Author Topic: Dangerous new trend in USB key marketing from companies  (Read 7706 times)

0 Members and 1 Guest are viewing this topic.

Online ataradov

  • Super Contributor
  • ***
  • Posts: 7159
  • Country: us
    • Personal site
Re: Dangerous new trend in USB key marketing from companies
« Reply #75 on: December 07, 2018, 06:58:33 am »
VID is just a number, you can't copyright numbers.There is absolutely noting they can do here.
Alex
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10431
  • Country: au
Re: Dangerous new trend in USB key marketing from companies
« Reply #76 on: December 07, 2018, 07:09:24 am »
Something is identified as Apple - by whatever means - and that is not a trademark issue?

Having trouble seeing that.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 7159
  • Country: us
    • Personal site
Re: Dangerous new trend in USB key marketing from companies
« Reply #77 on: December 07, 2018, 07:15:38 am »
Something is identified as Apple - by whatever means - and that is not a trademark issue?
Having trouble seeing that.
  It did not identify as Apple. Linux matched its USB Vendor ID to a database and printed Apple. It is not device's fault. The device itself identified as :

Code: [Select]
[14750.121605] usb 3-2: Product: WEBKEY
[14750.121607] usb 3-2: Manufacturer: ŵࠅę̩ʑ֕
Alex
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 10431
  • Country: au
Re: Dangerous new trend in USB key marketing from companies
« Reply #78 on: December 07, 2018, 07:20:05 am »
Then I'm curious as to how it picked out Apple.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 7159
  • Country: us
    • Personal site
Re: Dangerous new trend in USB key marketing from companies
« Reply #79 on: December 07, 2018, 07:32:05 am »
What "it"? The device picked a "random" number. In this case it ended up being 0x05ac. The fact that Linux comes with a text file matching this number to a string "Apple" is a pure coincidence.

USB requires VID/PID to work, and USB IF does not make it easy to get them. So people just put random numbers.
Alex
 

Offline xaxaxa

  • Regular Contributor
  • *
  • Posts: 248
  • Country: ca
Re: Dangerous new trend in USB key marketing from companies
« Reply #80 on: December 07, 2018, 09:02:10 am »
USB requires VID/PID to work, and USB IF does not make it easy to get them. So people just put random numbers.

Or spoof a specific VID/PID, which I had to do in one of my products, otherwise windows will not recognize it as stupid windows has no concept of "device class" but rather ties drivers to VID/PID.
 

Offline perieanuo

  • Frequent Contributor
  • **
  • Posts: 373
  • Country: fr
Re: Dangerous new trend in USB key marketing from companies
« Reply #81 on: December 07, 2018, 12:55:07 pm »
USB requires VID/PID to work, and USB IF does not make it easy to get them. So people just put random numbers.

Or spoof a specific VID/PID, which I had to do in one of my products, otherwise windows will not recognize it as stupid windows has no concept of "device class" but rather ties drivers to VID/PID.
yep, can do this, but here you can got yourself a big nice copyright lawsuit.why not buy original ftdi and use it as it is with his original vid/pid...
we made products like you did with some pid/vid different from original and build own drivers.
but wat the hell maybe I'm missing something
regards,pierre
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 17632
  • Country: gb
Re: Dangerous new trend in USB key marketing from companies
« Reply #82 on: December 07, 2018, 01:55:46 pm »
I think people who build their own drivers and get IDs changed should be shot because it's a PITA getting the generic drivers working on MacOS X then.  :--
 

Offline edy

  • Super Contributor
  • ***
  • Posts: 2243
  • Country: ca
    • DevHackMod Channel
Re: Dangerous new trend in USB key marketing from companies
« Reply #83 on: December 07, 2018, 03:02:16 pm »
The list of USB VID's is here:

http://www.linux-usb.org/usb.ids

Scroll down to 05ac  Apple, Inc., you will see lots and lots of PID's associated with various Apple products. I assume that this vendor ID is reserved for Apple use only, so as they add more products they can fill in their PID's as needed. Note that this WEBKEY uses an unpopulated PID 6662. Apple doesn't use it, *yet*. They end at about 1500 and then jump to 8005 in the list.

