Future Technology Devices International, FTDI, creator of a popular line of USB-to-Serial chips used by hardware hackers and embedded in a number of consumer devices the world over, is using a driver update to crush counterfeiters by rendering the fake chips useless once patched.
Earlier this month, hardware hackers started to report problems after an updating their FTDI drivers. The FT232 chip is used in wide range of test equipment, as well as consumer and scientific products. It's also used by hardware hackers in a number of projects based on Arduino.
When a device using the FT232 chip is plugged into Windows system, FTDI drivers are downloaded automatically via Windows Update. This is a convenience for most, but a little over two weeks ago, it became a frustrating problem for many.
"I bought some RS485 boards from Ebay with an FTDI FT232 chip on them. Apparently the chips are fake. I used them with Linux and they work fine. After plugging them into a Windows PC with the latest drivers they quit working (even with Linux). I think the FTDI driver somehow kills the fake FTDI chip. Not nice if you got a lot of these boards in the field," commented one user on the EVVblog forum.
The user's conclusions were correct. Buried within the driver files is a EULA from FTDI warning users that the update could "irretrievably damage" counterfeit chips. This is exactly what happens, as hundreds have confirmed that once the new driver is applied, the FTDI chip is disabled completely.
The latest driver from FTDI reprograms the PID of the chips to 0 (zero). This new PID is stored in persistent memory, so once reprogrammed; the chip itself is useless – even if older drivers are used.
FTDI stands by their actions. On Twitter, the company said that consumers with concerns about the update should ensure that they've purchased the hardware from them directly, or an authorized distributor.
In addition, after the backlash related to the driver update started to swell, FTDI said they're not targeting users, noting that those who are unsure about the legitimacy of the chips should avoid using the updated drivers.
This advice however, goes against the general nature of hardware and application developers, who tend to follow best practices and use the latest drivers and software in their projects.
In fact, the consumers who have been impacted by this update have committed no crime. Their only offense seems to be purchasing a product that was presumed to be legitimate in the first place. Even the experts could be fooled, as telling the difference between a real FT232 and a fake version requires a microscopic exam in most cases.
"Rather than targeting those who manufacture, sell, and distribute counterfeit products, they're attacking consumers that don't necessarily have the capability to know whether or not their devices have the authentic chips in them," commented Wesley McGrew, Assistant Research Professor, in Department of Computer Science & Engineering at Mississippi State University.
FTDI advertises that their chips are used in a number of vertical markets, including what many would consider critical infrastructure. However, McGrew added, supply chain issues could lead to the use of counterfeit chips.
"The presence of counterfeit chips in these applications is something that should be addressed, but actively disabling those devices without prompt is not the way to do it," he said.
"A device manufacturer attempting to be above-board on this might even be duped into purchasing counterfeit chips or into using a factory that substitutes counterfeits to cut costs. Supply chain issues really complicate things here."
McGrew, along with a majority of the developers who have been forced to deal with the issue, said that FTDI has a right to protect their IP, but the company "should have written their driver such that it would not operate with counterfeit devices, stopping short of actually attacking the devices themselves."
Many of those outraged by the driver update compare the code to malware, because it directly attacks a connected device and renders it inoperable. McGrew agrees.
"This isn't a case of an unforeseen issue with compatibility inadvertently damaging a device. It's intentional and malicious. It's code that attacks an end user's environment, and there's no way for that end user to predict what will happen (and there's no way that they'd agree to it if they could). Microsoft should be furious that FTDI is using the Windows driver update process to launch such an attack," he said.
Microsoft had no comment on the driver update, and referred questions to FTDI.
Microsoft issued a statement late in the evening on Thursday, confirming that the driver update had been removed from their systems.
In a follow-up, FTDI confirmed the same, adding in part:
"The recently release driver release (sic) has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected."