Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.

Reports of problems with FTDI chips surfaced early this month, with an explanation of the behavior showing up in an EEVblog forum thread. The new driver for these chips from FTDI, delivered through a recent Windows update, reprograms the USB PID to 0, something Windows, Linux, and OS X don’t like. This renders the chip inaccessible from any OS, effectively bricking any device that happens to have one of these fake FTDI serial chips.

Because the FTDI USB to UART chip is so incredibly common,  the market is flooded with clones and counterfeits. it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences. The new driver for the FT232 exploits these differences, reprogramming it so it won’t work with existing drivers. It’s a bold strategy to cut down on silicon counterfeiters on the part of FTDI. A reasonable company would go after the manufacturers of fake chips, not the consumers who are most likely unaware they have a fake chip.

The workaround for this driver update is to download the FT232 config tool from the FTDI website on a WinXP or Linux box, change the PID of the fake chip, and never using the new driver on a modern Windows system. There will surely be an automated tool to fix these chips automatically, but until then, take a good look at what Windows Update is installing – it’s very hard to tell if your devices have a fake FTDI chip by just looking at them.

584 thoughts on “Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

        1. Bricked to you and me would mean irreversible turned into a paper weight. Reading the definition on Wikipedia reveals that “soft brick” would be the correct term for the above and a “hard brick” would be permanent.

        2. When the story first came out, no one was quite sure what was being done to the suspect FTDI chips. It was believed the damage was permanent. So one the nature of the disabling was determined you saw people describing it as soft bricking, or effectively bricking, etc; because while technically knowledgeable people could find and implement the fix, the average person could not.

          The arduino trick works for FTDI chips in arduinos because the driver writes the PID the first time the device is discovered.

      1. They are not bricking anyones devices. The company released an update for THEIR hardware.. These people are taking this software and applying it to hardware it was not ment to support. They are essentially flashing the wrong firmware onto a device then wanting to blame the software for bricking the device.

        Also.. These “devices” are not technically “owned” by the consumers at this point. The sale of counterfit merchandice that violates international copyright and trademark laws is prohibited, these sales are null and void. People should be contacting manufacturers and demaning refunds due to being sold illegal products that have faild.

        1. @Atwas911

          YES they are bricking because they have intentionally done something that will knowingly break one or more users chips. If you purchase a used SONY TV at a flea market but it turns out that its really a cheap knock off then does that give SONY the right do something that will intentionally break your TV?

          This idea that because its counterfeit means an entity can do as they please to the buyer who may be totally unaware that they have a counterfeit product is complete BS.

          1. No.

            FTDI is intentionally breaking other devices. There is no two ways about it. Someone sat down, and wrote a piece of code that resets the PID to 0, which breaks the device. This is not a case of trying to flash Motorola firmware to a Samsung device, that’s USER stupidity. Fact is, FTDI have INTENTIONALLY and PURPOSEFULLY pushed out this driver update to all Windows users without their knowledge or consent. FTDI are intentionally, and knowingly bricking consumer’s devices that happen to contain a cloned chip, whether or not (and usually not) they are aware of it. These consumers are almost universally innocent, because most people have no idea how their electronics work, much less the ability to decap a chip and verify it’s an authentic FTDI part.

            This is going to result in a class-action lawsuit.

          2. It’s not even a case of a dodgey hardware update. This is an update to Windows that discreetly reflashes the firmware on other hardware devices than the computer you updated.

          3. Nope. It’s like sony releasin software update for their device, then the consumere trying to apply it to that fake sony and it breaks it. Nothing wrong there.

            And the class action? Against who? FTDI? “we tried to use your software on different manufacturers chips and it didn’t work. Now pay us.” Really? Think it’s going to happen?

          4. The knock off chips are not faithful reproductions, but are using FTDI software and will often me marked up as being made by FTDI for the casual observer.

            If these 3rd party chips do not perform correctly they will damage the FTDI brand, so quite rightly FTDI have come up with a way to help prevent the confusion and damage to their brand.

          5. Right, and that same innocent ‘unaware’ buyer only spent 30% of what they should have paid for said device. Bullshit on the whole innocence ploy when you are significantly underpaying for products. That is the risk you take and it means you are fine with supporting counter fitting and theft and reproduction of designs.

          6. There is such a thing as Common Sense. It makes no sense to shoot yourself in the foot and then come out with a lame excuse about going after the counterfeiters.
            The counterfeiters have already sold their devices. Your customers only know that they have been stiffed.

        2. FTDI supplies an update to the Windows OS, not to the device firmware. The owners of the devices are merely keeping their OS patches up to date, exactly as they should.
          If FTDI does not want their driver to support unlicensed chips, then they should write the driver to refuse to work for those chips. They have absolutely no business flashing anything to any chip they did not make, and very little business flashing things to chips they did make without getting permission from the device owner first.

        3. spoken like a true capitalist.

          “While our intentions were honorable..”
          Writing your driver in such a way that it notifies you when counterfeit devices are trying to use said driver is one thing. “Hey man.. this a fake chip. Our driver is not going to work. You should contact the supplier and ask for legitimate software, or better yet, buy a legitimate chip. Now disabling drivers…”
          Writing malicious code to permanently disable (even if it is reversible by some hackery) or potentially destroy counterfeit devices is another thing entirely. Remember that until proven in a court of law that the device is in fact a fake, it, and the owner of the property must be considered innocent.

          It is NOT, nor has it ever been the responsibility nor right of the manufacturer to enforce IP in such a way. That is the responsibility of the courts and law enforcement.

          Malicious code protections are functionally equivalent to FTDI engineers busting into your house, examining all of your hardware, and confiscating any suspicious chips. The key here is that it is not law enforcement officials, with proof and proper warrants. It is just some random people busting into your place. In many parts of the world, you have the right not only to refuse to cooperate, but to shoot to kill such intruders.

          The only legitimate way for a company to do this is to first prove and report that the chip is fake, via non intrusive driver checks. Then they must give you a chance to voluntarily forfeit the device. You’d be given the option to buy a genuine product. Only if you refuse to forfeit it (and why would you do so? The genuine driver refuses to work with it, and the original supplier has no alternative drivers for you) would they then have legal grounds to become more aggressive, and only through appropriate legal channels.

          I say all this, that this is how it SHOULD work.. realizing that its fantasy. In the really real world, companies get away with all sorts of morally questionable bull$it.

          1. A lot of people here are offering their legal views on if FTDI had the right to do what they did, or not, but they all seem to over look the fact that the Windows drivers are pushed worldwide and I think it would be safe to say that what they did would be a crime in at least one country, probably many.

      2. Well, they can’t be expected to support every clone on the planet. I’m guessing the clone chip makers are free to supply their own drivers instead of using FTDIs. If you buy a fake product don’t be surprised it doesn’t work with all the parts of the original.

    1. I agree. As someone who has been burnt with fake FTDIs, I now go out of my way to make sure my suppliers know I demand genuine hardware. And this is why. Whilst some people understand I am producing quality hardware and clones are out there, there are others who dont care and buy cheap hardware from ebay thinking its the same thing. As I also develop software which is not locked to my hardware (i dont mind homebrewers) I end up having to support people claiming my software is broken which wastes lots of my time and make my software look poor which it is not. The issues are the previous FTDI drivers not working properly with the clones. It wastes heaps of my time and rep. This way the bad hardware will fail, and people will know they have bought a dud. Low quality clones will clearly look low quality. The users will then not blame me and complain to their supplyers and so on. Also I and other manufacurers will continue to put pressure on the supply chain to keep it genuine. This pressure needs to come from somewhere, else the clones will continue to become more and more common and we’ll all suffer with buggy low quality random hardware while FTDI get nothing for the quality drivers they have developed and paid microsoft for testing and certification.

      1. No, all it means is the next generation of clones will be electroncally indistinguishable from the real thing. The counterfeiters will spent a few more cents on QA, and we’ll see more compatability down the line. For you, the result might be the same thing, but for a different reason. The tighter the FTDI tries to squeeze the clones, the easier they will slip through their fingers.

      2. OTOH, my response to this is that I’m never going to design around an FTDI chip again. There’s already open code available to make the ATMega32U4 perform the same function, and the chip is cheaper to boot.

        It’s fine that they want to protect their brand, but this is exactly the wrong way to do it. This is the equivalent of Fram somehow making your car completely and forever inoperative because that filter that you bought at Autozone last week that said “Fram” turned out to be counterfeit. You didn’t know, not your fault, but screw you, your car is now scrap metal.

      3. What’s wrong with a dialog box that says “Your hardware contains a counterfeit chip. Please contact your vendor (not us) for support.”

        Put the blame and ill-will where it belongs. Robbing consumers of hardware they paid for deserves a class-action, end of story.

        FYI – I avoid FTDI like the plague. There are cheaper/elegant ways to add usb support than to rely totally upon a 3rd party for an essential part of YOUR device. This just confirms my suspicion. If a batch of my product ended-up bricked because I acquired some fake chips… there would be hell to pay.

        1. I tend to think this will play out in terms of property damages rather than some legal ideal that’s being presented in much of the comments.

          Most consumers are not going to know that the serial port on their router is handled by a fake ftdi chip. If that device then gets bricked, the consumer then complains to manufacturer of the router. Not only has the consumer experienced property damage, but the manufacturer of the router will have to expend resources to correct the situation, possibly resulting in a recall of thousands of devices.

          The problem is with labeling and knowledge. Rather than educate the consumer and manufacturers, this is blatant property damage which treats the consumer as a criminal. I’d be ok with a driver that just refuses to work with a fake chip – at least that’s easier to fix.

          Most users, at least the ones I know, are not going to rip apart their devices to replace a chip.

      1. The Sony rootkit was distributed by Sony, on CD, nothing to do with Microsoft.
        This is being distributed my Microsoft through Windows Update. That said, it’s entirely possible that MS had no knowledge of this, given the number of driver updates they have to test.
        I’m going to follow Hanlon’s razor on this and assume that Microsoft screwed up unintentionally.

          1. Well I am with Trui here. I am not going to use FTDI chips because A)they turn out to be assholes who create malware to supposedly hurt their competitors, but instead they hurt customers B) You can never be sure what you get from your suppliers. So sorry I don’t buy this BS of ‘ohh but they are not their devices’. You never know dude. It easier to just use a different chip that does the same and avoid hurt drama queens.
            FYI the US army at one point tested their equipment and it turned out that X% of the components used for avionics, cruise missiles and stuff were counterfeit.

          1. Members of USB-IF agree to not use someone elses VID/PID — and you might have a hard/impossible time joining USB-IF if you do — but it isn’t illegal. If you aren’t a member then you can’t use the logo and other trademark; but you can do almost anything else you want.

            This issue with FTDI is really only about two issues (in the most case, it may depend on the counterfeiter): Trademark violation, and fraud.

            But I made a pin/API compatible device, called it FastTDI (or something else that wouldn’t violate trademark), and used the same VID/PID then I would not be breaking any law, or deceiving customers. However FTDI’s driver would still attempt to disable it. How is that right?

          2. You can build a compatible device, but that doesn’t make it legal to use with their software (drivers / DLL in this case) as most EULAs specify that the software is only to be used with genuine hardware. If the clone makers wrote their own driver stack this wouldn’t be an issue, but they don’t because they lack the skills and would rather profit from someone else’s IP and effort. I stopped using FTDI’s products in my designs 10 years ago for cost and performance reasons and just use USB micros and custom dirvers instead, but I think they have every right to prevent others from using their IP.

        1. The VID and PID used are the legal property of FTDI and thus anyone using these without FTDI’s express authority is breaching FTDI IP. Folks should also read the driver download T&Cs on FTDIs website they have changed and refer to potential damage to non-genuine devices.

          1. Do you have to agree to those T&Cs to apply the updated driver through windows update? It might be interesting if you do, we might get to see if a court would uphold a click-through that authorizes damage to your hardware.

      1. Except that it punishes consumers, and manufacturers who don’t know they have counterfeit chips. Counterfeit chips can enter the supply chain from multiple places along the line that may not be in your control.

        All of a sudden because of this move your product no longer works because of something you might not have had any control over.

        I am sympathetic to FTDI, but this is the wrong move. How much time and equipment is going to be lost because the consumers had no way of knowing? FTDI is opening themselves up to litigation by this move.

        At the very least they should warn consumers before bicking their hardware.