Linux doesn't know, and I doubt that in the future Apple will just "Release" a subset of their VID PID's to another company. So they *are* infringing on what seems to be a reserved Apple range of PID's... certainly by claiming to be them as a vendor for sure, and then in the future potentially conflicting with something Apple may release. They should not have used that VID, regardless of what PID they are using (even though Apple doesn't currently have anything listed). One other note.... I do not know if this Linux-USB list is comprehensive (probably not) and so there must be a USB consortium or some other organization that handles this... i.e. here:

https://www.usb.org/getting-vendor-id

There-in lies the potential legal ramifications... the company could potentially be sued by USB.org. They also have tools here: https://www.usb.org/usb2tools, and there is a Company list you can download if you are a member (maybe someone on the forum is and can check the relevant codes and rules). Anyways, like I said before it seems that if you make USB devices you probably need to comply to this organization's rules but it may be "suggested" and not legally enforceable (and I doubt the law extends to China which seems to do whatever it wants anyways).
« Last Edit: December 07, 2018, 03:03:58 pm by edy »
YouTube: www.devhackmod.com LBRY: https://lbry.tv/@winegaming:b Bandcamp Music Link
"Ye cannae change the laws of physics, captain" - Scotty
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 7159
  • Country: us
    • Personal site
Re: Dangerous new trend in USB key marketing from companies
« Reply #84 on: December 07, 2018, 03:50:03 pm »
So they *are* infringing on what seems to be a reserved Apple range of PID's... certainly by claiming to be them as a vendor for sure, and then in the future potentially conflicting with something Apple may release.
It is not an infringement in a legal sense. In order to use USB peripheral in a microcontroller, you don't have to know about the list of existence of USB IF.

There-in lies the potential legal ramifications... the company could potentially be sued by USB.org.
No, they can't. Unless it is a frivolous lawsuit.

It is a contractual issue. They can be used for contract violation (as those companies that tried to resell PIDs). But if they have not entered into a contract in a first place, they can't be sued for violating it.

USB IF can pursue copyright infringement if you use their logo on the product. But that's it.

BTW, everyone is "infringing" whey they use I2C addresses, since NXP maintains a list of officially assigned addresses.
« Last Edit: December 07, 2018, 03:55:25 pm by ataradov »
Alex
 

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 1588
  • Country: us
  • Yes, I do this for a living
Re: Dangerous new trend in USB key marketing from companies
« Reply #85 on: December 07, 2018, 08:16:41 pm »
Then I'm curious as to how it picked out Apple.
Simple. The Manufacturer ID is a string stored in the device and returned to the host during enumeration.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 7159
  • Country: us
    • Personal site
Re: Dangerous new trend in USB key marketing from companies
« Reply #86 on: December 07, 2018, 08:37:39 pm »
This is not the case here. Manufacturer ID string is not Apple here.
Alex
 

Offline edy

  • Super Contributor
  • ***
  • Posts: 2243
  • Country: ca
    • DevHackMod Channel
Re: Dangerous new trend in USB key marketing from companies
« Reply #87 on: December 19, 2018, 05:17:51 am »
I had some time so I put together a video summarizing this thread for others to watch and hopefully learn about this terrible practice. Maybe somebody from Colgate or Apple will see this and take notice!



DESCRIPTION:

I received this marketing material from Colgate and in the package was this plastic card with a flip-out USB key that I thought was a USB drive with Colgate brochures/videos. Instead, the device turned out to be a keystroke injector, taking over the keyboard input to launch a browser on your computer. This is a sneaky and dangerous practice, susceptible to hacks and total waste!

The URL it types is 25 characters, but can be entered only as 17 characters (srt.red/CAEnglish) without the "https://", and if they shortened it more could easily be 10 (srt.red/CE) as they can control the bitly shortcut. They could have just printed in big letters to go to "srt.red/CE" (English), or "srt.red/CF" (French) or "srt.red/US" (USA) instead of making this useless piece of garbage that causes issues on Linux machines, has the potential to mess up your system and does stuff you don't expect!

At least if they provided a useful USB Storage Drive (e.g. 16GB) with their name on it, it would have some utility and more impact. Instead, this promo material is used once and trashed! It only shows how ridiculous marketing is getting and I am sure Colgate is unaware or doesn't know this is bad practice or likely to leave a negative impression.
YouTube: www.devhackmod.com LBRY: https://lbry.tv/@winegaming:b Bandcamp Music Link
"Ye cannae change the laws of physics, captain" - Scotty
 

Offline Richard Crowley

  • Super Contributor
  • ***
  • Posts: 4310
  • Country: us
  • KE7GKP
Re: Dangerous new trend in USB key marketing from companies
« Reply #88 on: December 19, 2018, 05:43:16 am »
It is extremely unusual to have more than one keyboard attached to a computer,
That is completely contrary to my experience.  Windows at least will happily accept any kind of HID (Human Interface Device) and automatically install drivers (if necessary), etc.  Keyboards and Mice are only two types of HID.  Many other types are in wide use. For example, barcode readers, RFID readers, etc.

Quote
so IMHO the USB drivers should realise that you already have a keyboard and prompt whether to enable them when subsequent ones appear.
Lots of dumb users would find it annoying to have to click through several authorization windows just to plug in their mouse.  There probably isn't much difference to the OS between a keyboard and a mouse.

For years, we have seen movies and TV where the good guy (or the bad guy) sneaks in and plugs in a USB gadget to copy all the secret files or give remote access to the controllers out in the panel van on the street, etc.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf