 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : FTDI Drivers Are Killing Fake Chips
  Page 4 of 4 |
|||||
| Author | Message | ||||
G8JCF Guru  Joined: 15/05/2014 Location: United KingdomPosts: 676 |
@vasi The customer's sole recourse is against the entity which sold him/her/them the product, ie in this case those boards. The seller has a duty of care towards their customer to ensure that what the seller sold to the customer was as described and as specified by the seller. If the seller sells to the customer something which is not as the seller described, then the seller has the obligation to refund the customer for the expenses incurred by the customer, and the customer has the right/expectation that the seller will perform as described in the seller's offer to the customer, ie deliver what was advertised/offered, and the customer has the obligation to deliver to the seller the compensation, ie funds, which the seller has demanded in return for delivering the offered goods. Doesn't that seem only fair, right and proper ? Peter The only Konstant is Change |
||||
vasi Guru Joined: 23/03/2007 Location: RomaniaPosts: 1697 |
One little detail you are omitting: the warranty of the product. All affected products have to be paid by FTDI because they intentionally broke them. Hobbit name: Togo Toadfoot of Frogmorton Elvish name: Mablung Miriel Beyound Arduino Lang |
||||
| JohnS Guru Joined: 18/11/2011 Location: United KingdomPosts: 4036 |
Better believe it does render them liable, under English law and I gather American too. Probably yours as well, as it's almost English law. For most users the changed driver renders the chip useless. That's damage, in law. Criminal, in law, and also allows civil redress (e.g. via tort which brings in consequential costs such as lost productivity, buying replacement hardware and manpower to sort out the problem). This is why it's not clever to do nasty things without checking laws in all affected countries. I've no idea about French, Italian, German, ... laws but don't be surprised if they also ban such things. John |
||||
donmck Guru Joined: 09/06/2011 Location: AustraliaPosts: 1314 |
Interesting long thread started on the newsgroups, if members are interested in reading this: -------- Forwarded Message -------- Subject: Arduino FTDI driver issue with Windows update Date: Sat, 25 Oct 2014 12:14:27 +0800 From: Shed_Fiddler <asdf@hjkl.com.au> Newsgroups: sci.electronics.design,aus.electronics Lifted from another NG: Hi, I know there are several people here that work with Arduino microcontrollers. Just a heads up to a potential headache. === Windows Update drivers bricking USB serial chips beloved of hardware hackers The move to combat counterfeit chips leaves hobbyists stuck in the middle. by Peter Bright - Oct 23, 2014 12:40 am UTC Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day... === See: <http://arstechnica.com/information-technology/2014/10/wi ndows-update-drivers-bricking-usb-serial-chips-beloved-of-ha rdware-hackers/> ============================================== Cheers Don... https://www.dontronics.com |
||||
| vasi Guru Joined: 23/03/2007 Location: RomaniaPosts: 1697 |
Lets put aside what FTDI did as now all reasons, facts and guilty are clear (BTW Don, the boards posted by me on the other page are products using FTDI and for Linux is already available a kernel patch which make a bricked Arduino usable again - future Linux distributions will have that included). The FTDI did revealed an unacceptable vulnerability of all products based on FTDI chips. This sole reason is enough to avoid them in the future. Is an example to all of us about how much (user) configurability a product must have. Hobbit name: Togo Toadfoot of Frogmorton Elvish name: Mablung Miriel Beyound Arduino Lang |
||||
BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Yes, if FTDI can do it to us then anyone can knock up a bit of malicious software and send it out to disable many gadgets and create a nuisance. There must be many other devices (non FTDI) that would succumb to a similar attack. |
||||
| robert.rozee Guru Joined: 31/12/2012 Location: New ZealandPosts: 2428 |
i believe that pretty much all usb devices use some sort of eeprom to hold the VID and PID. it used to always be external, but now a days the eeprom has been integrated into the one chip. the only difference between manufacturers is how well documented changing eeprom contents is. but a more pressing concern is recently proven ability for the firmware in some usb devices to be reprogrammed, or for 'malicious' devices to be created from scratch. a device (like a cheap thumb drive) can be reprogrammed with new firmware to appear as two devices when plugged in - one as the expected flash drive, the other as a rogue keyboard that can execute commands on your PC. imagine a rogue keyboard that quietly opened a command prompt (<windows> <R> CMD <cr> gets you blindly to a command window), then downloads trojan code from a website. all this done in a flash, perhaps even unnoticed if the command window is minimised. a malicious device might be a thumb drive, a printer, a no-name chinese cellphone, or even a usb-powered cup warmer... rob :-) |
||||
| vasi Guru Joined: 23/03/2007 Location: RomaniaPosts: 1697 |