        1. The problem is.. There is no way to really track or effect the supply chain other than by means like this.. These companies that make these parts are fly-by-night.. They’ll work out of one port for awhile, then change names and sell someplace else. Its very hard to track down and actually be able to do anything about them. They are often made in places where IP means nothing and therefore there is no legal recourse. I think they made a good decision that is ultimatly going to be good for consumers even though it seems harsh now. Consumers will hold their manufacturers accountable and the manufacturers will have to make sure they buy official parts in the future.

          1. Not so long ago, a different manufacturer (Prolific, if I am not mistaken), added code to detect counterfeit chips and BSOD.

            That’s acceptable, in my mind.

            This, on the other hand, is sabotage. It’s effectively destruction of property owned by someone else. It’s as if Gucci were able to barge into your house and spray paint a counterfeit bag.

            Never mind whether this is legal or not, it is completely beyond the ethical pale.

          2. Even then, latest Prolific Winx64 driver only detects 25% (1 out of 4) for the fake PL2303 chips I bought for a laugh. There was an error message in Device driver and their site tells you about fake chips and that’s it.

            BTW The other 3 chips just works great.

          3. So what if instead of destroying my property, and hurting vendors who had no idea they were using counterfeit chips for whatever reason, that FTDI’s new driver popped up a warning. Maybe force us to see it 10 times before giving us the option of hiding it.

            Then Consumers would know, Manufacturers would have an opportunity to get right/fix their supply chain, and FTDI wouldn’t come off looking like jerks.

            There are many other options than bricking mission critical hardware. I am not one for hyperbole, and I want FTDI to change this stupid policy; but if they don’t I am sending them a bill for any hardware affected (depreciated of course, I am not a monster ;)…

          4. Yeah, the counterfit chips come from shady suppliers, there is a solution though: avoid shady suppliers. This increaces the incentive to do so.

            Oh, and if you have hardware that is bricked by this, the seller and manufacturer should make right. If they don’t well, thats a sign that they are shady, and you shoukd avoid doing business with them in the future.

          5. @eas

            That assumes that either the seller or manufacturer A: still exist and B: still offer support for their product. I can think of more than a few legitimate companies no longer in business or no longer offering support for legacy devices still in use.

        2. Exactly, punishing innocent consumers who have no control over the chips within their devices beyond completely refusing to use USB devices (good luck with that) is wrong on every level. This is an evil move, and makes me want to find (legal) alternatives to FTDI branded chips in my projects.

      2. So if say a manufacturer of a device you bought was found to infringe a patent you would be perfectly alright with the patent owner bricking it with some software it surreptitiously distributes through OS updates or third party apps?

        Or to put it more concretely, does Apple get the right to hack and brick Samsung phones if they win a patent lawsuit?

        1. What about a plane? What about a plane that has been operating just fine when some driver that was updated two weeks ago on the ground finally is in operation for some obscure but critical piece of equipment?

          Is it right that everyone on board dies because of a twenty cent counterfeit chip?

          1. Critical embedded systems do not get random bleeding edge drivers updates like consumer OS just because the vendor decided to fix a typo or some random stuff in their drivers. They tend to get a lot of testing before they get deployed. Even then only it is critical…

            The motto is : If it aint’t broken, don’t fix it.

          2. Lack of reading comprehension on your part. It is not the embedded system that is getting the update, it is windows. And if you think consumer OS manufacturers give out bleeding edge updates, well you truly are lost. All it would take is a laptop checking on something to break these permanently. Not hard to do.

            Finally, have you ever actually worked on anything critical? The fact that USB to serial dongles saturate critical systems control line troughs should tell you the state of affairs that things are in. If you have not seen those, then why are you commenting on something you are ignorant of?

          3. Actually I worked on defense contract, high availability server and security systems before. All of these are mission critical and down time just isn’t an option. What’s your qualification?

            >Is it right that everyone on board dies because of a twenty cent counterfeit chip?
            So you are saying that windows controls the critical system that can down a plane? Entertainment system or other non-critical system, but certainly not something that can kill.

          4. On systems that are critical, surely you would have detect failures (via BIST, checksums for your communication interface, watchdogs etc). FTDI brick the chips, so it would be a failed serial device. There should be some way of detecting that and handling it gracefully and usually a redundancy link somewhere. Serial interface isn’t know to be robust. I would expect something more robust like MIL1553 or some more robust version of Ethernet.

            So what’s your expert opinion on this? Or you are just trolling?

          5. The whole industry runs on 30 year old computer hardware. Might not be pretty, but it dame sure works (most of the time). Start running the industry on Micro$oft sh17 and that “most of the time” reliability standard gets the royal flush… Fake FTDI chips aren’t so much as a blip on their radar, as it were. Sometimes being a quasi-luddite pays off.


        2. Technically, by using the device you are actively infringing the patent yourself, and are liable. I’m actually waiting for the first lawsuit to succeed and for a device manufacturer to go after a Cell Phone provider for contributory infringement: force them to recall/block all infringing devices. Chances are REALLY small of this happening, as it would piss off the cell phone provider, but it is a potential.

          1. Except there is next to no way for a consumer to tell if a chip in their device is counterfeit, even after complete disassembly of the device to find the chip. And here I was recently pushing people to use FTDI chips over another brand.

          2. Yea, that doesn’t work that way. Patent trolls try to do that to Apple App developers. Apple paid for the patent license, but the Trolls claimed it didn’t apply to the Apps that used Apple’s implementation of that licensed patent. Apple defended the developers and the troll caved rather than take it to court.

        3. That’s not the case here. If I buy an Apple clone from china and then it automatically tries to update itself when I plug it into my computer and it gets bricked I can hardly point the finger at Apple now can I? I mean, it’s my hardware that is lying about being something that it’s not. Doesn’t matter if I knew it was a fake or not. If it’s a fake it’s a fake. And in this case a bad fake if it can be bricked with something so simple.

        4. Short answer is ‘yes’. Something similar happened to Sparkfun with trademark infringing multimeters. The meters were stopped at customs and they had to either remove the infringing trademarks (colored cases) or destroy them.

          Counterfeit products ARE destroyed, by law, on a regular basis.

          Someone else said “It’s as if Gucci were able to barge into your house and spray paint a counterfeit bag.” Not allowed to barge into your house, but certainly destroy the counterfeits when they have access to them.

      3. If you put non-Ford brakes on your Ford car, is it right if the car decided to detect that and purposely (not due to unforeseen events, but it’s actually programmed this way because Ford wants to ruin them) clamps the calipers on so they burn up? Even if those non-Ford brakes came in a shady looking package that says “Made in China by F0M0C0”, then it’s okay, right?

        I’ll be avoiding all FTDI products in the future. I probably have some chips that are fake and if I buy any real FTDI chips (thus requiring this malware) I’m putting my other hardware at risk. No thanks!

        1. Considering people’s lives are at risk in your analogy and mere electronics products are at risk in the real issue at hand I’d say you’re just blowing the whole thing out of proportion and your analogy doesn’t apply here because it’s sensationalist.

          1. People’s lives being at risk can be the case if the electronic products are being used as a life line for someone in a hospital.. and hospital equipment is updated actively and connected over a network so nurses can monitor vital signs remotely.

          2. No, you’re wrong. I work in a hospital. In our Intensive Care units, critical life-support equipment is run by Windows PCs via USB connections. A failed chip means the life-support stops working. Since there ARE occasional failures, we could handle one. But if the whole unit’s stuff suddenly stopped, there would be dead patients. We wouldn’t have the staff or equipment to save them all. Dead patients, grieving families, and sued hospitals are hardly sensationalist. And our PCs do update automatically, so they’re vulnerable. We, like most hospitals, use PCs from the lowest bidder. Our current ones are Dell, but I’ve seen many other brands over the years. And even Dell computers are full of stuff marked “Made in China, Taiwan, wherever”. There’s no guarantee that the chips in question are not in any given computer no matter who assembled it because the factory doesn’t build every component. This deal does put lives at risk. Innocent lives that had no part in any of this but are callously put in danger because someone thinks their profit is more important than their well-being.

        2. Absolutely. A total dick move on FTDI part (assuming the news reported here are accurate) that will bring them a bit closer to become irrelvant (not that new Arduinos use them anymore: Mega, Uno, Leonardo, Yum).

        3. I love how lots of people keep talking about ‘replacement brakes’, ‘replacement air filters’ etc… This is completely different. On a car those components are designed to be replaced and the manufacturer does not make the decision to limit who can perform that, nor with what components. They COULD limit if they wanted, but they choose not to. Some car manufacturers DO try to limit this for some components by making them non standard then protecting them by patents etc… If you use a ‘fake’ part in your car and it bursts into flames destroying your car then good luck going after the car manufacturer!!!

          1. Sure, “good luck going after the car manufacturer”. But if I had a car, and I replaced a part with something that as far as I could tell was an authentic replacement part, and the car then failed catastrophically, do you think I would ever buy another car from that manufacturer?

            FTDI is shooting it’s own foot here. Their parts remained expensive long after economies of scale should have brought their prices down. Result? A ripe target for counterfeits, since there’s nothing inherently expensive in the products they make. I’m just glad there are other parts out there (and I don’t mean FTDI clones, but other parts with other part numbers) so I don’t ever have to design anything using FTDI parts.

          2. Correct me if I’m wrong, but it as if you’re suggesting that as long as the part isn’t intended for consumer replacement, then it’s okay if “fakes” are purposefully damaged. Some others suggest it’s not okay because it’s a safety part. And yet others suggest that it’s okay to purposely cause damage if the replacement is significantly different.

            Fine then. How about this one. You’re unhappy with the performance of your air conditioner. You decide to (professionally) evacuate it and instead fill it with (insert replacement gas here, R152a is popular). You would still be just fine with the air conditioner detecting that the patented formula once running through its veins is now computer duster and then, on purpose, locking the rotor on the compressor so it self destructs? Nobody gets hurt except the owner, who now gets to keep both pieces.

            That’s okay, right? No. It’s still completely wrong. It’s not about clones, fakes, or counterfeits. It’s about destruction of property.

            I only mention the air conditioner thing since I’ve actually done that. Works really well, actually. Luckily, FTDI didn’t build my car. Only illegal in the USA. :P

      4. No, they are taking action against consumers. The violators already have their money. The only people who will be hurt by this are people who probably have no idea that the chip might be counterfeit. Hell, some manufacturers might not even know that their supplier was shipping counterfeit chips to their fabrication plant. This action hurts everyone with a fake chip EXCEPT the people who made the chips in the first place.

        1. FTDI are hoping that end users will complain to the people who sold them their now dead product (e.g. 3D printer), who would be legally obliged to replace the defective board. These manufacturers would then go after their distributors, again having to refund/replace the costs of the defective parts. The distributors would then either go after their suppliers or stop doing business with them.

          Everyone in the chain has a reputation to uphold and should (if they are an ethical business).

      5. So FTDI is in the right because it hurts the fakes? What about all the devices out there that incorporated fakes, where do you think they will end up? Have these fakes exhibited any behavior that makes them inferior in operation? How many of these chips are in machines controlling our everyday functions in society?

        It’s not just a dick move when it’s this widespread of a forgery to go after it with a direct assault on the product. That’s irresponsible and incredibly reckless. Sure we can do without millions of devices that have been relied upon for awhile, it’ll be chaos at first but fuck people it’s hurting profits.

          1. Certainly not. But they could (and should) have just had the driver refuse to talk to the device, perhaps pop up a warning message that the chip was counterfeit. That would have been easy to do and prevented the fakes from being used. Intentionally damaging the chip, which is not their property, is vandalism no matter how you slice it.

        1. “So FTDI is in the right because it hurts the fakes? What about all the devices out there that incorporated fakes, where do you think they will end up? Have these fakes exhibited any behavior that makes them inferior in operation?” – LOL seriously!!! OK. If they are fakes they are illegal. Period. End of story. Whether they work or not is completely irrelevant. Exhibiting reliability issues is also completely irrelevant. Additionally they MIGHT fail in 2 years instead of, say, 10 years, or at room temp + 40 degrees instead of room temp + 80 degrees. Fake is fake. They are ‘passing off as’ FTDI and it is illegal.

          1. “Illegal. Period” does not mean “End of story”. To the contrary, it means “beginning of a court drama”. FTDI are welcome to come to my place and desolder counterfeit chips from my network-connected Java-enabled refrigerator, but not without a court order.

        1. By buying counterfeit products. Se,, we have this thing called “trademark” where we have agreed it’s a nice idea to let each manufacturer mark their own products by their own mark, and make it so nobody else can use that same name on the same field. This lets the manufacturers build a reputation, and allows users to make purchasing decisions based on that reputation. Because we generally agree this is a smart move, we try to enforce this trademark thing as well as we can. That includes buying fakes from ebay illegal.

          Now, if the other chips were not trying to fake being FTDI there would be no news here. They would not use the FTDI drivers so nothing would be bricked. If you make usb thingy that lies to windows about being something it’s not it’s not the drivers fault ou thingy gets fried when you try to use it. There is no way to know.

          1. The end user has no idea who made the chips in their devices. NONE. Further, it’s entirely possible for the OEM not to know either — OEMs accidentally buy counterfeit parts all the time, because the global supply chain for silicon is a complete mess.

            The fact is that FTDI is pushing an automatic update out to end users that damages their devices. Even if FTDI’s clickwrap license on their driver download permits them to behave in this way, most people using the drivers have likely never seen that license, nor agreed to it in any way.

            And that means they are going to get sued and they are going to lose big, because they are damaging hardware that does not belong to them. This driver update is malware, and it is up to Microsoft to stop distribution immediately and revoke FTDI’s ability to sign drivers until they straighten up and fly right.

        2. Seriously??? OF Course you are – Ebay does not cloak you from IP breaches – this is 1/2 the problem – idiots like you who buy on Ebay for 10% the cost of a genuine devices and then wonder why its fake…FTDI spent a huge amount in developing these devices and drivers why should that be stolen from them by counterfeiters selling low cost inferior devices. No way this is a dick move – its a bold move to stake it in the sand and make a stand against these thieves

        3. Did anyone say you were??? You do, however, have a responsibility to do due diligence when you buy things. If someone offers you a 60″ NIB LCD TV for $99 would you not think something is a little ‘off’ ??

          If you buy an infringing product which you later find to be infringing you need to request a refund from your supplier. Plain and simple. Complaining to the REAL owner that you couldn’t be bother to make sure something was genuine will get you nowhere !

        1. Ermmm… No… They are disabling and destroying infringing products. This is perfectly legal and the government will even do this for you. Refer to the Sparkfun trademark infringing multimeters if you feel like educating yourself in IP rights.

        2. Legal for government, but not individuals (corporations?) to destroy properties. Fluke didn’t have their personal army breaking into Spark & fun’s warehouse to destroy their properties. Only US government operates on US soil can legally enforce US trademark laws.

          FTDI’s action make them vigilante at best.

      6. They’re not taking action against the people making the fake chips though, they’re taking action against the people who (probably unknowingly) bought them.
        Most people who will be affected probably will never even hear the name FTDI, all they’ll know is that the device they bought suddenly stopped working one day after they plugged it into their computer. Half of them will probably not want to spend much on a replacement, so they’ll buy a cheap one off eBay, which will probably have more counterfeit chips in.

      7. IP is a pathetic, imaginary construct; the produce of greed. When it covers data, it’s even worse – an attempt to enforce artificial scarcity. If the only reason you invent/create is money, then we can do without your creations.

        As for FTDI, what they did here was borderline criminal, will result in untold damages, and they should be prosecuted for it.

        1. Check your facts Bob – its not even close to criminality…IP for data?? What?? The IP covers their development costs – any idea how much it costs to develop silicon – I assume not since you seem to believe that FTDI should develop it and then happily give away their products and not make money to recoup those millions$$

          1. They do not have permission to unilaterally modify the hardware of end users… which makes this piece of malware a violation of the CFAA. They aren’t even protected by a clickwrap license, because the vast majority of end users never see it to click ‘I Agree’ without reading it.

      1. Let me try to explain. Counterfeiters are sold cheaper so the consumers buy more counterfeits than real ones. Meaning the demand of production of the real ones are lower than the counterfeits.

        Since the demand is lower the price pr. unit are higher, then the consumer price also rises. As you probably know its normally cheaper to buy 1 million chips than 1 tousands. :)

        The more they sell of one kind, the cheaper it gets due to demand of production! :)

          1. Part of the reason the clones are cheaper are because FTDI is paying for a VID/PID that the other manufacturers are using, and paying for the Microsoft driver signing.

            Obviously this wasn’t a great way to handle it by FTDI – much smarter would’ve been to just fail to work with these chips and try to throw an error message saying that this device is counterfeit, and to contact the vendor of this device.

            That being said, when the device stops working, people aren’t going to contact FTDI, they’re going to contact the manufacturer of the thing that has the clone in it. And, well, it’s that manufacturer’s fault for not making sure that the device they were buying was legitimate. So I’m really torn about this one.

          2. The VID/PID and driver signing is just a small expense, compared to making the masks for the fake chip. The only reason FTDI is more expensive, is because they have a higher profit margin.

          3. “The only reason FTDI is more expensive, is because they have a higher profit margin.”

            No, the reason FTDI is more expensive is because they spent $$$ on R&D. Others just stole their work.

          1. It’s not decreased demand for the product, just decreased demand for the legitimate product. Having a clone on the market will lead to higher manufacturing costs of the legitimate chip. The only way for the company to lower the consumer cost is to cut the price and cut their profits.

          2. Boy, I am glad I am not learning economics from YOU !!! This is only true at the tail end of a product lifecycle. During active lifetime of a product volume allows lower manufacturing costs, hence lower prices. Lower prices at the end of a product lifecycle are most often ‘fire sales’

        1. TJWeb you have a narrow view of what is considered to be a ‘consumer’ of FTDI parts. I assure you, they sell several orders of magnitude more quantities than the counterfeiters. Consider that THOUSANDS of legitimate consumer products include legitimate FTDI chips, from legitimate FTDI suppliers, and sell the end product in quantities of 100’s of thousands to millions.

          Lets just look at GENUINE Arduinos… by 2010 they had sold 220,000 Arduinos. This was before they started using Atmel chips to do the USB drivers such as in the Uno, so, Conservatively, Id guess that at least 2/3 of that 220K included FTDI chips. This is ONE, relatively SMALL manufacturer (yes. in scaled production terms, Arduino is a small company). And only the first 5 years of said companies life.

          As of 2013, they have sold 700K. At least half of that including genuine FTDI products.

          The clone market, which largely affects only single purchase consumers and small mom/pop webshop resellers (ebay and all the rest) represents a drop lost from the bucket.

          1. One possible way prices remain higher, which is sheer speculation on my part, might be establishing a de-facto standard, rather than a truly open standard for serial communication.

            In a hypothetical world where Microsoft shipped a high quality driver that loaded by default (as is done on Mac OS-X and Linux), all these third parties would be competing with each other by designing to the open standard. There would be little incentive to emulate FTDI’s protocol and piggyback on FTDI’s good quality drivers.

            Ultimately, free market competition is the only force that really drives prices down. High quality drivers that load automatically when any device uses an open protocol are the best way to create a level playing field that lowers the barrier for more companies to compete. It’s a real shame Microsoft never fully debugged USBSER.SYS and made it load automatically when any USB device uses class/subclass/protocol = 2/0/0 (the published and open USB standard for communication class devices).

          1. Mouser is not the manufacturer, and 2500 is not a million. The question is whether $2.88 is an unreasonably low price for a complete PCB with a genuine FTDI chip on it. Comparing that with smallish numbers from Mouser/Digikey doesn’t help. If these were genuine PCBs, it would be possible that the manufacturer got a better deal on the FTDI parts than the Mouser catalog price.

          2. Trui, I agree. If mouser is selling these for 2.88 chances are they are buying them in much larger qty for a substantial discount. That’s what my point was. If at this low QTY they can be had for $2.35 then at manufacturing levels of 10k or more then they should have zero issue getting them for as low as $2 each. Leaving a whopping $.88 each to pay for pcb other components and labor. LOL Seriously though I see the price dropping still at 3k ($2.30) units. With sweat shop assembly $2.88 is likely possible.

          3. There’s also the issue of the surplus market. A company that buys a million for $$THING$$ and only builds 990k units of $$THING$$$ will generally unload the excess at or below cost (storage isn’t free and there are tax consequences for holding unused inventory). The price of the part on Digikey or Mouser is only an imperfect guide to how much someone making huge production runs will pay.

          4. Not everyone pays the suggested retail price. There are always regional and/or preferential pricing in place when you are a big company. You also don’t need to buy all of the chips right away, so it is more like a commitment to buy 1 mil chips over the next year or something like that. It is really all up to negotiations. When you buy a high enough volume, you might bypass the distributor chain and their cut entirely.

            When I was working for a multinational company, we always get the good price from the vendors regardless of the volume of chips because we buy enough of their other product lines for our current products. They want us to be happy and use them as a prefer vendor.

            I don’t think FTDI would be in the 1st tier list as we would have picked Cypress or even Microchip over them as we were buying their memory products and Microchip for the PIC line. FTDI is a one track pony.

        1. However, as a consumer, I would have no idea what the cost of the FTDI chip that is that $2.88 board is, so I wouldn’t know if the price indicates whether it’s a fake chip or not. For all I know, the real chip could cost 50c

          Sure, I know now how much a genuine FTDI chip costs, but I didn’t 5 minutes ago.

    1. Well, if only FTDI chips were a little bit cheaper from the beginning. But no – let’s make them expensive, as if there weren’t alternatives! Now people start considering moving to other chips – some of my colleagues already did…

      1. Let’s be honest – there are two reasons people use FTDI chips at this point:

        1) They don’t want to write their own drivers and USB firmware stack – these days libusb and micro vendor libraries make this relatively easy.
        2) They have chosen FTDI over other USBserial IC solutions because they just work better (at least this was true 10 years ago when I last used the parts)

        They fact that FTDI chips are expensive and are still selling in quantity just goes to show that people are willing to pay a premium for their solution over writing their own code or using an another chipset. If your product is really that cost sensitive, why not put in the effort and do USB natively? I can’t understand why so many people are using a unneeded crutch and then complaining about the price. There have always been expensive ICs to solve engineering problems you don’t want to deal with yourself – it’s your choice to use them or not.

    2. True, but this is punishing the end user, not the counterfeiters. Even the vendors may be fooled into thinking they’re buying trays of legit FT232s, tarnishing their reputation and burdening their QA.

      I’d be ok with a driver blacklist, but semi-bricking the device itself is going to bite FTDI in the ass.

      1. Lots of people have said things like “black list”, or ‘not work’ rather than bricking the chip, but for 99% of end users the result is exactly the same. Most people will not try to plug their widget that used to work on their Windows computer and find a Linux computer to see if it works there.

        I certainly think though that a ‘nag’ screen would have been better, possibly with a ’10 times before I die’ kind of warning. This would allow time for the end user to contact their supplier to resolve the issue, notify the end user that they bought a fake and also cause a push back up the supply chain for better QC

    3. “Counterfeiters drive up the cost of legitimate chips.”

      Competition almost always lowers prices, even if the competitors use illegal tactics.

      “Yes, please wonder how “FTDI” dongles on ebay are cheaper than digikey pricing”

      Perhaps because those dongles use FAKE FTDI chips?

      1. Everyone is confusing “Cost” with “Price”. Competition drives down PRICE, but does not drive down COST. Quite the opposite, as stated elsewhere above – competition (especially from low-PRICED clones) drives up cost due to decreased volume for the original vendor.

        1. Exactly. And there’s no reason to assume that just because FTDI would have lower costs, they’d drop their price. That only works when you have *competition*. Otherwise, they’ll just pocket the extra profits.

  1. Interesting. I wonder how many real devices will be bricked after this. From my experience, if you manufacture something in China, you cannot be sure for the authencity of your chips, unless you have full control of the manufacturing and parts sourcing. Those counterfeited FTDI chips may be installed in several commercial devices that e.g. have firmware update possibility without real USB use otherwise. This might end up as tons of pissed off customers, if some popular product would carry such counterfeited chip (even by accident).

  2. Interesting strategy. Consumers probably don’t care about the chip inside their mouse or whatever, they’re not going to open it up – they just go by the name printed on the plastic exterior. If it breaks, the next time they’ll just complain about Chinese quality control and “buy a name brand” instead of something off eBay. In turn, the real companies will have to pay their license fees back to FTDI.

