions for incidental destruction of property?

    reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 24 Oct 2014 @ 10:58am

    If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.

    Well, it was before the DMCA came around. Now, though, between the DMCA Takedown system and the protection of DRM, IP vigiliantism on digital devices is firmly enshrined in law.

    This is what I've been saying for years: unless the DMCA is repealed and replaced by something that affirmatively protects the rights of computer owners as the first priority, acts like this will inevitably continue. This isn't the first time it's happened (multiple gaming DRM systems have broken CD/DVD burners in the past) and it won't be the last, unless we get rid of the DMCA.

    This update bricked one specific chip. But a lot of computers these days are being sold with a TPM, an incredibly sinister chip that integrates DRM into the entire system. Just imagine the ramifications! Some people worry about the government of Iran getting nuclear weapons. I worry about them infiltrating a single engineer into the right division at Microsoft.

    reply to this | link to this | view in chronology ]

    • identicon
      Rich Kulawiec, 24 Oct 2014 @ 11:12am

      Re:

      " I worry about them infiltrating a single engineer into the right division at Microsoft."

      This.

      Everyone who thinks that the Iranians, Russians, Chinese, Israelis, French, Germans, Japanese, Turks, and everyone else haven't already had a serious discussion about trying this...or haven't already done it...raise your hands.

      Implausible? Feh. The intelligence agencies of every major nation routinely infiltrate each other. Getting an engineer into Microsoft or Google or Twitter or Oracle or wherever is child's play by comparison. It's such an obvious, cheap, low-risk, high-reward strategy that there is no way they've all passed it up.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 11:07am

    legally speaking...

    how is this extremely different than

    DHS revoking the DNS entries of stores selling counterfeit products, (https://www.techdirt.com/articles/20140701/17420627752/feds-seize-domain-social-network-sex-workers .shtml), or legitimate products thru unauthorized channels (https://www.techdirt.com/articles/20101213/09353512255/supreme-court-ruling-you-may-not-be-able-to- legally-sell-product-first-made-outside-us.shtml)

    or todays Aereo ruling: https://www.techdirt.com/articles/20130927/14101224679/comcasts-ceo-as-long-as-i-keep-saying-aereo-i s-illegal-sooner-later-someone-will-believe-me-right.shtml

    haven't we established that it is legal to (cripple, disable, break) services or equipment that you just don't like?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Oct 2014 @ 11:38am

    Just in case anyone needed one more reason to not use anything Microsoft makes.

    reply to this | link to this | view in chronology ]

  • icon
    streetlight (profile), 24 Oct 2014 @ 12:22pm

    Where are these chips used?

    I'm concerned about where these chips might be used and then disabled. Could they be used in:

    - Equipment at police departments and fire departments for emergency response purposes?

    - 911 systems?

    - Building alarm systems?

    - Medical devices in hospitals' emergency rooms, operating rooms, intensive care rooms where failure could cause death?

    and the list goes on.

    I'm not sure widows operates some of these devices and would be connected to the Internet for update. Both producers of the fake devices, if they could be discovered, and the company writing the stupid dll should be in deep trouble if serious problems resulted form their actions.

    reply to this | link to this | view in chronology ]

    • identicon
      jackn, 24 Oct 2014 @ 1:21pm

      Re: Where are these chips used?

      yes, possibly all of them. Anywhere where a cheap, simple serial(TX and RX) needs to interface with USB.

      reply to this | link to this | view in chronology ]

    • icon
      dml (profile), 24 Oct 2014 @ 4:23pm

      Re: Where are these chips used?

      So what?
      If important services buy defective devices, that is their fault for doing so in the first place.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Oct 2014 @ 12:41am

        Re: Re: Where are these chips used?

        If women wear low cut tops, it's their fault for doing so in the first place. They should understand how important it is to prevent rape.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 26 Oct 2014 @ 5:41pm

        Re: Re: Where are these chips used?

        you are disgusting and do not deserve to exist on this earth.

        Who cares if it kills people, so long as IP is not abused?

        Disgusting.

        reply to this | link to this | view in chronology ]

  • identicon
    KE7EHa, 24 Oct 2014 @ 2:07pm

    counterfeit electronics are the real problem

    The problem with counterfeit chips is now coming to the mainstream, apparently. Good, this day has been too long in coming. Perhaps we'll actually get enough people to care to start fixing the problem.

    Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers? Why they shouldn't attempt to detect fakes and lock them out? After all, it is their business and their reputation on the line with the counterfeit chips, even though they had nothing to do with them.

    To BentFranklin: I would hope that people who build safety critical and medical electronics verify their supply chains. They're required to for certification.

    Anyway, if you want to see the difference between a real FTDI chip and a fake FTDI chip, there's an interesting teardown (with die photos) here: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 2:17pm

      Re: counterfeit electronics are the real problem

      I suspect I'm being trolled, but on the off chance you are this clueless:
      Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers? Why they shouldn't attempt to detect fakes and lock them out? After all, it is their business and their reputation on the line with the counterfeit chips, even though they had nothing to do with them.
      No one says they should be required to have the driver make the counterfeit work as well as the original. Everyone is saying that FTDI has an obligation not to knowingly damage or destroy hardware, whether legitimate or counterfeit. Detecting a fake and refusing to use it is fine. Detecting a fake and actively modifying it to ensure it cannot be used elsewhere is not fine.

      Yes, their reputation is on the line with this. They have seriously harmed their reputation by pulling such a braindead stunt.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 2:25pm

      Re: counterfeit electronics are the real problem

      Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers? Why they shouldn't attempt to detect fakes and lock them out?
      Not supporting them in their drivers, which is what they are now doing, is one thing; setting the device type to an invalid type, and effectively bricking them is a different matter.

      reply to this | link to this | view in chronology ]

    • identicon
      KE7EHA, 24 Oct 2014 @ 3:14pm

      Re: counterfeit electronics are the real problem

      Okay, I have gone back and done some more reading on the new drivers they put out. I was thinking they were still using the old tactic (only writing zeros to the fake devices).

      resetting the PID to all zeros is annoying, but it's not fatal. If you know what you're doing, you can get by the solf lock and, using teh old FTDI drivers, still use the device.

      My point still stands, though. Would you have FTDI just sit aside and do nothing while their business is eroded by Chinese counterfeiters and companies that don't want to pay the few extra cents to buy a genuine chip? There's nothing stopping the manufacturers of products with the fake chips in them from releasing their own drivers that continue to use the chip, or use the bricked chips with the zeroed PID. They just want to use the money that FTDI is investing in developing their own drivers while not paying FTDI for the chips. That seems underhanded to me.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 24 Oct 2014 @ 3:56pm

        Re: Re: counterfeit electronics are the real problem

        "resetting the PID to all zeros is annoying, but it's not fatal. If you know what you're doing, you can get by the solf lock and, using teh old FTDI drivers, still use the device."

        But if, like the majority of people, you don't know what you're doing, then they have effectively destroyed your device.

        "Would you have FTDI just sit aside and do nothing while their business is eroded by Chinese counterfeiters and companies that don't want to pay the few extra cents to buy a genuine chip?"

        No. But if the choice is between doing nothing and damaging other people's property (which it's not), then doing nothing is the only ethical and legal option. Why do you think that FTDI has any right whatsoever to break stuff they don't own?

        reply to this | link to this | view in chronology ]

        • icon
          dml (profile), 24 Oct 2014 @ 4:26pm

          Re: Re: Re: counterfeit electronics are the real problem

          "But if, like the majority of people, you don't know what you're doing, then they have effectively destroyed your device."

          If you are stupid, and a thief, that's your problem.
          You should go to the crooks that sold you the fraudlent equipment, since the legitimate owner owes you nothing.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 24 Oct 2014 @ 8:58pm

            Re: Re: Re: Re: counterfeit electronics are the real problem

            So, you're saying that people who buy things in retail outlets are stupid and thieves? Interesting.

            "the legitimate owner owes you nothing"

            The people who bought the equipment are the legitimate owners. I'm not so sure why this is so difficult to understand. It's not a matter of people I assume you mean, FTDI, owing anything to the customers, it's a matter of FTDI not intentionally destroying things they don't even own.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Oct 2014 @ 12:43am

        Re: Re: counterfeit electronics are the real problem

        "They just want to use the money that FTDI is investing in developing their own drivers while not paying FTDI for the chips. That seems underhanded to me."

