New
#1
Looks FTDI provide an utility to be able to flash those chip without brick them all by manually changing the PID.
FTDI Utility
In a move that has surprised and angered security researchers, chip maker FTDI has admitted to issuing a silent update that bricks cloned FTDI FT232 [USB to UART] chips.FTDI admits to bricking innocent users' chips in silent update | ZDNetHardware hackers and security researchers are furious at chip maker FTDI for issuing a silent update that bricks cloned FTDI FT232 [USB to UART] chips.
The chip is extremely common on a wide variety of devices and there is no way of knowing at this time which devices have cloned chips -- and the tainted supply chain could hit anyone.
FTDI appears to have used a recent Windows update to deliver the driver update to brick all cloned FTDI FT232s.
FTDI's surprise new driver reprograms the USB PID to 0, killing the chips instantly.
Looks FTDI provide an utility to be able to flash those chip without brick them all by manually changing the PID.
FTDI Utility
I hope they get sued.
I'd be sent to prison if I:
- Went to someone's house and smashed their stuff
- Sent out malware and it was tracked back to me
They didn't "brick" the chip, their new driver just doesn't' support it. This is reversible by installing older driver.
And the chip wasn't made by FTDI, why would they have to be required to support it? If you buy a fake Apple product, can you bring it in to the Apple store and get it repaired under warranty and serviced?
The end consumers are the pawns and FTDI could have been nicer to them.... but the end consumer can take his product to where it was purchased and complain there. If the end-user inadvertently buys a fake copy of windows, it also will get disabled. If someone buys fake tickets for a concert, he also gets turned down at the entrance. Sad and not fair... but why would the original OEM have to honor a pirated product?
This driver is clearly for FTDI chips and the EULA stated so. IF it is applied to a fake product, why should FTDI be required to make it work with fake products?
I keep backups of all my installers (driver & program) because companies have a proven track record of releasing dodgy and/or worthless updates.
How many ordinary users keep backup installers?
They don't.
However it seems they made no mention of the fact that the update could cause problems (especially for those who have unapproved chips).Hardware hackers and security researchers are furious at chip maker FTDI for issuing a silent update that bricks cloned FTDI FT232 [USB to UART] chips.
The chip is extremely common on a wide variety of devices and there is no way of knowing at this time which devices have cloned chips -- and the tainted supply chain could hit anyone.
Are you suggesting that everyone who had a fake chip deliberately bought the fake version?
the EULA stated that fake chips are not supported and that should go without saying anyway. If someone in China makes a fake ford Taurus, can you expect Ford (and possibly sue) ford if the original ford parts don't work in the clone? i never read the EULA, but don't expect an Intel driver to work on a product not made by Intel.
the consumer and possibly the board manufacturer are innocent in this. I don't think anyone deliberately installed fake chips. but the consumer can go to the board manufacturer and get a new board witch real chip. and the board manufacturer can sue his suppliers and improve QM.
I feel sorry for anyone affected, and this wasn't a good publicity move for FTDI. Because now manufacturers may not use them knowing chips may or may not be fake. Ultimately the publicity is bad for board manufacturers. no consumer knows who made the chips. but they buy a board from MSI, Asus or whoever that failed.
The board manufactures know exactly where they got the chip. It's the board manufacture duty to make sure that everything on their board are legal and not counterfeit. They bought Cing Dong Dings chip because it was cheaper and didn't care if it was counterfeit.
My thoughts.
Layback Bear
Car analogies don't seem to work properly for software.
If you took your Fake Ford Taurus to Ford they would tell you it was a fake (and charge you to fix it).
Ford doesn't go to peoples' houses and "clamp" fake Ford Tauruses (I've never heard of it happening here).
I also doubt that they'd beam an update into the fake Ford Taurus, which just so happens to "accidentally" disable it.
IT companies have a proven track record in dubious behaviour.
Actually they are just like the car companies.
In that case, it might be possible for someone to start a class action lawsuit.
A class action lawsuit against a Chinese company will never happen. It would be a waste of time and money. I don't believe the Chinese government will allow it. A major amount of the Chinese
economy is counterfeiting and they surly don't want to step on their own toes.
FTDI didn't force anyone to install the update. The user actively installed it (by downloading from manufacturer website or by automatic installation via MS). It sounds like it was an update to a driver where the user had to "accept" the EULA. FTDi didn't hack into computers to install the update.
If people want the convenience of automatic updates, then the user chose comfort over safety/security.