    1. Like I said up there ^, I think most consumers don’t see a chip marked FTDI – they see a keyboard marked Logitech. When that breaks, it’s Logitech who takes the heat. They have to fix their supply chain and pay their royalties.

      1. That won’t make a shits worth of a difference… warranties are a joke anymore… if your branded product craps out, you’ll only get actual relief if you’re still inside the return period for the vendor from which you bought it… and if you didn’t buy it local, it’s going to cost you to send it back to the vendor anyway. once you’re outside of the return period, if your consumer device craps out it’s more cost effective to throw it away… and that’s *exactly* the way the manufacturers want you to feel.

        You ain’t worth shit to the manufacturers whose products to buy… you’re just a tickmark on their scorecard. The only folks the manufacturers care about are the shareholders.

    2. It is partly because of their reputation that they decided to do this. They were getting complaints about issues with devices not working correctly which turned out to be fake devices. Counterfeit devices rarely have the same level of design QC and almost never the same level of manufacturing QC.

  3. If you buy illegal merchandise, you deserve the loss of your property. If you purchase stolen goods, say car, bike, etc… and you get caught you loose that property and whatever money you used to purchase it. People who buy these clones know they are purchasing an illegal item, they just prefer the cheaper price… I applaud FTDI for cutting off the profit motive for stealing their IP.

        1. general motors will not show up at your house to replace your defective airbag, it is always the responsibility of the end user to deal with defective merchandise. you will have to send your defective unit back to the manufacturer at your cost, really not worth the trouble in most cases

          1. You used a shitty example, GM replacing a defective airbag has nothing to do with this. This is basically GM coming with a pickaxe and destroying your airbag so it doesn’t function before you drive.

          1. Possibly, but don’t medical equipment go through some sort of strict QA to prevent this sort of thing? After all, if the company had their product assembled in China and someone dies because the the assembler swapped out a real deal for a fake FTDI chip, the company who sold the product is, at least initially, liable in a lawsuit.

        1. Military weaponary has already faced counterfeit electronics (2011/11/08/counterfeit-electronics-in-military-weapons/ in hackaday).

          Navigation computers in cars? 3rd party accesories in a missile control panel?

          Many here talk about consumer grade electronics, but a simple and handy interface like these might be embedded in lots of industries.

          Some hacked up monitoring interface in a chemical plant? why not?
          “Oh all the elements went blank, all the interface cables doesn’t work, the supplier has not that many interfaces cables in stock” an hour without monitoring some variable that might not be critical but they needed it for some reason.

          This could go very wrong.

          How could be blamed? Microsoft, FTDI?
          Who could sustain a lawsuit from consumers, industries or defense deparments?

          1. Themselves. Or the ones selling them the counterfeit equipment. Next time buy from the supplier that actually controls their own manufacturing. If you buy cheap china crap you get what you pay for.

    1. So, the open sourced Arduino clone I bought from a Chinese merchant is “illegal merchandise”? So any hardware that is open sourced but not made by THE source is “illegal merchandise”?

        1. It’s not illegal to make a work alike chip – the cloners are building their own chips, not copying FTDI’s.

          What they are doing wrong is passing their own chips off as FTDI’s – building an Arduino clone is OK, making a board and pretending it’s an Arduino, with their logos on it is wrong

          1. I think you’ll find that a bunch of these counterfeit devices are marked with FTDI on the IC – that is blatant passing off and breach of FTDI’s trademarks

        2. 90% of the clones are not actualy clones at all, they are MCUs running firmware that emulates the protocol, and have the same package, pinout, so they are not fakes, but are plug and protocol compatables. The silicon and firmware are completly different. They become fakes when somebody slaps an FDTI logo and part number on the outside of the package. Many do, but many dont, this makes FDTIs actions even more questionalble, as they may be bricking devices that are arguably not conterfeight.

          1. Reusing somebody’s VID/PID is not forbidden. There is no law that would control USB ID assignments. And at least here in Europe.. if it is not forbidden by law then it is allowed.

            The USB consortium only allows you to use the USB logo if you obey the rules (it is protected by trademark laws). But you do not have to use the logo to make the product work.

            You might want to create a lookalike device (in general, not just FTDI ) that can talk to some application or driver using the same protocol the original device uses. That is completely legitimate as long as you do not go around selling it under somebody’s brand as well.

            The FDTI driver can’t distinguish those. It does not see the brand mark on the chip housing. It could check the manufacturer’s name that is transmitted in the USB handshake in theory though. And change it to FAKE FAKE so the user will see “Found a device FAKE FAKE” next time he plugs the device in… but definitely not cutting it off..

    2. Right. I guess you only buy your 555 chips from signetics/philips too…
      And GM is allowed to brick your ECU if you buy an aftermarket replacement part…

      The only IP violation here is Trademark, and even then, not by the buyers, but by the distributors. FTDI is punishing (probably illegally) the wrong group.

      1. Huh? what? how? FTDI driver work just fine with chips that are 100% the same as FTDIs chips are. These counterfeits obviously don’t work the same as they get bricked.

        And yeah, those 555s from different manufacturers do behave differently. (max frequancy, for example) If I, as a designer, spec some specific manufacturers 555 to some design the company actually assembling the boards will put those in, instead of some random 555s. If they don’t I won’t be buying from them anymore.

      1. Ermmm. I think you will find that not only is it legal, it is even done by the government for you in some cases. Refer to the Sparkfun multimeter debacle recently. If you infringe someones IP (patents, trademark, copyright) then the infringing goods WILL be destroyed unless you correct the infringement.

        The end product is not being destroyed, only the FTDI fake. The fact that it is a critical part of a much larger system is completely irrelevant.

  4. It’s not in FTDI’s best interest to make things that say “FTDI” on them stop working. Especially if there are a lot of them out there.

    There are plenty of other USB-serial chip options out there…many of them are cheaper than FTDI’s products. A manufacturer may choose to use a different product, rather than risk a huge customer support nightmare if the wrong chips somehow got into the supply chain.

      1. The Exar XR21V1410 seems pretty great, though I have no direct experience. However, we only have to keep this up until FTDI apologizes and retracts the drivers and promises not to do it again.

        1. Th Exar XR21V14xx has poor support in the linux kernel, I had to insert the pid/vid into usbserial module to make it work. The website has a driver that you can compile but not with modern kernels. Further reading in the issue it seems that that driver was not included in the mainline kernel because of being poorly written.

          1. Hence we can see what the ‘over priced FTDI’ chip actually gets you then !!! Good drivers, good support, stable silicon. God forbid FTDI should actually want PAID for all that effort !!!

      2. Microchip MCP2200.

        Cypress CY7C65211: does UART, I2C and SPI, Capsense, GPIO, charger detection. Probably a good FTDI replacement for your average hackers that can work with QFN. $2.62 QTY 1, $2.14 @ QTY 100 at Digikey.

  5. This is a stunningly bad idea. It’s as bad as embedding code that kills the hard drive on a computer that is found to have pirate software (and that’s being gracious to FTDI by granting the assumption that this is a real IP violation).

    Don’t get me wrong, when I buy an FTDI chip, I honestly want it to be a real FTDI, but bricking it automatically is generally punishing a consumer who had NO IDEA they bought a counterfeit. The electronics supply chain is long and complex, and surprises happen.

    Further, we aren’t even necessarily talking about copyright/patent violation here. This is FTDI bricking a competitors compatible products. Sure, using FTDI device IDs is a bit shady, but it’s (probably) not illegal.

    Of course, if you are an EE, the most rational thing to do at this point is to avoid spec-ing FTDI devices entirely, since they have shown that they will use dangerous measures to maintain their market position.

    1. “Further, we aren’t even necessarily talking about copyright/patent violation here. This is FTDI bricking a competitors compatible products. Sure, using FTDI device IDs is a bit shady, but it’s (probably) not illegal.”

      While I mostly agree with what you’ve said, what the clones are doing I’m quite sure is illegal (fraud). The clones have the same markings as the authentic chips and are designed to look identical, both physically and to software. They’re sold as something they are not.

      1. That may be true; but it’s not necessarily the manufacturers doing the fraud. These may be re-labeled chips. The die may be legitimately procured then resold by a middleman, or the distributor may be relabeling finished chips. Or, yes, the manufacturer may be planning this ruse from the beginning.

        We don’t know, and that’s the problem. FTDI are bricking devices without knowing this either.

        Further, we don’t know that this is limited just to re-labeled chips. If FTDI drivers are bricking chips labeled simply as XYZ-232, or unlabeled chips, then is there a fraud that makes this OK? How do the drivers know what is on the label and/or BOM of the device they are destroying?

        1. I agree that what FTDI is doing is wrong here, they are after all damaging something that’s not theirs. My point was that someone, whether it be the chip manufacturer, the chip packager or another middleman, is fraudulently selling their product somewhere along the line.

          1. I totally agree that the frauds are a bad thing, but we cannot know that there is always a fraud being perpetrated.

            It’s pretty likely that some widget manufacturer is legitimately buying these things as a chip on board option for some cheap toy, or something. It makes sense to go for driver compatibility with FTDI so that you get WHQL drivers installed with minimal fuss.

            I suspect that a bunch of little speak-and-spell clones or whatever other low-cost widget are going to just stop working next time somebody plugs them in, and they won’t be a case of fraudulent labeling, as _somebody_ is likely legitimately buying these things as a cost saving measure without any fraud or misrepresentation.

          2. “FTDI are not damaging anything other than the infringing chips. They are legally allowed to do this.”

            No, they are not legally allowed to do this. In fact it is illegal if for no other reason than BECAUSE they never produced nor owned the chips they are damaging. The chips are not theirs and never were, and intentionally damaging something that is owned by someone else is vandalism and therefore illegal, whether that something is itself legal or not. The chips may be illegal, but two wrongs don’t make a right.

        2. “How do the drivers know what is on the label and/or BOM of the device they are destroying?”

          The driver knows it’s communicating with a chip that claims to be a genuine FTDI. Then it does stuff to it that might be required on the genuine chip. (or what the hell, it’s their driver and their chip, they could fiddle bits for fun if they want to) At this phase the fakes fail and the genuine ones keep working. Can’t blame FTDI.

  6. … is this even legal? Counterfeits or not, it seems pretty irresponsible to brick hardware for customers that have no way of knowing if the gizmo they just bought contains a counterfeit or a genuine chip.

    1. Indeed, we are pulling the FTDI UART from our design process now.
      We can’t have a silly chip maker play games with 10000 of our customers.

      Microsoft can die in fire at this point too…. We’ll have legal send an invoice.

        1. The precedence of the Sony rootkit damaging the driver for DVD drives is clear in this matter.
          Whether the device contained defective chips is irrelevant as the damage was intentional.

          And dumbass, the stink of the PR damage is far worse than a possible cloned chip.
          FTDI is about to get spanked

  7. Will be designing out FTDI from anything I do going forward.

    As a consumer who most likely got had and spent my good money on a programming cable , from the company who makes them, which later i found out is fake I hold FTDI responsible for my device being bricked.

    We need to sue the shit out of them.

    1. No, more like Big-Auto car company finds out a part that was replaced in your car, possibly by you, possibly by an auto shop without your knowledge, wasn’t an authentic part, a part that was protected by patents. They then silently destroy that part without your knowledge and leave you with a non-functioning car.

    2. tweaked slightly:

      What if Shell gas pumps were able to detect if you had previously used gas from a station that’s selling noname gas as Shell, and could stick a cork in the filler neck that’s easy for a mechanic to pull out but non-obvious for the average consumer?

        1. It seems you can debrick it if you know what you’re doing.

          There are FTDI released and open source tools for writing the config EEPROM that contains the PID that the new driver fubars to brick the chip. The Windows driver will refuse to talk to anything with a PID of 0, but this can be overridden in Linux. From there you can run the utility to fix the EEPROM and get the chip working again with older FTDI Windows drivers.

    1. Exactly. I own… things. I don’t mean that in the shady sense, I just own more than a couple items that probably have serial-usb chips in them. I’m pretty sure that makes me (and everyone else here) a member of the class that will be a party to the forthcoming suit. Which law office do I contact for my eventual microsoft/FTDI check?

        1. $3 !!??? Yeah good luck on that. I once got a check from ATT for a class action suit settlement for 12c !!! Yep… $0.12 !!! It cost more than that to mail it.

