FTDI: Difference between revisions - Consumer Rights Wiki

(One intermediate revision by the same user not shown)

Line 15:

===Drivers Bricking Chips (2014)===

FTDI pushed an automated driver update via [[Microsoft Windows]] Update that targeted the FT232 chipset. The update bricked chips it detected to be counterfeits or clones by setting their PID to 0. Because the chip itself is not something users usually purchase by itself, but rather buy devices which include it, many users were not aware their chip was counterfeit, yet were still affected. The update's INF file included a disclaimer which mentioned that the driver "MAY IRRETRIEVABLY DAMAGE THAT COMPONENT" ~~however~~, since it was installed through Windows Update, users were not able to see this file.

FTDI pushed an automated driver update via [[Microsoft Windows]] Update that targeted the FT232 chipset. The update bricked chips it detected to be counterfeits or clones by setting their PID to 0. Because the chip itself is not something users usually purchase by itself, but rather buy devices which include it, many users were not aware their chip was counterfeit, yet were still affected. The update's INF file included a disclaimer which mentioned that the driver "MAY IRRETRIEVABLY DAMAGE THAT COMPONENT" referring to non genuine components. However, since it was installed through Windows Update, users were not able to see this file.

Moreover even standalone chips, are reportedly difficult to tell apart from counterfeits and ensure you're getting genuine chips.<ref name="inject"></ref>

This sets a dangerous precedent, because if users start avoiding updates due to mistrust, they may end up vulnerable because of missed security updates.<ref name="brick></ref>

This sets a dangerous precedent, because if users start avoiding updates due to mistrust, they may end up vulnerable because of missed security updates.<ref name="brick"></ref>

[[File:FT232R USB UART IC (SSOP).jpg|alt=An FTDI FT232RL chip|thumb|An FTDI FT232RL chip]]

===Injecting Garbage Data (2016)===

A functionality was added the FTDI driver through Windows Update that injected unwanted garbage data into the device's serial stream. The stream read "NON GENUINE DEVICE FOUND!” Because this was an undocumented functionality and because it is difficult to tell whether or not a chip is genuine, this may have caused issues in chips in all kinds of devices such as medical and industrial equipment as well as ~~Arduinos~~.<ref name="inject"></ref>

A functionality was added the FTDI driver through Windows Update that injected unwanted garbage data into the device's serial stream. The stream read "NON GENUINE DEVICE FOUND!” Because this was an undocumented functionality and because it is difficult to tell whether or not a chip is genuine, this may have caused issues in chips in all kinds of devices such as medical and industrial equipment as well as [[Arduino]].<ref name="inject"></ref>

==Products==

@@ Line 15: / Line 15: @@
 ===Drivers Bricking Chips (2014)===
-FTDI pushed an automated driver update via [[Microsoft Windows]] Update that targeted the FT232 chipset. The update bricked chips it detected to be counterfeits or clones by setting their PID to 0. Because the chip itself is not something users usually purchase by itself, but rather buy devices which include it, many users were not aware their chip was counterfeit, yet were still affected. The update's INF file included a disclaimer which mentioned that the driver "MAY IRRETRIEVABLY DAMAGE THAT COMPONENT" however, since it was installed through Windows Update, users were not able to see this file.
+FTDI pushed an automated driver update via [[Microsoft Windows]] Update that targeted the FT232 chipset. The update bricked chips it detected to be counterfeits or clones by setting their PID to 0. Because the chip itself is not something users usually purchase by itself, but rather buy devices which include it, many users were not aware their chip was counterfeit, yet were still affected. The update's INF file included a disclaimer which mentioned that the driver "MAY IRRETRIEVABLY DAMAGE THAT COMPONENT" referring to non genuine components. However, since it was installed through Windows Update, users were not able to see this file.
 Moreover even standalone chips, are reportedly difficult to tell apart from counterfeits and ensure you're getting genuine chips.<ref name="inject"></ref>
-This sets a dangerous precedent, because if users start avoiding updates due to mistrust, they may end up vulnerable because of missed security updates.<ref name="brick></ref>
+This sets a dangerous precedent, because if users start avoiding updates due to mistrust, they may end up vulnerable because of missed security updates.<ref name="brick"></ref>
+[[File:FT232R USB UART IC (SSOP).jpg|alt=An FTDI FT232RL chip|thumb|An FTDI FT232RL chip]]
 ===Injecting Garbage Data (2016)===
-A functionality was added the FTDI driver through Windows Update that injected unwanted garbage data into the device's serial stream. The stream read "NON GENUINE DEVICE FOUND!” Because this was an undocumented functionality and because it is difficult to tell whether or not a chip is genuine, this may have caused issues in chips in all kinds of devices such as medical and industrial equipment as well as Arduinos.<ref name="inject"></ref>
+A functionality was added the FTDI driver through Windows Update that injected unwanted garbage data into the device's serial stream. The stream read "NON GENUINE DEVICE FOUND!” Because this was an undocumented functionality and because it is difficult to tell whether or not a chip is genuine, this may have caused issues in chips in all kinds of devices such as medical and industrial equipment as well as [[Arduino]].<ref name="inject"></ref>
 ==Products==