[aprssig] ***SPAM*** Re: * Oh No!! Fake Prolific 2303 USB<-->Serial Chip Fiasco Now Spreading To FTDI

[KF4LVZ]

It is indeed going to be a most interesting experiment in case law.  No
idea what lawsuits might show up but the chain of parties does make
things exceedingly complicated.  I'm sure it would take years to make it
through the court system.

I'm basing my "most" on the consumer items that I've taken apart and
find these chips.  In the 100k+ quantities used for major consumer
electronics the FTDI and Prolific chips are no more than a few cents
each.  The cost differential between dropping a chip in the device
versus the labor involved in implementing a USB stack from scratch on
the controller of choice is mostly a wash or leans in favor of the USB
chip.  The labor is better spent working on the functions needed for the
device itself rather than the communication protocol.  There's a few
exceptions of course for things that have good on-board processors (e.g.
tiny media players) where the ability to have loadable libraries in the
development environment eliminates most of the labor or for items that
need to communicate with other USB devices (e.g. televisions that have
USB ports for memory sticks).  As for the lab equipment you're right,
cost is no object there.  Just slap in a chip and worry about the rest
of the device.  The same thing happens to ethernet enabled lab
equipment.  There's usually some single-chip system that handles all the
TCP/IP and spits out a serial stream.  I have a few power supplies and
temperature controllers that are this way.

On 2015-03-27 21:51, Scott Miller wrote:
> I was in the middle of a book on contract law and torts when this
> happened, and I think it'll be really interesting to see if any lawsuits
> come out of it.  Your players might include FTDI, who pushed out an
> update very specifically crafted to render counterfeits useless,
> Microsoft, who pushed out the update without notification (but wouldn't
> have known of its effects), a manufacturer who designed the FTDI chip
> into a device, a contract manufacturer that assembled the device, the
> CM's supplier or their supplier that provided counterfeit parts, and the
> end users who were effectively punished for the sins of one or more of
> those parties.  *One* of those parties would have known about the
> substitution, but no reasonable level of testing downstream would have
> picked it up.  These were perfectly usable parts, they were just
> labelled falsely (the illegal part) and used FTDI's VID/PID (not illegal).
> 
> And I think it's a stretch to say that "most" USB devices have serial
> chips in them.  Most hobbyist devices, probably.  But on a high-volume
> device that's more than you'd want to pay (maybe $1.50) for something
> you can do in the MCU.  Even the OpenTracker USB does native USB just
> fine on an 8-bit MCU that's now several years old.  That said, it
> doesn't surprise me that you'd find them in expensive devices like
> that.  No one cares about that extra $1.50 in a $50k device but it saves
> the developer the trouble of dealing with drivers and software testing.
> 
> Scott
> N1VG
> 
> On 3/27/2015 9:08 PM, KF4LVZ wrote:
>> FTDI has already reversed course on the reflashing.  The newest drivers
>> no longer do that and they have offered software to fix any chips that
>> were flashed.  It caused much more trouble than simple dongles because
>> most devices with integrated USB interfaces are actually just these
>> serial chips (it's much easier for an embedded processor to communicate
>> via simple serial rather than directly use USB).  So things other than
>> simple dongles were being bricked including medical instruments,
>> laboratory equipment, etc.
>>
>>
>>
>> On 2015-03-27 21:01, Stephen H. Smith wrote:
>>> For several years, Prolific Technology has been attempting to fight
>>> Chinese counterfeit copies of their USB<-->serial chip by playing games
>>> with recent versions of the driver they provide for this device.   The
>>> current driver somehow determines that a device has a fake 2303 chip and
>>> refuses to install or run.   This breaks numerous devices (USB-serial
>>> dongles, USB-interface GPS units, radio programming cables, etc.) that
>>> contain "fake" chips.
>>>
>>> Windows Update automatically updates  the Prolific driver when it finds
>>> it present in a Windows installation.  This has the effect of causing
>>> devices that initially worked with an older version Prolific driver,
>>> provided with the device, to stop working after Windows Update
>>> "helpfully" updates to the "DRMed" driver.   More details on the
>>> Prolific mess here on my website:
>>> .   <http://wa8lmf.net/ham/USB-Serial-Dongles.htm>
>>>
>>>
>>> For the last year or so, the conventional wisdom was that to avoid this
>>> headache, insist on USB<-->serial dongles based on the FTDI chip
>>> instead.  Now it appears that Scotland-based FTDI is facing the same
>>> problems (Chinese fakes) and is taking even more drastic action.  Their
>>> latest drivers are actually reflashing the internal EEPROM of fake FTDI
>>> chips to render them nonfunctional even if you reinstall an older
>>> non-DRM driver.  This has the effect of permanently "bricking" the
>>> device the chip is embedded in.
>>>
>>> I somehow missed this story on Slashdot.org when it first ran last
>>> October, but a passing reference and a link to it appeared today (27 Mar
>>> 15):
>>>
>>> <http://hardware.slashdot.org/story/14/10/22/185244/ftdi-reportedly-bricking-devices-using-competitors-chips?sdsrc=popbyskid>
>>>
>>>
>>>
>>> "FTDI Reportedly Bricking Devices Using Competitors' Chips.
>>>
>>> It seems that chipmaker FTDI has started an outright war on cloners of
>>> their popular USB bridge chips. At first the clones stopped working with
>>> the official drivers, and now they are being intentionally bricked,
>>> rendering the device useless. The problem? These chips are incredibly
>>> popular and used in many consumer products. Are you sure yours doesn't
>>> contain a counterfeit one before you plug it in? Hackaday says, "It’s
>>> very hard to tell the difference between the real and fake versions by
>>> looking at the package, but a look at the silicon reveals vast
>>> differences. The new driver for the FT232 exploits these differences,
>>> reprogramming it so it won’t work with existing drivers. It’s a bold
>>> strategy to cut down on silicon counterfeiters on the part of FTDI. A
>>> reasonable company would go after the manufacturers of fake chips, not
>>> the consumers who are most likely unaware they have a fake chip."
>>>
>>> In a series of Twitter posts, FTDI has admitted to doing this. "