          Class action law suits are beyond a joke. Nobody bothers with them any more other than lawyers.

  8. Y’all know, this reminds me of Windows vs Linux. Also, it makes me happy Linux is open-source and so are FTDI frivers there – nobody can ever push some kind of crappy drivers that fry things in the kernel, and my FTDI-based devices will never stop working, even if FTDI chips on them are not original. One more reason to use Linux for EE and hobbyists.

    1. Well… This supposes that Linus and other independent Linux developers are familiar with inner workings of FTDI chips (or possibly others in future), so they can tell if driver does something nasty instead of something usefull.

      Because such driver may look 100% ok from their perspective as it does not do any harm to kernel, follows general rules and conforms to our kernel API. They may just say “This FTDI guy probably knows how to communicate with FTDI chip”.

      So i can only hope there is someone looking for such nasty patches in Linux.

  9. I see no fault in this. Every part of the chain needs to take responsability if a user gets a device with a counterfeit chip.
    From Seller -> distributor -> manufacturer -> chip distributor -> counterfeit manufacturer
    (obviously the counterfeit manufacturer wont care)
    If your quality control let them pass to the next link of the chain you haven’t done your homework properly.
    It can never be the fault of the original manufacturer if they protect themselves against this stuff.
    If it becomes more risky to buy counterfeits chips, manufacturers will become more through with their quality control and hesitate to trying to shave the last pennies off.

      1. You sue your supplier to hell if it turns out they sold you some cheap knock off as something else? The same as with any other product? Then they sue the ones they got them from etc. I mean, FTDI had no part in your supply chain, how could they be responsible? “Your” product is using their driver, that wasn’t made to be used with anything else but their own products.

          1. Then you should put more effort in to your vendor QC process.

            More often than not fake chips are CLEARLY different to genuine ones. If you are using a new vendor or one you might have reason to not fully trust then do more stringent due diligence. It might take some effort to verify the first set of product that you have manufactured but if you care about quality and are using China then… well… Check.

            What are you going to do when the 8MB flash memory you use on your product turns out to only be 4MB and a buffer overrun causes you to loose all your bitcoins and electrocute your grandma!!??

          2. I don’t think you understood my comment. The company that designs an electronic device is often not directly responsible for it’s manufacture. Instead, they outsource the assembly to a third party (commonly in China, even Apple uses them). You can tell this ‘assembly house’ to use a specific part from a specific supplier, heck you can even physically give them the parts to use, but they may (and often do) substitute from other sources. Most won’t tell you they did this, and depending on how they handle their inventory they may not even know themselves. Worse, because previous drivers from FTDI didn’t refuse to communicate with clones (let alone damage them), manufactured products incorporating the FT232 would PASS QC just fine. Now, perhaps years later and after many products have been shipped, they all fail. The designing company however cannot be faulted in any way.

  10. If it can be proven that this is being done intentionally then this is almost certainly illegal in the UK. Having the new driver simply not initialise for fake chips would be fine, but damaging them is not on at all. Pretty sure all mine are genuine, but will be doubly careful the next time one gets attached to a windows machine.

      1. Just because they put that down on their website doesn’t necessarily mean the law is behind them. There are plenty of cases where the courts are behind the consumers even on a contracts. e.g. telecom companies are known to unilaterally put terms that removes a consumer’s right on a contract, but those terms are not allowed by the law.
        I have torn down a work contract and walked out because their clause for me not working for anyone in the industry for 6 months is actually illegal here.

          1. Try suing when the reason is the illegal use of a counterfeit part…see how that goes in the UK or EU. FTDI has global trademarks and IP protection which is being breached by the counterfeiters – I would love to see this action in court – but it would never get there not even a no win no fee lawyer would touch this

          2. No its not vigilante action – you need to check your law on the definition of that criminal action. The end-user may be a “victim” however they are acting illegally by using a counterfeit device – if you consider the analogy of purchasing a car and it being stolen – the police in the UK will recover the vehicle from the end party and their only recourse is to pursue who they purchased the stolen item from – it does not however stop the vehicle being taken from them just because they did not know…

          3. This isn’t an unfair contract, it is absolutely and completely reasonable.

            ‘Unfair” means something like “if you step on the cracks on our pavement you need to give me your first born child”

          4. And your expertise in UK law comes from…? You keep saying things are legal or not, but you aren’t backing it up when I ask you for proof.

            Enforcement post the point of sale normally requires a court order or proper pre-notification. You also haven’t addressed the issue of non counterfeit FTDI work alikes. Using the same VID/PID as another product breaks no law I am aware of.

      2. I put a sign on the front of my car, saying “WARNING: anyone placing themselves, their vehicle, or their property in the path of this car while the car is in motion may be injured, killed, or have their property destroyed. If you place yourself, your vehicle, or your property in front of this car, you agree to accept full responsibility for any damages that may occur, and hold the driver harmless.”

        If I then go driving recklessly around, running into people and things, do you think that warning sign will allow me to avoid legal consequences?

        There are limits to what disclaimers may disclaim. In my example, the party I might run over didn’t have a chance to read and understand the disclaimer, and didn’t voluntarily consent to it. Likewise, in the FTDI case, people accepting Windows updates most likely don’t knowingly consent to having their devices bricked.

    1. So if I build a USB device that uses someone elses ID and so gets windows to use that driver and then that driver speaks to my device and my device dies I get to sue the driver maker? Neat.

        1. I think you are the one with the issue!!! If the fakes claims to be something it is not then Windows sends it a command that kills it it is not an innocent end user’s fault, true, but it certainly isn’t the manufacturer of the real article!!!

          And, in IP infringement cases I think you will actually find that it is perfectly legal to destroy infringing articles. You can even often get the government to even do this for you. Check the Sparkfun multimeter trademark infringement case recently.

          The moral compass here is about stealing from someone. The fact that the ‘someone’ is a company is completely irrelevant. They still have the same legal and moral protections as an ‘end user’.

          Of course, you will now probably go right back to watching your pirated movies because, well you know, paying for legal movies from a legitimate source is just soooooo much more expensive than watching your much cheaper ‘fake’ movie.

  11. Time for us to opensource a firmware for something like a PIC18f14k50 (which is 2.24 in dip qty 1 vs 4.50 for smt qty1 of ftdi) that emulates proper serial. Time to make FTDI pay. Beat their price by 50% with an opensource solution.

    1. The Windows drivers, which are WHQL certified and are automatically fetched over the internet when a chip with FTDI’s ID numbers is plugged into any USB port, are what matters.

      If you write Windows serial driver that actually work very well (something even Microsoft hasn’t managed to do in their own USBSER.SYS, which doesn’t pass the WHQL tests) and pay the approx $1000 fee (last time I looked, it was $250 per operating system) to get them certified and in Windows update, then cloners would be happy to copy your PIC firmware.

      They might even print “FTDI” on their chips using your firmware.

      But the PIC firmware alone (which already exists), without a WHQL driver that Microsoft publishes in Windows Update is pretty much worthless to Chinese cloners.

    2. Punishing the consumers was the wrong answer here. The pic16f1455 can be used as a USB to serial device. It works well. Shows up as /dev/ttyAMC0 on my Linux machine. You can bet we’ll be avoiding FTDI chips altogether in our future designs.

  12. Holy shit FTDI (F**ked The Damn Internet), you screwed the pooch on this. Completely illegal to do what you did. The lawyer’s will have a field day with this, developers will drop FTDI chips, and consumers are the

  13. I bought a small batch of PL2303 from one of those reseller sites that sell Chinese stuff. They were selling them like 10 for less than a couple of bucks (don’t remember the actual price as I thought it was a typo and bought it for a laugh) Out of the 4 chips I used, only 1 actually that doesn’t work with the latest x64 drivers. The other 3 works great. I probably could get that one to work with much older drivers. So much for the counterfeit detection.

    I am kinda surprised that the fake chips manufacturers didn’t simple make their chips generic USB CDC serial port. The specs is there and for most application, generic serial port is more than sufficient. It is only when you want to play with the fancy FIFO stuff that FTDI have some advantages. Not happy that OpenOCD uses ftdi driver.

    As for FTDI, they can do whatever they want. Ultimately they are only responsible for destroying in the trust of the brand from people that don’t know they got fake chips.

    1. Neweggs would at least give you a refund if you tell them about fake chips on their products. That’s a cost for their business. It is for that type of hassles that I bought from Hong Kong based resellers that have good refund/replacement policy (for ~10% higher prices) instead of some guy on the internet in China directly.

      PL2303 drivers refusing to talke to fake chips is old news. The fake chips still have valid USB PID after that, so at least you can get by with older drivers. FTDI bricking chips is a new low.

      1. We got our problem squared away and wound up with proper PL2303 adapters.

        My point being that Prolific dealt with this problem gracefully in a way that doesn’t alienate their customers.

        A few years back I convinced our hardware guys to spec the 6-pin old-Arduino-style UART headers for debug on our new designs for use with FTDI cables. We have tons of FTDI cables in our labs and manufacturing. We buy these from the usual US distys so I doubt they’re fake. Still, I’m now looking for alternatives.

      2. FYI: The Prolific aren’t as capable as the real chips either, so they can’t be reprogrammed to turn themselves off. They are a clone of a very old version that requires external crystal and does not implement on chip EEPROM config. There is more money to be made faking the more expensive FTDI brand I guess.

        Not a good thing. Also have to consider the event that their driver have false positives in the future (e.g. their new chip fab library for EEPROM no longer works the same way for this exploit.) If drivers were perfect, they would all be rev 0.1 and not some high numbers.

    2. “I am kinda surprised that the fake chips manufacturers didn’t simple make their chips generic USB CDC serial port”

      They chose to fake an FTDI chip because FTDI has a great reputation for solid drivers, stable hardware, excellent support etc… Why would they fake a different competitor that provides crap support/silicon/drivers ???

      That is exactly what “passing off as” is all about.

  14. Okay, using ftdi chips is now a risk for any developer and manufacturer. How can I know which chip my chinese board manufacturer will solder on the board ? Why should I control what he’s doing if I can simply use another chip manufacturer ?

    1. You wouldn’t know if your 3rd world contract manufacture has solder on the chips you supplied instead of selling your legit chips off at a good price and putting on cheaper fake ones.

      1. China makes laser engravers which are just perfect for making those laser markings on fake chips.

        Nope. You can’t do destructive testing for every units on a production line. You can only do business with a company that obeys the law. Even then, it doesn’t prevent employees doing illegal things on their job.

        I used to work for a defense contractor that have in house PCB assembly manufacturing. I had to initial every part# on my component list and the in house buyers do not get to deviate from that on their own. There is incoming inspection on the parts/PCB and they only buy from legit distributors. I even got a call from them on time when the PCB is out of wack from the specs – no solder mask on VIA pads.

        Some of the places I worked for even audit the vendors and have a list of approved suppliers/manufacturers. In retrospect that’s way ahead of the time.

    2. If your manufacturer is using fake FTDI chips then they are most likely using other fake chips.

      If you want to use fake chips on your product then knock yourself out.

      What makes you think this is just an FTDI issue.

      At least FTDI is making it very apparent you have a fake chip. I think this is much better that you having intermittent failures out in the field because your fake processor fails at 10 degrees above room temperature.

      1. That’s a big claim, and I think the burden of proof is on you to prove that. Getting counterfeit chips into your supply chain isn’t always a case of the manufacturer looking the other way or assuming super cheap parts are legit.

        Counterfeit chips can enter the supply chain in lots of different places. It can even happen at the factory itself — or anyone else in the logistical chain. Someone is short on quota and and puts fakes in. Some wants to line their pockets and so they put in cheap fakes in and pockets the difference.

        FTDI isn’t making it very apparent, most people will have no idea why their equipment stopped working. FTDI could have made it apparent by popping up a warning, sending information back though the driver to explain what happened, etc.

        Instead they just disable chips silently and leave people guessing…

  15. What they did would be sort-of fine if they gave manufacturers some means of assuring authenticity of their chips.
    But this brickage can have dire consequences with some important piece of hardware running on an otherwise well-working fake chip that ceases to work, begging for a disaster.
    I wonder whether it’s legal. Like in Polish penal code (which covers both destruction of a property and making it non-suitable to use), there must be equivalent clause in many countries where FTDI locates its business operations.

    1. maybe you can assure the authenticity of your chips by only purchasing them from factory authorized dealers

      why should it be illegal for software to not work okay with hardware that it was not written for?

        1. Does that even matter? They can’t be held responsible for what happens to some random device that ca´laims to be theirs. There is no way for the driver software to know if a fake device turns into a brick or not.

    1. No, you used a product you bought from a reputable manufacturer, and FTDI came and destroyed your private property. 90% of consumers have no idea what goes on in their devices. Almost no one has the skill or resources to decap the ICs in their devices to verify they’re genuine. Hell, even manufacturers would have a hard time knowing the chips are fake.

      This is FTDI throwing a tantrum because there are knockoffs of their products. They are willfully and intentionally destroying private property and punishing consumers and manufacturers because they can’t get a control on their market position.

      1. Well, the law in the US is very clear about this. If you are a fake product then the ‘real’ product manufacturer CAN destroy all counterfeits and can even get the government to do this for you.

        FTDI are not ‘damaging’ anything other than the counterfeit products.

        1. Really? What if a product claims to be FTDI compatible and isn’t a counterfeit. Using someone elses VID/PID isn’t against the law. It is just against the rules of USB-IF, if you aren’t a member then it doesn’t apply to you.

          Also please state the case law that shows that it is legal to destroy counterfeits past the point of sale. The sparkfun multimeter case is a bad example because it was about customs enforcement; and might not have stood up in court the trademark criteria was pretty broad.

    1. No, you can sue because FTDI pushed out a driver that Windows will install without your knowledge or consent which breaks your device. There is zero consumer interaction, because most of the time Windows is set to auto-update. And this isn’t Microsoft’s fault either. No one has the time or resources to disassemble every update and verify there’s no malicious code.

      1. If you can’t use your computer system properly it’s hardly the fault of the manufacturer, especially it’s not the fault of a manufacturer of hardware that isn’t even used in this case. If you set your computer system to auto-update you just might brick the whole damn computer if some update contains bad code. It has happened before, it will happen again. Don’t use technology you can’t use, or accept the consequences. I’m not flying planes because I know I don’t know how. I’m not fixing my own car because I don’t know how. Why on earth are people trying to admin their own computers when they clearly don’t know how. I’m not crying for them.

      2. Sigh!!! When will you all realize… It does NOT damage anything other than the counterfeit product. The fact that a working fake widget is required for the rest of the system to work is completely irrelevant. FTDI are perfectly within their right to a) have their driver talk to any USB device that claims to belong to FTDI in any way at all they want. If the fake device takes a hissy fit at this it is not FTDI’s fault. and b) they can perfectly legally destroy any and all products which infringe their intellectual property rights.

        It is not FTDI screwing end users it is the manufacturers using fake FTDI chips.

      3. In fact it’s depend on your jurisdiction.

        In some country (most western ones), if you are carrying a counterfeit good, original trademark owner can ask customs to destroy it, without court order, and you will be liable for customs fine also. Even if you have bought it with good faith (in most case you will not have fine, only destruction).

        It’s exactly the same scenario here, only brought customs out.

        1. “It’s exactly the same scenario here” – except that customs can only do it when I’m crossing borders, and I would expect to have a chance to submit a counterclaim before the action is taken.

          “only brought customs out” – which is a crucial point. If my laptop gets stolen, I can’t just go and retrieve it, even if the person who currently posesses it is the thief, nor can I lock the thief up. I must go through police and courts, and I can even imagine situations in which I won’t get it back immediately (e.g., if it has been bought by a hospital in good faith and is currently controlling a critical piece of equipment, I may be asked to wait a bit). I’m surprised that I must explain the concept of monopoly on violence on hackaday.

          Besides, the driver was released in more than one jurisdiction.

      1. Nope, the manufacturer of that faulty piece of USB microphone is responsible. FTDI updated _THEIR_ drivers, that still work just fine with their hardware. Ifthe manufacturer of said USB microphone wanted to make a good product maybe they should have made sure they use quality parts instead of fakes? It’s the same in every craft. You can make cheap crap or you can make quality. You can’t always check everything yourself, but that’s why you use partners that you trust. Like manufacturer approved dealers. It’s not like it’s a secret who actually sells the real things:

  16. Say Sparkfun somehow managed to get a batch of chips that are not authentic. They have no idea of this fact and manufacture a batch of FTDI programmers for Arduino chips. Now those widgets are bricked. WHO becomes the responsible party for replacement of the bricked parts? FTDI? The supplier of the chips? Sparkfun? The poor schmuck who just wanted to upload a simple sketch?

    How can anyone applaud this seriously super dick move?

    Punishing end users to get at counterfeit operations? Well thought out plan FTDI. Fuckin end users should KNOW that they aren’t getting authentic chips! This’ll teach em for messing with us! Who cares how much hardware we break…our profits are suffering and something must be done!

    Maybe a better solution would be to have the driver refuse to work with counterfeits or to deliver a nag message if a counterfeit is found. Breaking stuff that you on’t own is just begging for lawsuits all around. I can hardly believe that FTDI really found this to be the best solution.

    1. Sparkfun spend a LOT of time making SURE their products use authentic chips. Go read their page right now. They have posted an article on exactly this issue.

      They DID receive fake parts but their QC spotted them and not a single customer was impacted by fake chips.

      This is one reason why Sparkfun have an excellent reputation for quality and support. Are they the cheapest? Certainly not. Then why do people still buy from them? Quality and support.

  17. While I feel sorry for FTDI having so many imitators, the fact that the chips that are being bricked aren’t theirs likely makes this illegal too. The fact is that they are intentionally damaging someone else’s goods, even if those goods were illegal in the first place.

    FTDI might just be doing this to call attention to their situation. If this becomes widely known, it could serve as both a wake up call to electronics manufacturers and result on a crackdown on illegal chips.

  18. “it’s very hard to tell the difference between the real and fake versions by looking at the package, but a look at the silicon reveals vast differences”

    So, it sounds like the counterfeiters are making their own designs then. So what are they really stealing from FTDI?

    1) The FTDI Name?

    I can’t vouch for others but the only reason I will give preference to something with the FTDI name because I know that FTDI driver support already comes on the OSs I use. It’s nothing against FTDI, it’s just that if I could buy something at 1/2 the price named “Brand X” and expect it to “just work” without installing any drivers I would do so.

    2) Driver Development?

    If these guys are designing their own silicon I’m sure they can manage to write a driver. I don’t think they are making their chips driver compatible with FTDI just to avoid writing a driver. I’m sure they are doing it becasue they know the value of the driver already coming with the OS and they don’t have the clout to get Microsoft, Apple and all the Linux distros to include their own.

    If only we could get past this proprietary driver BS. Imagine if manufacturers of all kinds of hardware just stuck to generic interfaces that worked with generic software. Everything would “Just Work” regardless of which OS the user choses! Is there really anything that innovative in a usb serial driver anyway?

    3)USB Vendor IDs
    Well, FTDI pays between $3,000 and $5,000 a year for that. But why do we have to have the USB-IF anyway? It’s a tax that we all pay on every USB device we purchase! Imagine if we had an open source alternative to USB with a more open registration process. That could be really nice for hobbyist produced items! Even a non-free registration shouldn’t have to be THAT expensive. For example, you can buy a domain name for just a few dollars a year!

    1. You only need to pay USB-IF a one-time fee to get a vendor ID. It’s still out of reach for a single hobbyist, but several hobbyists could pool together, get a VID, and divide up the PIDs.

    2. @”Me” – “The FTDI Name” – Yep, that is what branding and trademark is all about. Nobody can use the FTDI name, logo or branding. The fact that the fake chips look exactly like FTDI chips clearly shows they are trying to “pass off” as FTDI, which is illegal.

      “If these guys are designing their own silicon I’m sure they can manage to write a driver” – Well, no infact this is NOT true. They are using the FTDI PID/VID so that they don’t need to write their own driver. This is fundamentally why the chips are being re-programmed. FTDI would not go off and re-program a chip that was not using their PID/VID. That would be illegal and in violation of their USB licensing agreement.

      “they know the value of the driver already coming with the OS” – Exactly. Guess who wrote this ‘valuable’ driver ??? Here’s a clue… begins with F and ends in I. The driver FTDI wrote is for the chip they designed.

      “So what are they really stealing from FTDI?” – Wow… OK… I am not even going to bother with that one!!!

      1. That’s only true if the PID/VID are legally protected, which I don’t think they are. The branding on IC, etc. can be trademarked, but if the part says Generic USB serial IC on it’s casing, but happens to speak the FTDI protocol everything should be fine in my opinion.

        1. Agreed, but that isn’t the case.

          The chips say FTDI and use the FTDI assigned PID/VID.

          They are quite clearly ‘passing off as’ which is illegal and as such US law not only says they can, but says they should be destroyed.

          1. One wrinkle in your argument is that FTDI is a British company, not a US-based or HQ’ed company. Please also show me which section of US law (and the citation in particular) you are referring to. Copyright law, Trademark law, Civil law, Federal law, Maritime law, IRS law (yes, could be under that), law of the jungle, Judge Dredd law?

      2. @Steve C:

        I don’t think you really understood what I said.

        About the branding: yes, there is something of value there to steal. But branding is about marketing and name recognition. You might buy a certain brand of toaster for example because you recognize, had good experience with, or otherwise like the brand. You don’t buy a specific brand of toaster just because you know it is compatible with the power plugs in your house and you think you might have to install a transformer to be able to use a noname brand toaster.

        Hardware that plugs into a computer is different. If you buy the big name brand the drivers are probably already a part of Windows, Linux and OSX. You can just plug it in and go. If you buy a non-name device you probably have to hunt down drivers. Are they even available for your OS?

        My point was it shouldn’t be this way. I can’t believe there is any huge piece of unique IP in a serial driver. Talk USB on this end, talk RS-232 on the other. They are established standards, just get the data from point A to point B, come on! I can’t believe there is a good reason we don’t just have a generic driver that every piece of hardware can then be built to communicate with.

        Instead we have hardware vendors all making their own proprietary interfaces. Then they pay their money to Microsoft and Apple. Now they have an extra advantage over any newcomer. This is creates a disincentive for proper competition and an incentive for counterfeiting.

        You say the counterfeiters are unable to write their own driver. Maybe you are right but that seems weird if they are knowlegable enough to design the hardware. I suspect they just realize that even if they did go the honest route, write their own drivers and use their own name they would still be at a huge disadvantage. Not just the natural marketing disadvantage of going against an established brand name, their product would be at best “that annoying one that you have to install drivers to use”.

        Personally as I chose a chip the brand name isn’t nearly as big a part of my decision as the “one just works, the other needs drivers” issue. That’s why I think they are less stealing a brand and more combating a competitor’s unfair advantage.

        But, that could be just BS though.

        One other thing though… why can’t FTDI compete with these things on price? I just can’t believe that driver development is that expensive considering the 100s of thousands of chips they must be selling. Once it is written it is just vending copies. Both are doing chip development. The counterfeiters haven’t ripped off their hardware designs.

        1. @Me – “My point was it shouldn’t be this way” – Well, the USB-serial drivers which are being used here ARE written by FTDI. They invested time and money in these drivers. I agree, if they were using generic drivers this would be completely different. So much so that the counterfeiters would not bother to ‘pass off as’ FTDI, they would simply be “joe bloggs” USB-serial. But then, how would they do their sales and marketting and gain market share and reputation? They decided to shortcut that too and steal the FTDI good will. FTDI has spent a huge amount of time and effort on branding too. I am not sure what your point is with the toaster? FTDI have a brand and reputation for quality, stability and support. This is why the fakes are using FTDI as their template. It is also very illegal. Try opening up a burger joint and calling it McDonalds and use a big golden arch as your logo. You would still be painting the door when the lawyers crushed you. Branding.

          ” I can’t believe there is any huge piece of unique IP in a serial driver” – There probably isn’t. But FTDI has the most stable and well supported. If there was a generic driver as stable then I am sure FTDI would love to not spend hours and dollars developing their own. As has been mentioned MANY times in these comments there are MANY alternative. If so, why is everyone bitching?? Just switch to them and be done with it. The reason many have not switched to cheaper alternatives is reliability, stability and support. FTDI are good at that. Open source Atmel solutions not so much.

          “Now they have an extra advantage over any newcomer” – Not sure what your point is? If you invest millions of dollars on a product then sure you want an advantage in selling it !??? What’s your point? You think everyone should just give away their hard work?

          “You say the counterfeiters are unable to write their own driver. Maybe you are right but that seems weird if they are knowlegable enough to design the hardware. I suspect they just realize that even if they did go the honest route, write their own drivers and use their own name they would still be at a huge disadvantage. Not just the natural marketing disadvantage of going against an established brand name, their product would be at best “that annoying one that you have to install drivers to use”.” – OK now I am completely confused. What is your point here? counterfeiting is ALWAYS about money. Make money of someone elses efforts. It isn’t weird. Why should they spend time writing their own drivers if they can use someone elses? And there isn’t any proof that they ARE knowledgeable to design their own hardware. They may have simply decapped and reverse engineered the FTDI chip. This is VERY easy to do. “they would still be at a huge disadvantage” – Of course they would since they haven’t invested millions of dollars and man months developing their own reputation. This does not give them the right to suddenly just claim FTDI’s reputation. That is the whole premise of trademark protection.

          “combating a competitor’s unfair advantage.” – Seriously !!??? What is unfair about spending 10 years and millions of dollars developing technology and support software??? They were one of the first to even realize this product was a good idea and set out to fill the gap. If the ‘competition’ is too dumb to realize this quickly enough and too cheap to invest their own time developing it then it does not magically give them the right to just copy yhe chip, electrically pretend to be another chip and pretend to be a manufacturer you aren’t so that the real manufacturer does all your marketing and support.

          “one just works” – And FTDI stuff does. Fake stuff, not so much. This is why you should use real chips and not fakes. Fake stuff may or may not work. There are ALWAYS corners cut with fake products. In the silicon industry that usually equates to reliability. If you want to save $1 on a chip that stops working on a warm day knock yourself out.

          “why can’t FTDI compete with these things on price” – OK this shows me absolutely that you are completely of the opinion that the world owes you something and you have no clue what a free market economy is. Why do you feel FTDI owes you something? Why should they drop their price just because you don’t like it??? I don’t like the price of movies on demand from my satellite provider. They have already covered their cost for the movie why should I have to PAY for it ehh???? That is a stupid argument. Back to FTDI… They are. They are providing a product at a price that they feel is competitive for the features, reliability and support they provide. If you don’t like it then don’t buy it. You could also ask why does “Tag Heuer” charge so much for their watches? Because people that want a Tag want a Tag. Those that don’t want one don’t buy one. There are other choices there too just like there are here.

          “The counterfeiters haven’t ripped off their hardware designs” – We don’t know one way or the other on this. What we do know is that they can’t be bothered to write their own drivers and can’t be bothered to do their own marketing, so they decided to ‘pass off as’ FTDI.

  19. I am pretty sure they can change THEIR driver (which they wrote) to send any commands it wants to a device which claims to be one of THEIR devices (PID/VID). If the receiving device which claimed it was an FTDI bridge really isn’t an FTDI bridge and as such does not ‘do the right ting’ as a real FTDI chip would then FTDI cannot be liable in any way shape or form.

    CloneDVD did something similar many years ago (kept creating corrupt DVDs without warning messages when a pirate version was detected) but they gave up eventually since people simply thought CloneDVD was just broken.

    Suppliers need to ensure their supply chain maintains integrity. Currently manufacturers and suppliers don’t, even the larger distributors have been caught with their pants down on this. The question is then do we just live with it (bad for genuine chip suppliers) or fix it (‘bad’/’good’ for end users who will see higher prices but better reliability).

    I work for a huge semiconductor company and have seen many instances of our devices being cloned, often in critical systems. Trust me you don’t want a fake 100Amp transistor in your elevator controller, but hey… it happens. Counterfeit devices will definately have significantly lower quality control. If you are OK with that then I guess it is up to you. If a $2 USB to RS232 converter I got from eBay fails I will have no clue at all it is an FTDI controller or not, I will just never buy that dongle brand from eBay again, which is exactly what FTDI want.

    Consumers don’t care or even know what chip is in a product. If I am a manufacturer and I get a ton of returns then I will start looking why, which would hopefully then turn up that my supplier has bad quality control, so I would change supplier. Then the ‘bad’ supplier should check their supply chain accordingly. In some cases they simply don’t care and move on. Reputable suppliers will investigate every single issue.

    IP theft is IP theft. It is illegal. Trademark, patents copyright, I bet all three are being violated by these counterfeits. They are certainly ‘passing off as’ FTDI.

    Having said this, it is probably not a smart move. Illegal, certainly not though.

    1. >Having said this, it is probably not a smart move. Illegal, certainly not though.

      If I wrote a program that changed firmware on your device without your consent, would that be considered malware?

      The answer should never be, “Well I dunno, was this done by a Global Corporate entity or a private individual?”

      1. But that isn’t what they did. They detected a device that claimed to be one that they designed and was supposed to talk with the driver. The driver then sent a command to the chip and the fake chip didn’t do what a real chip does. How is this FTDI’s fault that the fake chip didn’t behave ‘correctly’?

        This is entirely different to, say, OpenOffice writing a program that detects MS Word then changing some of the Word files. OpenOffice would have no need or right to change files for another program. Now, if MS Word was installed in the OpenOffice directory then OpenOffice would be justified in deleting the crap out of the MS Word installation.

          1. ‘Fault’ isn’t in question here. ‘Right to do so’ is the issue.

            FTDI should not have to do or not do something just because they might ‘damage’ a counterfeit chip.

            As I mentioned previously, whether this is a good idea or not though is a completely different question.

            If you had spent millions developing a product and someone was passing off as you would you not want to legally stop the distribution and use of said infringing product? If a shop was selling a copy of your widget I am pretty sure you would go after the shop regardless of whether they knew it was infringing or not, and you would be legally entitled to.

          2. I don’t see how changing the PID to 0 could possibly be unintentional. Unless the actual intent of the code is to change the PID to something else non-maliciously, but why would that ever even happen? Fact of the matter is, FTDI know full well what’s going on, and their twitter account is defensive and entirely unapologetic about it.

        1. “They detected a device that claimed to be one that they designed and was supposed to talk with the driver. The driver then sent a command to the chip and the fake chip didn’t do what a real chip does.”

          I don’t think that’s what’s happening here. What’s going on is the driver determines whether the chip is genuine or not. If not then it sends what amounts to a ‘kill’ command that damages the chip. If it is then nothing happens. The genuine chip is never given this command, and if it was it would likely act the same way.

        2. Is that really what they did ? Do you have any reverse engineering sources or so ? I just think the set the id to 0 if the device is not from FTDI, and if the device is from FTDI they just don’t send this command.

        3. >The driver then sent a command to the chip and the fake chip didn’t do what a real chip does.

          I agree that an inadvertent bricking of a counterfeit chip is not malicious. Early reports indicate was *not* done inadvertently though, they deliberately changed the ID to 0.

      2. @Standard mischief: The answer depends on if my device told windows it’s actually your device and wants to speak to your driver. If that is true (as it is in this case) I don’t think I could balme you if your driver talks to my device, assumes it’s actually your device, and does something that would work on your device but would brick my device.

        If you were held responsible in this scenario I could just make my own devices that get bricked when plugged in to windows and sue every driver maker ever?

    2. Illegal – almost defnitely

      Seizure and destruction of 3rd party property without a court order for starters.

      The device might well be an illegal knock-off, but unless you’re a customs agent or have an order for seizure you just violated a bunch of legal rights – and even those guys have to tell you they’ve seized your property and get an order for destruction.

      FTDI would have been in a far better legal position if the driver had simply refused to work with fakes or flagged them as fake and only talked to them at 1200bps

      1. Illegal on what grounds???

        I think you will find that the US government will even help you if you are a company destroying counterfeit products.

        I keep hearing this “refuse to work” argument over and over. Do you think an end user cares one way or the other? Everyone is complaining that the end user is innocent. I agree and don’t see how “refuse to work” or “destroy counterfeit goods” are any different to the average end user (i.e. one who is not going to mess around trying their widget on Linux, Macs etc…)

        I do think it should have displayed a popup saying the chip was fake and would self destruct after 10 insertions, allowing the end user to complain to their provider and request a replacement, but still taking the counterfeit device out of circulation.

        1. Yes, the government would help, but only if this goes through legal channels. Court orders being the standard method to secure the right.

          However, as proven decades ago, they do not have the right to destroy however they want:

          Years ago, a word processor company decided that if it detected it was a hacked copy, it would go through and find every document on the system, or attached drives and corrupt the user’s created files. Even if the documents were created/edited with a legitimate install, they were corrupted. They were sued big time, and lost.

          It would be the same problem if a printer driver detected 3rd party ink carts, and instead of saying “we cannot print with those carts” set a destruct routine off, disabling the printer, or worse, blowing out the paper feed motor or some such.

          This needed to go through the court system, and not through this shady “kill ’em all” crap.

          1. Hear hear! [steve c] doesn’t seem to respond to comments like this, but we need to keep pointing this out: there is a right way to deal with counterfeiters and there is a bad way. IMHO FTDI is doing it the bad way and potentially opening themselves up to some real liability.

    3. “I am pretty sure they can change THEIR driver (which they wrote) to send any commands it wants to a device which claims to be one of THEIR devices (PID/VID).”

      Umm, no. It isn’t claiming to be one of THEIR devices. It is claiming to be manufactured by them. You don’t retain ownership of something after you sell it! Claiming FTDI as the manufacturer is not the same as claiming FTDI as the owner!

      1. LOL Seriously !!! If it isn’t trying to pass off as an FTDI chip then why is it using their PID/VID and have FTDI stamped on the top !!!??

        Ohh… I see… you mean ‘owned by FTDI’ vs “supplied by”… OK, I will give you the semantics win on that one.

        Counterfeit goods CAN be destroyed by the IP holder though. The US government will even help you do it.

  20. So the evil driver changes the USB device ID from:

    $ lsusb |grep “Prolific”
    Bus 003 Device 003: ID 067b:2303 Prolific Technology, Inc. PL2303 Serial Port

    To something like:

    ID 067b:0000

    Is that the issue? Because I suppose there will be a patch for the Linux driver in 24 hours to work with the new ID, because open source. I suppose a “debricking” utility would be possible too but it wouldn’t suddenly make it impossible to not get bricked again.

    What are the possibilities of writing a Windows open source driver?

    1. “I suppose there will be a patch for the Linux driver in 24 hours to work with the new ID”

      I don’t know. 0 sounds pretty generic. So long as a counterfeit FT232 is the ONLY thing getting moved to id 0 I could see a patch working. As soon as this same bricking method is applied to any other piece of hardware though… then how would Linux know which is which?

      Instead I see there just being some udev trickery that a user can do to tell his/her system that id0 = ft232. Actually, I think I already saw directions for that in the comments here.

      1. Yes they did !!! They used a chip that pretended to be something it wasn’t and when it didn’t behave exactly the same way as a ‘real’ chip it broke. How is that FTDI’s fault?

  21. If people buy something with fake components inside, it is the responsability of the seller / manufacturer of said device to solve it. If a responsible manufacturer discover some fake chips entered his line of production, he would remove said chips and improve his quality control.

    A buyer that buys something just looking at the price knows that what he is buying is probably not the original thing. If someone buys something from these shady chinese sellers and honestly thinks it will be the same thing as an original good, well, this buyer should not be buying things.

    I agree with FTDI on this. If the lawyers have time to inconvenience FTDI about this, why don´t they find find time to hunt the fakers instead ? This disabling of devices will not affect us tinkerers that much, and we are able to use the tools to solve it. And even better, in some cases, this may generate some small revenue fixing the cheap things people buy from ebay.

    1. And how should a enduser know about deactivated fake chips ? What can he say when he send it’s back to the seller ? The user have lost his device and will buy a new one, thats all what happens. With a new better FTDI conterfeit chip….or any other rs232 bridge. No one won anything…

      1. The user doesn´t need to know the reason. For him, the device just has a problem and stopped functioning. The seller must determine what is wrong with it. If the seller sells the cheap, fake ones, and a lot of people starts returning them, said seller will discover very fast what is causing the problem…

          1. Or if he is smart build the new ones with genuine chips, FTDI or some competitor. That’s exactly what is the goal of this all, so it’s working.

    2. “A buyer that buys something just looking at the price knows that what he is buying is probably not the original thing.”

      So if two grocery stores sell beefsteak tomatoes, and one is lower price, then I should know the lower price one is fake, and not be surprised when the inside of the tomato was replaced by a pillow pack, or packing peanuts.

      “If someone buys something from these shady chinese sellers and honestly thinks it will be the same thing as an original good, well, this buyer should not be buying things.”

      What you fail to understand is that the end-user rarely is buying a chip, but a assembled product. So most end-users don’t know if they have that chip, or some other cloned device. Given what I know now, I suspect a good portion of our external hard drive cases, USB-to-Serial cables, etc, etc, etc. have some sort of cloned chips in them.

      Remember the motherboards with the fake electrolytic caps years ago? Many well-known manufacturers got burned in that. We’d have the same response if somebody came out with a driver update to blow the caps on motherboards because they were cloned/faked….

  22. Anyone experiencing issues with this driver causing hardware to become inoperable needs to report the driver as “Malicious Software” to Microsoft. Hopefully, this will encourage Microsoft to reconsider FTDI’s “certification” since FTDI have intentionally written software with intent to cause devices owned by end-users to stop functioning.

    Just my $0.02


    1. And just why would MSFT do that !!??? The FTDI driver sent a valid command to a device that claimed to be an FTDI chip and wasn’t and broke. How is this an FTDI issue in the slightest!!!???

      If you plug a piece of crap hardware into your PCIe slot and it claims to be an NVidia graphics card then bursts into flames when the NVidia driver tries to program it why would this be NVidias issue??

      1. I don’t think that’s how it works. It uses certain commands to find out if it looks genuine (it might not look like the real thing, because of a glitch) and then uses another command to reset the PID to 0, which bricks the device. The same thing can happen with the real device if driver heuristic happens to be wrong.

        And that’s clearly not by accident, so I am reasonably sure you can sue FTDI for damaging your property.

        Especially since reimplementing their protocol is not illegal.. if the IC didn’t say FTDI on it’s casing, everything would be fine with the chip from a legal perspective!

      2. You are wrong, the same command would brick a real FTDI chip, they just refrain from sending it in that case. They are intentionally bricking the non-FTDI chips, it is not a side effect.

        1. I have read both possibilities, so I will hold judgement. (Check device then send PID update and send blind command which resets PDI on fakes but not real chips)

          Obviously they are doing this intentionally. I don’t think anyone is really arguing that point.

          The real question is does anyone have a right to bitch about it?

          This is REALLY reminiscent of Black Friday on DirecTV many years ago. DirecTV downloaded software to their smart cards over a period of months. On fake cards the updates stuck but real cards ignored the single byte changes, then BAM Friday before Super Bowl they executed the code and all the fake cards died. Exactly the same thing here.

        2. Sole purpose for satellite chip card is to bypass the subscription, so the consumers has the intent. It is pretty obvious that the card have things sticking out and might have to constantly not work and have to download “updates” to get it working again and you pay a much cheaper price to get everything unlocked..

          FTDI chip are used inside an otherwise legit product that between the manufacturer/contract manufacturer/buyer/chips dealer, the fake got into the product. The end user of such product might not have the intent to violate anyone’s IP.

          So this analog of whether the IP holder can punish the end user is a bad analogy. In either case, it is really up to the government/court/local law enforcement to decide who is in the right.

      3. It’s like, as you said before, someone buying a (fully functional) product with a (fully functional clone) 100A power transistor, having it work perfectly fine for years, and then having Windows Update come in with a hammer and smash said power transistor into little flakes because “ON Semi didn’t like its ID number.” It’s not reasonable.

        1. No, its like windows update pulses 100A thru this transistor and fakes blow up.
          If you read EEVblog thread there is reverse engineered driver snipped on page ~30, code is just issuing commands to whatever is claiming to be FTDI chip, fakes cant handle illegal commands and shit themselves.

        2. The point I was really trying to make with that transistor comparison is that if you are mission critical then it is your responsibility to ensure quality. Fake goods ALWAYS have quality issues in some shape or form.

  23. I’m all for this, its a shame Microsoft can’t nuke all the fakeflash while they are at it.
    In fact I would recommend that this be addressed by windows update with an “This is FAKE MEMORY and for your own protection has been set to read only” pop up so people can tell this has been done.
    Hopefully the manufacturers will get the message and stop making crappy memory that is lying about its capacity.

    1. I’ve already been doing that. I refused to buy one of the FTDI cables, or the stand-alone boards (and took some $&@! for it as a hater BTW). I see even less reason to change that now. For USB to Serial, I’ve been using ‘u2 boards.

      1. The only problem is that there seems to be a menagerie of precisely 1 product based on that chip as a standalone adapter. And that one is 5v-only, ugh.

        Are you aware of any atmega-u-based standalone adapters (cuz I really love my pro mini clones) that work at 3v3?

        1. That PCB should be able to work on 3.3V by simple mod.
          Quick & dirty way: remove the PTC and put in its place a 3.3V LDO.
          (keep the PTC in series on the LDO input side if you want extra protection)

  24. Buy counterfeit equipment, deal with counterfeit problems.
    Didn’t know you bought a piece of equipment that was counterfeit and infringed on IP, trademark and licensing? Now you know, because FTDI just brought it to your attention by taking back their licensing right – device isn’t bricked as in unrepairable, they just removed one of the infringing portions that they could change (using the driver that you installed, gave permission). Do people want to start signing EULAs for drivers now? No. So either know what you are installing (research) or just deal with it.

    1. The problem being that it’s often hard to tell the difference. And very few people except certain pros and dedicated nerds really consider there might be counterfeit chips in their equipment.

      1. And a (probably bigger) number of people won’t buy FTDI at all now (me included). Exactly what they wanted :)

        SiLabs has some pin-compatible parts I think.. so they can be rather happy about the end result.

        1. And you have ALWAYS had the option of doing that. Why start now? All that has changed is that you are now aware of fakes.

          If you are happy with fake SiLabs chips that might crap out on you on a warm day knock yourself out.

      2. They want people to be anxious when purchasing a ftdi part, because the part they buy might not work? Which is easier, fully verifying the purchasing chain of a single product or buying a different product that has zero risk?

        1. I’ve got bucketloads of FTDI-branded products here. The ones from reputable sellers still work like the day they were new, and all the too-cheap-to-be-true ones have become little paperweights. I’m gonna go back to buying the real ones, because they’re rock-stable and exquisitely documented.

      1. But they might care if I start using the MCP2200 — which is less than half the price of the FT232RL — in my new designs.

        As a result of FTDIGate my clients have been calling and asking me to revise existing products to use something other than FTDI chips. For most I will be switching to the MCP2200, for one I will be using the ATmega8u2 but that is because we want to add some extra functionality to the board.

        We won’t know the scale of this, but legal or not, moral or not, FTDI hasn’t handled this well.

        Oh and as to all your “this is legal” argument, I am not aware of any law saying a company has a right to disable equipment past the point of sale without a court order allowing them to.

        This is unlikely to be taken to court, but if it is, the licence agreement that no one is required to read is going to have a hard time meeting the legal requirements…

      2. Go troll somewhere else Steve. What if the chip does not say FTDI? The chips do not use FTDIs IP, they are not clones. They use the VID/PID and that might not be illegal. Also this does not only effect USA, it effects the whole world. Your USA laws do not apply in the rest of the world, so stop quoting them.

        Oh, oh, did i break your IP by having Steve C in my nick? Did i? You are a moron.

  25. Lots to read here. This will really hurt the customers in the end and likely cause problem with eBay. A lot of fake chips are from China and if buyer got them (either chip alone or on board with something like Arduino) and it gets bricked, eBay requires people to return junk to get refund. Guess what? It may cost seller only 29 cents to ship from China but it may cost buyer $10 to return it with tracking.

    Although eBay now requires seller to pay return shipping on SNAD cases, I’ve had seller not provide shipping label or means of return shipping and eBay shuts down my claim because I never sent in timely manner. A follow up call got those reversed and refunded me and putting the burden on seller to pay back, not everyone can be bothered to spend 2 hours being yanked through 7 different kind of hellish service representatives, half who doesn’t speak English well, to get result.

    A lot of people will get burned by exorbitant return cost (often higher than original amount), lack of seller’s cooperation, lack of return shipping detail, and eBay not willing to help many would end up make many leaving eBay and other international marketplace.

    Suggestion for those who haven’t left eBay: buy only from sellers in the same country. It may cost a bit more but return is much cheaper and easier than trying to get seller to pay up.

    1. Even sellers who list their location in the US sometime drop ship from china. I ordered a replacement lamp for my projector from a company in the US with texas and cali addresses, they were really based out of china. When the lamp died prematurely they wanted me to ship it back to china. Ha! And mark it as “gift” so they would not have to pay duties on it when it came back. Double Ha! They ended up just sending me another lamp and this one has lasted a lot longer but really did not fit well in the housing. Not buying 3rd party lamps again…

    2. You know, that’s kinda your problem. You went to ebay for cheap prices, never mind the fake parts, crappy service and other crap. Now deal with it.

      Next time buy from a local authorized dealer, get the real product and have no problems.

      1. A LOCAL authorized dealer? LOCAL? In 2014? Oh what a rosy world you live in. You must be from Silicon Valley or maybe New York City. For most of us local dealers don’t exist any more, and no, it’s not even China, counterfeiters or the Internet’s fault. Most of them closed back in the 90s when it just wasn’t cool to make things. The best we can do is the Rat Shack where they will never have more than half of what you are looking for, always at 4 times the price and the starving employees will fight one another over the opportunity to shove a cellphone up your @$$ because they haven’t had anything to eat since last Friday and that’s the only way their masters feed them.

          1. Digi-Key and Mouser are both excellent suppliers. However, if you are looking for single quantities, you aren’t going to put in a $4 order and pay the $25 minimum shipping price – that was like $10 shipping last I looked…

          2. At least here in the US Mouser’s cheapest shipping option is USPS (its at the bottom of the list) and is around $6 IIRC. I almost always use that since items arrive in 2-3 days, faster than the more expensive UPS ground option.

            As I recall’s USPS option is cheaper than Mouser.

        1. +111 for making me nearly spit out my soda. And your right, most of the art of sourcing electronics is more about your “Google-Fu” than about finding the right brick and mortar store. I just wish rat-shack got the update and their store burns down for good.

  26. Well my prusa i2 Is screwed, looks like the mega clone had a fake chip so much for printing today.

    So why didn’t ftdi just do some sort of exchange system. Run this utility to see if you have a fake chip. send in your device and they would replace the chip with genuine for X$ otherwise you see this popup showing it is a fake chip every time you plug it in.

    I bet that would have been much more effective, increase chip sales, and give them more fake chips to examine.

    1. That is not even feasible. No one would run it, why would they. And if they did it would probably cost $100 a unit to disassemble something desolder, and then resolder a real chip in. And then there is the chance of damaging the item the chip was in.

        1. What is not funny is they are right. Dave and Mike are wrong. Makes me sad to see good hackers can’t see further than their soldering iron. If some device identifies as mine my driver can sure as hell send it any commands it damn well pleases. Brick or no brick. If you don’t like it don’t use stuff that identifies to windows as my device. If you already bought one from somewhere complain to the seller. If the seller is in China that’s the risk YOU took when purchasing stuff from china.

          1. “identifies as mine”

            Um, no. The devices do not identify as BELONGING to FTDI they identify as MANUFACTURED BY FTDI. There is a difference!

            Sell me something and you no longer own it. You no longer have any rights to it.
            Someone else produces something and sells it to me, you never HAD any rights to it, you never will (unless I sell it to you).

            This is just a pretty basic concept property here!

            Now, couterfeit something and you may lose your rights to that item. Buy a conterfeit and you may lose your rights to that item. But.. the rights do not go to the company that is claimed to have manufactured it! The device gets destroyed AFTER going through a LEGAL PROCESS! The claimed manufacturer does not get to set themselves up as the police and judge! We have a society with laws for handling that kind of thing!

          2. Love the comment “If the seller is in China that’s the risk YOU took when purchasing stuff from china.”. Dude, show me a product that was not made in China, they are rare. What you are actually saying is the person in supply chain that imported it is the one who will wear the lose and if that is not you then it is not a problem.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s