[aprssig] ***SPAM*** Re: ***SPAM*** Oh No!! Fake Prolific 2303 USB<-->Serial Chip Fiasco Now Spreading To FTDI

Scott Miller scott at opentrac.org
Fri Mar 27 23:51:02 CDT 2015


I was in the middle of a book on contract law and torts when this 
happened, and I think it'll be really interesting to see if any lawsuits 
come out of it.  Your players might include FTDI, who pushed out an 
update very specifically crafted to render counterfeits useless, 
Microsoft, who pushed out the update without notification (but wouldn't 
have known of its effects), a manufacturer who designed the FTDI chip 
into a device, a contract manufacturer that assembled the device, the 
CM's supplier or their supplier that provided counterfeit parts, and the 
end users who were effectively punished for the sins of one or more of 
those parties.  *One* of those parties would have known about the 
substitution, but no reasonable level of testing downstream would have 
picked it up.  These were perfectly usable parts, they were just 
labelled falsely (the illegal part) and used FTDI's VID/PID (not illegal).

And I think it's a stretch to say that "most" USB devices have serial 
chips in them.  Most hobbyist devices, probably.  But on a high-volume 
device that's more than you'd want to pay (maybe $1.50) for something 
you can do in the MCU.  Even the OpenTracker USB does native USB just 
fine on an 8-bit MCU that's now several years old.  That said, it 
doesn't surprise me that you'd find them in expensive devices like 
that.  No one cares about that extra $1.50 in a $50k device but it saves 
the developer the trouble of dealing with drivers and software testing.

Scott
N1VG

On 3/27/2015 9:08 PM, KF4LVZ wrote:
> FTDI has already reversed course on the reflashing.  The newest drivers
> no longer do that and they have offered software to fix any chips that
> were flashed.  It caused much more trouble than simple dongles because
> most devices with integrated USB interfaces are actually just these
> serial chips (it's much easier for an embedded processor to communicate
> via simple serial rather than directly use USB).  So things other than
> simple dongles were being bricked including medical instruments,
> laboratory equipment, etc.
>
>
>
> On 2015-03-27 21:01, Stephen H. Smith wrote:
>> For several years, Prolific Technology has been attempting to fight
>> Chinese counterfeit copies of their USB<-->serial chip by playing games
>> with recent versions of the driver they provide for this device.   The
>> current driver somehow determines that a device has a fake 2303 chip and
>> refuses to install or run.   This breaks numerous devices (USB-serial
>> dongles, USB-interface GPS units, radio programming cables, etc.) that
>> contain "fake" chips.
>>
>> Windows Update automatically updates  the Prolific driver when it finds
>> it present in a Windows installation.  This has the effect of causing
>> devices that initially worked with an older version Prolific driver,
>> provided with the device, to stop working after Windows Update
>> "helpfully" updates to the "DRMed" driver.   More details on the
>> Prolific mess here on my website:
>> .   <http://wa8lmf.net/ham/USB-Serial-Dongles.htm>
>>
>>
>> For the last year or so, the conventional wisdom was that to avoid this
>> headache, insist on USB<-->serial dongles based on the FTDI chip
>> instead.  Now it appears that Scotland-based FTDI is facing the same
>> problems (Chinese fakes) and is taking even more drastic action.  Their
>> latest drivers are actually reflashing the internal EEPROM of fake FTDI
>> chips to render them nonfunctional even if you reinstall an older
>> non-DRM driver.  This has the effect of permanently "bricking" the
>> device the chip is embedded in.
>>
>> I somehow missed this story on Slashdot.org when it first ran last
>> October, but a passing reference and a link to it appeared today (27 Mar
>> 15):
>>
>> <http://hardware.slashdot.org/story/14/10/22/185244/ftdi-reportedly-bricking-devices-using-competitors-chips?sdsrc=popbyskid>
>>
>>
>> "FTDI Reportedly Bricking Devices Using Competitors' Chips.
>>
>> It seems that chipmaker FTDI has started an outright war on cloners of
>> their popular USB bridge chips. At first the clones stopped working with
>> the official drivers, and now they are being intentionally bricked,
>> rendering the device useless. The problem? These chips are incredibly
>> popular and used in many consumer products. Are you sure yours doesn't
>> contain a counterfeit one before you plug it in? Hackaday says, "It’s
>> very hard to tell the difference between the real and fake versions by
>> looking at the package, but a look at the silicon reveals vast
>> differences. The new driver for the FT232 exploits these differences,
>> reprogramming it so it won’t work with existing drivers. It’s a bold
>> strategy to cut down on silicon counterfeiters on the part of FTDI. A
>> reasonable company would go after the manufacturers of fake chips, not
>> the consumers who are most likely unaware they have a fake chip."
>>
>> In a series of Twitter posts, FTDI has admitted to doing this. "
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig



More information about the aprssig mailing list