Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
Good luck with that... That has to be the more twisted thinking i've seen so far in this Topic.
You're not understanding that as long as margins allow counterfeiters to emulate a chip and win some money, they will just get better at emulating the original chip behaviour, even the glitches of it (like the one used in the current attack). At the end it will be almost impossible to detect a counterfeit from an original, even for FTDI itself. FTDI could launch a new model with security added, but they must mantain support for all the current models, which lack of it and will be always target of counterfeiters.
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.In an ideal world maybe. The functional equivalent chips which are rolling of the production line as we type are already resillient against FTDI's bricking algorithme so now FTDI has to devise another way to make their driver not wanting to talk to functional equivalents. This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
So when you ship product built with fake crap of unknown quality and origin you would rather there was less risk of the customer finding out. Thanks for confirming that and that I should continue to consider use of FTDI chips as an indication of quality.
If there are FTDI counterfeit chips in the world (and there are), and we should blame someone, that would be FTDI:
* Their products have been always more expensive that others similar. This allowed counterfeiters the luxury of designing a counterfeit part based in a microcontroller;
* Zero security. Even the counterfeit parts look sharper and with better laser printing.
I'm not in favour of conterfeiting. I create IP too and would hate to see it stolen. But i know in what world were're living, so i make just the opossite as FTDI: my profit margin is moderate to discourage conterfeits, and my designs are heavily loaded with security measures. If they get counterfeited, i would hate it, as i said, but I WOULD NEVER TAKE IT AGAINST MY CUSTOMERS. NEVER. I could never do that. I know doing it would be the perfect recipe for company suicide (as Dave said in his video).
This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.
This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.
There are different use-cases and different business models that have different levels of risk for each type of part that you buy.
I suppose for a hobbyist, or for a small shop that builds their own devices, it is simple enough to make sure that only genuine FTDI devices are installed in the end product.
For a larger concern where devices are built in very large quantity, it is highly probable that the assembly will occur in China, as [for the moment] they are the undisputed kings of doing things for less money. In this case, you are putting your trust in a large off-shore company that is [in turn] putting their trust in large off-shore distributors and brokers. In this use-case, there are multiple opportunities for counterfeit parts to end up in the final product.
Counterfeit parts are the "dark side" of the electronics business, and they have always been "out there". I get the impression that the number of incidences are increasing. There are different types of counterfeit parts-- some of them are just a package, with no die inside-- and you discover the problem rather quickly during final testing. These boards can be re-worked at the factory, and this is expensive. The next level of counterfeit parts do have some silicon in them, but it is not genuine, and they only seek to pass incoming QA long enough to get their paycheck. This type of part is dangerous, because it can actually end up in the hands of the final end-user before it fails in some way [and that can be a spectacular failure]. This is really quite evil, because the end-user places the blame on the manufacturer, and it damages their reputation and brand. [This is the level of the current FTDI situation]. The third type of counterfeit part is one that duplicates the original part so well that no one can tell them from the real-deal. This is still a problem, because some of these parts are used in semi-critical electronics, where a failure can damage something or harm someone-- and the real parts were supposed to be properly [and expensively] qualified for this service-- but since this qualification work was not done on the counterfeit, it is at least possible that something bad could happen. [This has already happened on multiple occasions in medical and military electronics, and continues to be a problem today].
The counterfeiters appear to be motivated by money. The more money there is to be made, then the more likely that the part will be a target. The FTDI parts have a rather high margin when compared to other similar parts from other companies, and at the same time they [at least up until now] enjoyed a good reputation and had a lot of design-ins despite the higher price. These two things combined made it almost a guarantee that counterfeiters [and otherwise legitimate clone makers] would copy this product.
Does it show up as an FT232R in the device manager on windows with no driver found error? If it doesn't enumerate (as in be detected not fully work) at all on multiple systems then something else is wrong.It does enumerate but it's not recognised by the lumibox software anymore.
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solutionThink about counterfeit money. The end user can't tell real from fake so basically is screwed and the counterfeiter still goes free.
Actually the markings on the FTDI chips and the functionally equivalents are not the same and that doesn't stop the non-geniune chips from ending up on circuits. IOW: the method you propose has already failed. Your logic about the supply lines is also flawd as pointed out by others. All what is needed are some forged documents to make counterfeit components enter the supply chain without people noticing.
Hiya folks - first post on forum ever so try to be gentle!!
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers but don't have an operational linux system at the moment - changing distros and hardware and lost my USB sticks again....!!
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
My interest is usb-serial devices and an arduino board.
The usb-serial are used for installing/debugging linux and solaris on my sunfire v490 and DL485 servers that I'm playing with.
I also have started to use an arduino mega board. I have absolutely no idea if my items contain clones and would never have suspected this until I followed the Hackaday link to this forum.
If I developed a problem - I would have suspected a configuration problem with the computers and terminal software used and would have spent many hours trying to sort this out - I did initially to get the damn things talking with numerous problems getting the drivers to actually work and software configs.
SO - if a device silently stops working because it has been bricked - the user will naturally concentrate on problems with the items being connected - NOT the connection hardware that has been working previously.
A bricked device completely buggers up a normal end user.
So since becoming aware of this problem I have not connected the devices to any of my computers until I know that it will be safe. When will we know that an updated driver is available that will not potentially brick devices - that is my personal concern.
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers...
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
That is NOT the "perspective as an end user". You are looking at it from the perspective of a hobbyist experimenter. Granted most people in these forums are hobbyist experimenters, but there are also people out there making commercial products with FTDI chips in them.
If you developed some specialist niche product for sale and had hundreds or thousands of them out there for some vertical market (stamp collectors, or people who make quilts, or whatever) your customers quite possibly have little or no experience with computers beyond using them as a magical appliance.
Now, if their computer got automatically updated (because automatic updates are recommended to protect them against malware) and the new FTDI driver turns out to be malware and bricks their device (because you were unlucky enough to unknowningly use a counterfeit chip), all they know is that their gadget stopped working. They don't have a clue that there is something in there called FTDI (real or counterfeit) and they wouldn't even know that there was anything to Google for or that they could possibly fix it. And even if they DID do all that, the "fix" is very fiddly and not end-user friendly.
People here seem to live in a world of their own little workbench and never consider that some people develop products for sale to end-users who are NOT computer experts, and never will be. And we have seen accounts of people ending up with counterfeit chips even when acquired through "official" channels. Nothing is certain in life but death and taxes. Getting a genuine chip (of any brand or model) 100% of the time is a foolish pipe-dream.
Hiya
I'm not saying that I'm a computer expert, and a hobbyist experimenter is an end-user albeit with a little more knowledge.
By design an arduino board is supposed to be used by people with little electronic/computer knowledge - if FTDI bricks these boards bought by 'clueless' individuals not realising that an arduino clone may contain susceptibilities to this (including myself) then they are doing a disservice to a wide range of people.
My aim in posting was to demonstrate that if my devices were bricked then I wouldn't normally have a clue as to why my equipment wasn't working. It is only because I regularly look at hackaday that I became aware of this issue and through them discovered this very interesting forum.
I agree with all you say Richard except that I buy a device and use it - how then am I not an end user? I was only demonstrating that a fortuitous coincidence made me aware of this issue before it may have affected me. I can't think of anyone I know that would have a clue.
I only wish I had time to live in a world of my own little workbench!!
Cheers to everyone.
Just wondering, is anyone going to name the manufacturers or distributors that they have recently found to have supplied fake (not clone) FTDI components instead of what was specified?
Has it happened?
It might be worth working out what else is wrong in the supply chain.
@C: Adding a crypt code isn't going to work for a Linux driver or forces FTDI to provide a pre-compiled module for every kernel version and platform. And even then it will take only a few days to reverse engineer.
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
CP21xx can offer the same functionality with reduced cost
I would like if someone will point out what consumer product (not even a vital one) has been affected that is not related to hobbyists.
I'm just curious, why not using silabs chips? CP21xx can offer the same functionality with reduced cost, and spi/i2c options. Why stick to FTDI craps? Personally I prefer silabs chips because:
e. they offer open source drivers and detailed device specifications, so you can either use their free oss drivers, or write your own ones.
Are you paid by the post count, or by the word count within each post?