I'm using some PIC18F2550/4550 microcontrollers for various USB HID devices (especially keyboard emulators but there are also HID Bootloaders) or USB CDC serial (also one USB-to-Serial device) communication. Firmware written in JALv2 language and/or MPLAB C18 language. The VID and PID are chosen when you write the firmware and when you burn it in the microcontrollers flash, there is no way to change them. Unless a mechanism is provided by the programmer but as we see, that is a bad practice. I don't know if Microchip provide a way to change the PID/VID on a MCP2200 provided by them, but in the MAL example for USB-to-Serial devices, there is no method to change them after you burned the firmware. And I believe, there is no such way also for Arduinos with ATmega16U2 micros as USB-to-Serial devices. You can chose your PID/VID at programming time and that is all. No vulnerability. Hobbit name: Togo Toadfoot of Frogmorton Elvish name: Mablung Miriel Beyound Arduino Lang |
||||
MicroBlocks Guru Joined: 12/05/2012 Location: ThailandPosts: 2209 |
MCP2200 over an FTDI always. Had to many bad experiences with the FTDI's. Especially their sensitivity for moisture. Keeping stock is as good as impossible. Microchip can also gives you a PID/VID combination for free if you need it for a product up to a volume of 10.000 if i remember correctly. Microblocks. Build with logic. |
||||
KeepIS Guru Joined: 13/10/2014 Location: AustraliaPosts: 1868 |
I believe that FTDI are removing the new Driver from Windows update and changing the way it works in future release so as not to break user devices. NANO Inverter: Full download - Only Hex Ver 8.1Ks |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
FTDI may have made their point and asserted their rights but I'll bet that they won few and lost many friends with this driver update. What they have done is tell everyone that it may be risky to use their product because it may be fake and it's hard to tell. Anyone that got stung by this will have a long memory. |
||||
| WhiteWizzard Guru Joined: 05/04/2013 Location: United KingdomPosts: 2932 |
Just received this from Mouser . . . . I have had one report in the last couple of days of a failed PID (reseting to 0000) from a FTDI chip I purchased from RS Components. I will be seeing what they say! WW |
||||
| donmck Guru Joined: 09/06/2011 Location: AustraliaPosts: 1314 |
As a small dealer, I got caught with 350 counterfeit USB to TTL cables. I managed to get the manufacturers to replace these, and I now give a 100% guarantee that I supply cables that contain genuine FTDI chips. http://www.dontronics-shop.com/usb-to-ttl-cables.html My USB to RS232 cables are manufactured by FTDI and of course have the same guarantee. An interesting read was the notice from Fred Dart. Cheers Don... https://www.dontronics.com |
||||
| paceman Guru Joined: 07/10/2011 Location: AustraliaPosts: 1329 |
Guess that must mean that either RS Components have a supply chain problem (embarassing) or else paragraph 2 of FTDI's letter is not totally forthcoming! Greg |
||||
| donmck Guru Joined: 09/06/2011 Location: AustraliaPosts: 1314 |
or maybe both. Paragraph two is a strange read. https://www.dontronics.com |
||||
| paceman Guru Joined: 07/10/2011 Location: AustraliaPosts: 1329 |
Maybe this whole issue will show up a few supply chain problems with a number of big suppliers - not sure that they'd be too happy about that! |
||||
bigmik Guru Joined: 20/06/2011 Location: AustraliaPosts: 2949 |
Lads, If RS can be caught then so can all of us. The statement by Fred sounds to me to like politicians election promises. I cant say that I honestly believe the statement that the devices `quarantined themselves' and that FTDI didnt actively try to destroy the counterfeits. Don, Why don't you offer your faulty cables in bunches of 5 or so as power ONLY cables, with a small sheet print out of exactly the problem with each one. Even though the UART part is faulty these are still perfectly good cables for plugging into and powering a uMite from a readilly available USB mains power adapter. I reckon say $5 for 5 cables of so.. Regards, Mick Mick's uMite Stuff can be found >>> HERE (Kindly hosted by Dontronics) <<< |
||||
| vasi Guru Joined: 23/03/2007 Location: RomaniaPosts: 1697 |
But Don knows that those will be perfectly reliable on Linux after a kernel update... Hobbit name: Togo Toadfoot of Frogmorton Elvish name: Mablung Miriel Beyound Arduino Lang |
||||
| bigmik Guru Joined: 20/06/2011 Location: AustraliaPosts: 2949 |
Hi Vasi, I have some `inside information' from Don.. I cant let on as its a secret... . . . . OK! I tell.. When I caught up with Don last week he was asking me what he can do with these cables he has.. He doesnt want to besmirch the DONTRONICS name by selling cables that are, well if not Faulty, not really suitable for the task (in many cases). He said he would rather dump them than have someone get caught out.. Fair enough comment but I also thought that they were perfectly good (and high quality) cables if you wanted to just POWER your uMite in a cupboard or at a site location.. Don could recoup some of his losses and us users/hobbyists can get a good quality cable for uMite power connection. USB `wall warts' or mains power supplies are found everywhere these days.. Also IF someone wished to arm wrestle with their drivers on their PC (I can tell you this can be a pain in win 8.1) then they can also get a usable TTL serial cable as well but Don will not have support issues with that side as they were sold as `power cables'. Just trying to broker a win-win situation here. Anyway, Not sure Don is convinced yet.. If interested drop him a PM or ask in this forum.. Regards, Mick Mick's uMite Stuff can be found >>> HERE (Kindly hosted by Dontronics) <<< |
||||
| Page 4 of 4 |
|||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
