Just over a year ago, FTDI, manufacturers of the most popular USB to serial conversion chip on the market, released an update to their drivers that bricked FTDI clones. Copies of FTDI chips abound in the world of cheap consumer electronics, and if you’ve bought an Arduino for $3 from a random online seller from China, you probably have one of these fake chips somewhere in your personal stash of electronics.
After a year, we have the latest update to FTDI gate. Instead of bricking fake chips, the latest FTDI drivers will inject garbage data into a circuit. Connecting a fake FTDI serial chip to a computer running the latest Windows driver will output “NON GENUINE DEVICE FOUND!”, an undocumented functionality that may break some products.
FTDI gate mk. 1 merely bricked fake and clone chips, rendering them inoperable. Because fakes and clones of these chips are extremely common in the supply chain, and because it’s very difficult to both tell them apart and ensure you’re getting genuine chips, this driver update had the possibility to break any device using one of these chips. Cooler heads eventually prevailed, FTDI backed down from their ‘intentional bricking’ stance, and Microsoft removed the driver responsible with a Windows update. Still, the potential for medical and industrial devices to fail because of a random driver update was very real.
The newest functionality to the FTDI driver released through a Windows update merely injects unwanted but predictable data into the serial stream. Having a device spit out “NON GENUINE DEVICE FOUND!” won’t necessarily break a device, but it is an undocumented feature that could cause some devices to behave oddly. Because no one really knows if they have genuine FTDI chips or not – this undocumented feature could cause problems in everything from industrial equipment to medical devices, and of course in Arduinos whose only purpose is to blink a LED.
Right now, the only option to avoid this undocumented feature is to either use Linux or turn off Windows Update. Since the latter isn’t really a great idea, be prepared constantly roll back the FTDI driver to a known good version.
@MAZ
“Or do we stop using FTDI chips which would actually solve this problem in this case?” Well, if you trust the manufacturer to not use other fake devices too, then knock yourself out, but please don’t expect ME to buy anything from YOU if you knowingly use a manufacturer who uses fake devices.
@BrightBlueJim
“And I notice that the first group isn’t really saying that THEY use FTDI parts, either.” Well, probably because that group uses genuine devices and doesn’t have any issues?? I use real chips and have NEVER had an issue. Happy?
“Since the latter isn’t really a great idea”
Well that’s your view, you could also take the time to do the updates manually and have a safer more stable windows.
All this talk about it not being FTDI’ fault is a bit sus. It is not because FTDI tried to protect their intellectual rights. It is the way they did it.
If I build a product that has a fake FTDI chip in it, and it fails to work because the driver does not run, then I go the supplier for selling me fakes. BUT if FTDI bricks my device, or cause spurious operation by injecting extra text into the serial, it is then FTDI’s fault!
There is no argument with FTDI if they stopped fake chips runing with their driver. That would be the way to go.
The argument is with FTDI trashing my equipment. That is NEVER acceptable! And as Dave Jones says on his blog, very stupid!
I doubt FTDI’s reputation will survive this.
I’ll never design one of their parts into a product again.
I’m a very small design house in the scheme of things, so they would not notice, but the common thread of design engineers looks to be about the same,
Thumbs down FTDI. You tried to fix this in the worst way you could.
I’m wondering if FTDI has also introduced their malicious code into the Linux kernel. FTDI supplies the code for the Linux kernel and will not release the source. I was surprised to learn that the kernel developers would agree to use closed source in the kernel – at least in the Mint Linux distro. Read:
https://forums.linuxmint.com/viewtopic.php?f=49&t=226100
No one should be suggesting this can cause harm or loss of life. FTDI already warns in its data sheets that components such as FT231X are not for medical applications or critical systems.
Law of unintended consequences: poor hobbyists who don’t know this has happened suddenly finding that their 3D printer glitches randomly and wastes material, or PIC programmer randomly fails to program CP/ clkin/etc bits.
Yes these get used in fake Arduinos as well, so do defective (noisy) regulators, crystals etc.
Seriously! Who would go to the trouble of salvaging a 12 MHz crystal just to use it on a fake Arduino?
Interestingly, someone went round all the dollar stores buying up all the pushbutton FM radios and found that a lot of them use recycled parts, guess its cheaper to stripmine boards than actually buy new.
Better solution – Don’t buy stolen (or copied) property! Ya get what you deserve.
This post is so ignorant.
Purchase your parts from a competent vendor who can produce a CoC for traceability and you won’t have nearly as much of this problem.
Also, Medical devices and other safety critical parts have stringent safety and supply chain rules. If your business is buying black market parts and not testing them for faults before distribution, you need a long, hard look at your quality assurance processes.