Author Topic: FTDI driver kills fake FTDI FT232??  (Read 946735 times)

0 Members and 2 Guests are viewing this topic.

Offline linux-works

  • Super Contributor
  • ***
  • Posts: 1993
  • Country: us
    • netstuff
Re: FTDI driver kills fake FTDI FT232??
« Reply #600 on: October 24, 2014, 03:05:49 pm »
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
Thats what you said numerous times and probbably like to believe but there is 0 evidence to back it up so it is pure speculation from your side?

arstechnica (iirc) posted that MS did, in fact, remove 2 versions of the driver from its update site.  we can guess its 2.11 and 2.12, since 2.10 was the last known good working version, malware-free.

why do you doubt that MS has removed the updates?  I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.

Offline XFDDesign

  • Frequent Contributor
  • **
  • Posts: 442
  • Country: us
Re: FTDI driver kills fake FTDI FT232??
« Reply #601 on: October 24, 2014, 03:13:46 pm »
why do you doubt that MS has removed the updates?  I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.

It also makes business sense for MS to intervene. They have enough problems with Windows Updates killing systems, the last thing they want is to get inundated with complains about how their update bricked user's peripherals. Everyone would look at MS first, as that would have been the most recent system change. This is a near "free" act of preventative maintenance on their part.
 

Offline limbo

  • Newbie
  • Posts: 9
Re: FTDI driver kills fake FTDI FT232??
« Reply #602 on: October 24, 2014, 03:14:41 pm »
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 6459
  • Country: nl
Re: FTDI driver kills fake FTDI FT232??
« Reply #603 on: October 24, 2014, 03:15:10 pm »
why do you doubt that MS has removed the updates?  I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
Let me rephrase so it is more clear and unambiguous:
I do believe MS removed the updates.
BUT I rather do believe a CEO from a multi million$ company stating in an official press release that their company asked MS to remove them than the words of a youngster that says that MS has removed the updates and "bitch slapped" that company.
 

Offline SydB

  • Contributor
  • Posts: 20
Re: FTDI driver kills fake FTDI FT232??
« Reply #604 on: October 24, 2014, 03:17:32 pm »
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053

Re-read it buddy. It has been pulled from the Windows updates.
 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: FTDI driver kills fake FTDI FT232??
« Reply #605 on: October 24, 2014, 03:19:30 pm »
Well, this has raised the awareness of counterfeit components and caused problems for those supply lines using the fakes. The problem is that a lot of people have been upset.

Yes, like raising the awareness of people not cleaning windows by smashing every dirty window in sight. Clever move.
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: FTDI driver kills fake FTDI FT232??
« Reply #606 on: October 24, 2014, 03:26:02 pm »
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053

I can't believe Mr. Dart got zero comments on that blog posting. Some minion at FTDI might be busy ruining the Delete button on his keyboard.

What the posting also shows is that FTDi didn't learn its lesson.
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Offline zapta

  • Super Contributor
  • ***
  • Posts: 6189
  • Country: us
Re: FTDI driver kills fake FTDI FT232??
« Reply #607 on: October 24, 2014, 03:28:55 pm »
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."

The device doesn't load anything. It's the OS and driver that decide what to 'load'.
 

Online nctnicoTopic starter

  • Super Contributor
  • ***
  • Posts: 26751
  • Country: nl
    • NCT Developments
Re: FTDI driver kills fake FTDI FT232??
« Reply #608 on: October 24, 2014, 04:08:58 pm »
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053
I can't believe Mr. Dart got zero comments on that blog posting. Some minion at FTDI might be busy ruining the Delete button on his keyboard.
What is there to comment on? It is a vague press release. Not an invitation for debate.
Quote
What the posting also shows is that FTDi didn't learn its lesson.
I agree. I'm not going to change my decision not to put FTDI chips in my design. One way or another FTDI has decided to kill their competition. I don't want to become collateral damage.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 7990
  • Country: gb
Re: FTDI driver kills fake FTDI FT232??
« Reply #609 on: October 24, 2014, 07:14:06 pm »
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
Thats what you said numerous times and probbably like to believe but there is 0 evidence to back it up so it is pure speculation from your side?

arstechnica (iirc) posted that MS did, in fact, remove 2 versions of the driver from its update site.  we can guess its 2.11 and 2.12, since 2.10 was the last known good working version, malware-free.

why do you doubt that MS has removed the updates?  I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.

Quote
Update: Microsoft has given us a statement:

Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.