        That used to be the way science progressed. All the time.

        reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Oct 2014 @ 3:53pm

      Re: counterfeit electronics are the real problem

      "Could someone explain to me why FTDI should be foreced to support counterfeit chips in their drivers?"

      Nobody is saying that they should be. And they aren't.

      "Why they shouldn't attempt to detect fakes and lock them out?"

      If by "lock them out" you mean to FTDI making their drivers so they won't work with counterfeit chips (just like they're now doing since they got caught), then there's no issue with that at all.

      If by "lock them out" you mean altering them so that they no longer function properly at all, then the reason they shouldn't do that is because those chips are not their property. They have no right to break equipment they don't own.

      reply to this | link to this | view in chronology ]

      • icon
        dml (profile), 24 Oct 2014 @ 4:28pm

        Re: Re: counterfeit electronics are the real problem

        They do if they say so in their license agreement.
        Whether they do or not I do not know.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 4:39pm

          Re: Re: Re: counterfeit electronics are the real problem

          No, they don't. I would be very surprised if a license agreement that says "by using this software, you are granting us the right to destroy your equipment whenever we wish" would be legally enforceable.

          reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 4:59pm

          Re: Re: Re: counterfeit electronics are the real problem

          I found the term in teh EULA that FTDI was pointing to:

          The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.


          However, that doesn't get them legally in the clear. That's a disclaimer that the software was not certified for use on such components and may damage them as a result. It is not a statement that gives them any kind of right to intentionally damage your equipment. I'm also interested in the first part, about how the license only gives you the right to use the driver with genuine FTDI components. That seems like it would render the clause void because it's asking users to accomplish the impossible. How is an end user supposed to know if their device contains a counterfeit chip?

          This action by FTDI was so egregious, malicious, and disdainful of end users that I am hoping they get slapped hard in a court of law.

          reply to this | link to this | view in chronology ]

          • identicon
            Toom1275, 24 Oct 2014 @ 5:31pm

            Re: Re: Re: Re: counterfeit electronics are the real problem

            Not to mention that the Windows users who got the malicious driver in the windows update were not given the option to see this new EULA clause, and in many cases, don't immediately see that the driver was even downloaded due to it being in a more obscure subset of Windows Update specifically for drivers. This isn't something put in a click-through agreement that the user might ignore; the EULA wasn't given to them in the first place, so there's no reasonable expectation that the user would know about or agree to it, and so be bound by it.

            reply to this | link to this | view in chronology ]

          • identicon
            KE7EHA, 24 Oct 2014 @ 5:44pm

            Re: Re: Re: Re: counterfeit electronics are the real problem

            Hanlon's Razor: Never account to malice what can be readily explained by stupidity (or ignotance, as the case may be).

            FTDI cannot possibly know how each of the counterfeits is made. In a good design, the VID and PID should not be able to be changed post manufacture. The genuine FTDI chips have this stored in a bit of EEPROM either located in the package (As in teh FT232) or external (as in the FT2232). I'd have to check my programming manuals, but i don't think this is modifiable from the USB interface. It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all.

            FTDI's setting the PID to 0000 is questionable, but I think it was done as a matter of something that worked to prevent communications with the counterfeits, and they couldn't possibly test it with all variants of the counterfeits to ensure that there were no problems in the wild (such as soft locking some of the counterfeits).

            With the BadUSB exploit coming onto the market here recently, I think that the emphasis is not on USB manufacturers to do some of their own housecleaning to prevent counterfeit products masquerading as legitimate from becoming an attack vector in the wild. This means 1. being able to detect the counterfeit and 2. stopping communications with the counterfeit.

            This is the second attempt that FTDI has issued to prevent comms with the counterfeit chips. The first round, released several months ago, simply sent all zeros along the serial channel. This variant attempted to shut down all USB communications when it detected a fake. Granted, ti was done in a haphazard manner, but that strikes me as just sloppy coding.