That would seem to say FTDI removed them, not Microsoft.
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #610 on: October 24, 2014, 07:30:22 pm »
why do you doubt that MS has removed the updates?  I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
Let me rephrase so it is more clear and unambiguous:
I do believe MS removed the updates.
BUT I rather do believe a CEO from a multi million$ company stating in an official press release that their company asked MS to remove them than the words of a youngster that says that MS has removed the updates and "bitch slapped" that company.

I'm 46, thank you very much. And I would trust just about anyone more than I would trust someone in an obvious position to need to spin a situation.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #611 on: October 24, 2014, 09:14:33 pm »
Quote
Update: Microsoft has given us a statement:

Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.

That would seem to say FTDI removed them, not Microsoft.

Yeah, you really need to un-spin that.

What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?

No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline Chipguy

  • Supporter
  • ****
  • Posts: 320
  • Country: de
Re: FTDI driver kills fake FTDI FT232??
« Reply #612 on: October 24, 2014, 09:20:42 pm »
I appreciate the statement FTDI put out on their forum site.
It is the only action to take: Remove the destructive code but refuse to work with counterfeit devices.

However the damage is done.
At our today's engineering meeting we got a good analogy of what FTDI did:
It is like the shopkeeper who knows you for 10+ years suddenly points his gun at you saying "if you don't steal you have nothing to fear".
Sure you would think "WTF?"  |O

Well at least the shopkeeper has put the gun away now, saying "If you steal I won't talk to you anymore"
Sure I am fine with that.

All the FTDI chips we purchased the past year (around 17K units in total) went through their official sales network,
so the risk is almost 0. Phew...
I am still not happy.... but....whatever

Where is that smoke coming from?
 

Online wraper

  • Supporter
  • ****
  • Posts: 16793
  • Country: lv
Re: FTDI driver kills fake FTDI FT232??
« Reply #613 on: October 24, 2014, 09:21:00 pm »
One way or another FTDI has decided to kill their competition.
Yeah, competition. What will you think when will get such a competition  >:D. People will think that your product is a crap which sells everywhere while actually you can barely sell anything at all.
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 7990
  • Country: gb
Re: FTDI driver kills fake FTDI FT232??
« Reply #614 on: October 24, 2014, 09:33:02 pm »
Quote
Update: Microsoft has given us a statement:

Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.

That would seem to say FTDI removed them, not Microsoft.

Yeah, you really need to un-spin that.

What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?

No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.

And you need to stop posting opinion and assumption as fact.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3781
  • Country: de
Re: FTDI driver kills fake FTDI FT232??
« Reply #615 on: October 24, 2014, 09:38:50 pm »
One way or another FTDI has decided to kill their competition.
Yeah, competition. What will you think when will get such a competition  >:D. People will think that your product is a crap which sells everywhere while actually you can barely sell anything at all.

I would rather think that they have pretty much killed their own customer base with this stunt. Who is going to trust them now?

J.
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #616 on: October 24, 2014, 09:40:07 pm »
Quote
Update: Microsoft has given us a statement:

Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.

That would seem to say FTDI removed them, not Microsoft.

Yeah, you really need to un-spin that.

What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?

No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.

And you need to stop posting opinion and assumption as fact.

I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 7990
  • Country: gb
Re: FTDI driver kills fake FTDI FT232??
« Reply #617 on: October 24, 2014, 09:42:30 pm »
And you need to stop posting opinion and assumption as fact.

I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?

FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053

That's not quite accurate. Microsoft removed the update and bitch-slapped them.
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #618 on: October 24, 2014, 09:45:41 pm »
And you need to stop posting opinion and assumption as fact.

I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?

FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053

That's not quite accurate. Microsoft removed the update and bitch-slapped them.

You are absolutely right. I retract that, and replace it with

That's likely not quite accurate. Microsoft probably removed the update and bitch-slapped them.

I apologize for not being more clear earlier.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 7990
  • Country: gb
Re: FTDI driver kills fake FTDI FT232??
« Reply #619 on: October 24, 2014, 09:46:49 pm »
And in that case, yes, it's entirely possible Microsoft told them where to stick it.

On the other hand, they may have realised they just shot themselves in the foot with a 12-gauge and done something about it for themselves.
 

Offline Precipice

  • Frequent Contributor
  • **
  • Posts: 403
  • Country: gb
Re: FTDI driver kills fake FTDI FT232??
« Reply #620 on: October 24, 2014, 09:50:12 pm »
I would rather think that they have pretty much killed their own customer base with this stunt. Who is going to trust them now?