            I just think that this is representative of the points of view of some people. Companies put fake chips into products on teh market masquerading as a legitimate communication chip. Then, when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer? That just seems damn entitled to me. You're in effect saying that the legitimate company must test each new driver with potentially hundreds of variants of the fake to ensure that the new drivers don't do anything catastrophic when used with the sloppily put together fakes. Nobody's going to do that, and it has nothing to do with IP.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 24 Oct 2014 @ 6:41pm

              Re: Re: Re: Re: Re: counterfeit electronics are the real problem

              > I'd have to check my programming manuals, but i don't think this is modifiable from the USB interface. It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all.

              The intended use is for the designer to be able to use their own VID/PID instead of FTDI's default, so the device will bind to the designer's driver instead of FTDI's generic serial driver. Being able to change the VID/PID is quite common in USB device chips.

              As to being modifiable from the USB interface, it's the most convenient way to do the manufacturing, since the USB interface is usually exposed (the serial interface is usually routed elsewhere within the same device). Simply solder everything, plug the USB from the device into a computer (which is something you have to do anyway to run the QA tests), and run the programmer to write into the EEPROM. No need to route pins out from the chip to be used exclusively for programming, no need for dedicated programming pins or multiplexing programming into other pins.

              To prevent it from being changed post manufacture, you could have lock bits; I don't know if the FTDI has them, but even if it has, lazy manufacturers won't set them, since they make it harder to fix any mistakes later.

              > This variant attempted to shut down all USB communications when it detected a fake. Granted, ti was done in a haphazard manner, but that strikes me as just sloppy coding.

              Did you read the reverse engineering of the bricking routine? It's not sloppy coding, it very purposefully overwrites the PID field, in a way that does nothing on a genuine FTDI. It takes care to calculate the correct checksum so the chip does not go back to its defaults. There is no legitimate reason for that routine, it is explicitly trying to zero the PID.

              From what I have read, it doesn't even stop the communications. I have read at least one person being able to write an Arduino sketch to his board only once, and then it stopped working. It seems there is no other check for a genuine part; it works until the USB is disconnect, and then it won't bind to the driver anymore (due to the zeroed PID).

              > Then, when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer?

              If it were just a side effect, there would be much less controversy. But, as the reverse engineering showed, it was not a side effect; the bricking was deliberate.

              reply to this | link to this | view in chronology ]

            • icon
              John Fenderson (profile), 24 Oct 2014 @ 9:09pm

              Re: Re: Re: Re: Re: counterfeit electronics are the real problem

              "Never account to malice what can be readily explained by stupidity (or ignotance, as the case may be)."

              This is provably a case of malice. FTDI's driver has been reverse engineered, and the code makes it clear this was an intentional operation aimed at a particular counterfeit.

              "It should not be capable of being modified from USB. In fact, it should not be capable of being modified at all. "

              True, it should not be modifiable, but in nearly every USB controller (including FTDI's chips), it is.

              "FTDI's setting the PID to 0000 is questionable, but I think it was done as a matter of something that worked to prevent communications with the counterfeits"

              You know what works just as well? Their driver simply refusing to talk with the counterfeit, perhaps while also warning the cuser of the counterfeit's existence. There's no need to damage the device. In fact, now that FTDI has been caught, this is exactly what their replacement drivers do. And even if that wasn't an alternative, it's still very much the wrong thing to intentionally damage other people's equipment.

              "I just think that this is representative of the points of view of some people."

              And those are people whose equipment and software can't be trusted.

              "when the manufacturer of the legitimate chip decides to put out an update that, as a side effect, bricks a number of the fakes, everyone goes after the legitimate manufacturer?"

              yes indeed, because it wasn't a side-effect. It was absolutely an intentional effect. Going after them for this is entirely appropriate.

              "That just seems damn entitled to me."

              So, expecting that nobody is going to come onto my property and smash things up now considered "damn entitled"?

              "You're in effect saying that the legitimate company must test each new driver with potentially hundreds of variants of the fake"

              Not at all. Where do you get that from? Again, this wasn't some kind of incompatibility or accident. This was an intentional act.

              reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Oct 2014 @ 6:07pm

        Re: Re: counterfeit electronics are the real problem

        >If by "lock them out" you mean altering them so that they no longer function properly at all,

        They were never functioning properly, they relied on using an ID that doesn't belong to them. FTDI has the right to remove their ID's from counterfeit hardware. The only ID they could replace their ID with is 0000 since that doesn't belong to anyone. If that causes the device not to function that is not FTDI's problem.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Oct 2014 @ 9:15pm

          Re: Re: Re: counterfeit electronics are the real problem

          "FTDI has the right to remove their ID's from counterfeit hardware."

          No, they emphatically do not have that right. It's not their hardware, and they have no right to modify it. What they have a right to do is to sue the companies that are using counterfeit chips and to have their driver refuse to talk to counterfeit chips.

          They don't have the right to damage other people's property.

          I am utterly amazed that anyone supports a company breaking other people's things. Would you be so cavalier if Firestone discovered that you had counterfeit tires on your car and slashed them in response? It's exactly the same thing.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 24 Oct 2014 @ 11:34pm

            Re: Re: Re: Re: counterfeit electronics are the real problem

            It's not the first time this sort of thing has been done. One of the early CD-writing softwares, CDRWin, became famous because of it's below-the-belt tactics deployed against suspected warez users. If CDRWin detected a "pirated" serial number, it would accept it and run, but intentionally burn bad CDs. This was way back when a blank CD cost several dollars apiece. So a warez user (or perhaps some poor sap who bought a counterfeit disk, or even mistyped the serial number) would soon end up spending far more money than if he'd legitimately paid for the software.

            This was shocking news back in the 1990s, but maybe other software companies have done similar things since then.

            reply to this | link to this | view in chronology ]

  • identicon
    slick8086, 24 Oct 2014 @ 5:45pm

    some things wrong with this article. First, it is untrue that the devices are hard bricked. They can be recovered.

    Second, the VID and PID are not free, FTDI has to pay for them. They should have the right to stop hardware from using their IDs without their permission. That this bricks counterfeit devices is not their problem. People should be mad at the vendors who sold the counterfeit chips. The shear number of soft-bricked devices shows how little component vendors actually policy the products they sell.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Oct 2014 @ 10:23pm

      Re:

      That's all true. The correct solution involves lawyers, court cases, and notifications or refusal to operate, NOT resetting a programmed number in someone else's hardware. Doing so sets THEM up for lawsuits.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Oct 2014 @ 12:58am

      Re:

      Having to pay for the authority to use an infinitely reproducible result does not give someone the authority to take away my ability to use that infinitely reproducible result.

      This goes for both hardware and software. If you don't want to do business with me that's your problem. I'm free to go do business with someone else- even if they're not licensed to give me the authority to use said infinitely reproducible results.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Oct 2014 @ 2:14am

      Re:

      They should have the right to stop hardware from using their IDs without their permission

      When you agree to, or allow the powerful, to take control of the property that is the mainstay of your life, and exercise arbitrary control, you become a serf. In olden times it was the land, and it seizure by warriors that created serfs. Nowadays it is computers, and the rich and powerful are trying to seize total control over your devices, which will give them control over the information you can obtain, which also helps in reducing people to being serfs.

      reply to this | link to this | view in chronology ]

  • icon
    kkurt (profile), 25 Oct 2014 @ 2:03am

    Same things to make clear!!

    i think same thinngs must be cleared:

    Bricked chips cease to work on linux and osx where the drivers aren't provided from ftdi.

    There are multiple makers of fake ftdi chips; most fakes work well, same not.

    The final customer has no way to know if the chip he buy is legit or not, even the marks on the chips can vary a lot.

    Often even builder inplementing ftdi on their equipment can have no idea from where the chips come form.

    Before the bricking fake issue, the only way to discover a fake that work fine was to dismantel the chip and observe with electronic microscope, so you can't compare with fake moneys or goodies.

    This is their biggest mistake: Ftdi did never provided a tool or a method to detect fakes.

    Ftdi drivers never told users that the chip that was installed in their equipment was a fake, they just bricked it.
    I can understand if they took another approach like telling "you're using a fake chip, we gave you 30 day for fix it then the driver will cease to wok every 10 minutes".

    Eula can't apply at all even if the laws allow their action; windows update deployment are silent so no you can't read them unless they're already installed.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 25 Oct 2014 @ 2:45am

      Re: Same things to make clear!!

      I can understand if they took another approach like telling "you're using a fake chip, we gave you 30 day for fix it then the driver will cease to wok every 10 minutes".

      That would be acceptable only if they also offered to reimburse anyone who suddenly had to replace the affected part, given I'm sure the vast majority of people using the fake chips had no idea(and no way to know) that they were fake when they made the original purchase of the hardware.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Oct 2014 @ 6:57pm

    Teapot Tempest

    C'mon people! All of this fuss for a limited use chip that's probably NOT in your device to begin with. How about a list of who uses them, how many there are, and how many are actually fake? There are several other RS-422 to USB solutions out there.

    reply to this | link to this | view in chronology ]

  • icon
    GEMont (profile), 26 Oct 2014 @ 4:36pm

    Planned Obsolescence

    A few months back, all of my Mice stopped working on both my Win8 and Vista boxes.

    The mouse loads and seems to work fine until one moves the mouse with some speed and then it literally disconnects itself and seconds later, reconnects itself.

    Every single mouse I have - dating back many years - now does this, with one exception. A Razor Gaming mouse that I have to put taped protectors on to prevent pushing the buttons the silly idiots placed on both sides where you hold the mouse. I would never use this mouse if it were not the only one that works.

    I would buy a new mouse, but the chances that it will fail seems high and means I will simply be stuck with another dead mouse.

    Could this be due to this FTDI chip thing.

    ---

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Nov 2014 @ 4:25pm

    Are these devices real or fake devices?

    This device is very complex. How in the world did anyone reverse engineer it? Just what kind of an operation would it take to make these devices? Are these devices being sampled out to test it all of the devices can be shut down at a critical point without taking down the older parts? No judge in the world has made any judgement that allowed this, but they took the law in their own hands permanently contaminating any further legal actions.

    I have two boards that may have these devices. There is no way for anyone except for FT to know. Did they check where these devices may be. Were they in medical equipment that may fail because of premeditated murder. If someone dies because of failure does Microsoft / FT answer the charges? How in the world can a consumer or designer know for sure that this companies parts are in their products. In my opinion it will be safer to design with parts that cannot be by designed to be shut off at the discretion of the manufacture. Many of the Arduino boards now use another Atmel device programmed to handle USB. The include a program header to re-flash the device. Is there any reason not to go this route in the design of new devices? Is FT the only company that makes USB interface drivers? Since the underlying IO is actually TTL RS232 why not get a new interface and use it. It is really hard to hack this system. It makes no since to use devices that can at will be sabotaged.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Nov 2014 @ 7:42pm

    What have the courts said?

    In a case such as this a court of law would be needed to make the ultimate decision as to the penalty. There is no way to know where these chips are and how dangerous it would be to just shut all of them down. If this is a loss or money then it should be an issue of finding who can give them their money back. If if is revenge then they need to express how they feel to the court that has jurisdiction over where all of these devices are. It is quite expensive to be an international company. The responsibility of the business to be able to sue. If they can not handle the responsibility they should restrict their market. This company thinks that they have the right to decide what actions can be taken. Even if they find a way to ignore clone devices without the benefit of a court decision they have once again broken the law. Actions like this need to be studied. Each country has its own laws and protections for its citizens. If they universally make a decision they may have broken tens of thousands of laws. In the United States we have due process. No one can be punished without the benefit of a trail. If this happens it is a violation of our rights. For each violation of this Federal law there needs to be a separate case; times the number of devices that were damaged can lead to millions of individual cases. This also can lead to damages. If something like a death or damage of property occurs this is responsibility of who changed anything. Even if the equipment was at fault if someone outside the designers did anything to change the original working device is now 100% responsible of anything that happens after the modifications. Most of these devices are inside OEM equipment. The manufacture of this device did nothing to train the end users that at any time they can render any USB device unusable. They still have the ability to do the same thing to their, "Genuine," parts. I think that serious designers need to consider using a device other this this to save money, Save board space by having the USB inside the controller and creating their own USB / RS232 driver. FTDI should be made to put up a security to protect the users. Since they took the law in their own hands they should not expect to get any returns from this other than the billions of dollars in damages they created without any legal decisions.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.