You're kidding, yeah?
Anyone with an interest in the supply chain being less full of fakes might see this as an opening shot, however misplaced, in that battle.
They were never going to sell their smallest devices to the sub-dollar serial widget manufacturer or the Chinese knockoff Arduino market, so have lost nothing there.
No longer having their drivers blamed for problems with the VID/PID rippers' budget and variously crappy widgets sounds like a good thing.
Having designers explicitly call for real FTDI chips from the CEMs - that might deliver real volumes of sales.
I, for one, will continue to design in and specify FTDI parts where they're the best fit.
 

Offline edavid

  • Super Contributor
  • ***
  • Posts: 3381
  • Country: us
Re: FTDI driver kills fake FTDI FT232??
« Reply #621 on: October 24, 2014, 09:51:00 pm »
And you need to stop posting opinion and assumption as fact.

Just as you need to stop posting content-free snark  :-//
 

Offline nsayer

  • Regular Contributor
  • *
  • Posts: 133
  • Country: us
    • Geppetto Elecronics
Re: FTDI driver kills fake FTDI FT232??
« Reply #622 on: October 24, 2014, 09:53:48 pm »
I think the real take-away here is that devices that rely on proprietary drivers always leave you at the mercy of the suppliers of those drivers, in sharp contrast to devices that implement open standards. Here I am specifically contrasting FTDI devices with CDC devices.

Where an open standard exists, this incident shows the value proposition of adopting it.
Buy my stuff!! It's not at all terrible!! http://tindie.geppettoelectronics.com/
 

Offline MicroBoy

  • Contributor
  • Posts: 28
  • Country: ar
Re: FTDI driver kills fake FTDI FT232??
« Reply #623 on: October 24, 2014, 10:06:23 pm »
Current FTDI driver offered in FTDI Drivers Download page (v2.12.00) does it. Im attaching an image with the attack with the relevant USB Transactions using a USB sniffing software, confirming the driver disassembly behaviour posted a few days ago.  :rant:
 

Offline Rasz

  • Super Contributor
  • ***
  • Posts: 2616
  • Country: 00
    • My random blog.
Re: FTDI driver kills fake FTDI FT232??
« Reply #624 on: October 24, 2014, 10:09:52 pm »
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:

Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).

you can build such tool yourself using this joke linux patch - its replicating what the windows driver did
https://lkml.org/lkml/2014/10/23/129



A quick check of FTDI's website doesn't appear to offer any resources for manufacturers to test their parts to see whether they are genuine.

such tool would be used by chinese designer to perfect his copy, chicken and egg problem


Incidentally, the current difference that they are exploiting is quite easy to fix and in a few months we will see clones that are invulnerable to the current destructive clone counterfeit test.
Few months? More like a few weeks... look how long it took for the Chinese to clone Apple's Lightning cable - and that was RE from scratch, not in this case where all they have to do is update a mask ROM and start producing new chips.

In fact I think the moment that driver update was released, they saw the problem and were working on fixing it. I'm almost willing to bet they've already fixed it and are just waiting for the wafer fab.


except for the fact your fake chips just lost a ton of value and desirability, people in big companies might do meetings discussing FTDI policy, but most chinese sellers/designers will simply STOP using fakes outright - fake sold over ebay  equals to bad feedback at best, paypal chargeback and black mark (few of those and paypal freezes your account) at worst. There might still be few scammers/wise guys trying to sell old stock bundled with CD including older driver, but all of a sudden its a very dangerous proposition if they want to remain on ebay platform

Also agree with the others that this would be a great time to move to a non-proprietary standard protocol like CDC - for which source code is available for both AVRs, PICs, and several other common MCU families.

ot was never about lack of drivers, it was about convenience, FTDI driver is just there, by default, everywhere, so why bother reinventing the wheel.


you think ebay is going to even LISTEN to you after 30 or perhaps 90 days?
are they going to reimburse you for the high cost of shipping back to china?

45 days minimum + YO DO NOT pay for any shipping in case of a fake


I think the real take-away here is that devices that rely on proprietary drivers always leave you at the mercy of the suppliers of those drivers, in sharp contrast to devices that implement open standards. Here I am specifically contrasting FTDI devices with CDC devices.

Where an open standard exists, this incident shows the value proposition of adopting it.

I agree in principle, problem is windows now enforces driver signing so you either pay M$ tax or use something that is already signed
Who logs in to gdm? Not I, said the duck.
My fireplace is on fire, but in all the wrong places.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf