New Windows Update Contains "kill Switch" For Usb Devices

[ChumpusRex]

Many cheap USB widgets contain a chip (called a UART) that handles the complicated electrical system of USB, and translates it into an easy to use serial signal. One of the market leaders in this field is a Scottish manufacturer called FTDI.

However, their success at having the best product on the market has been tempered by Chinese manufacturers flooding the market with counterfeit chips that work just well enough to pass some basic testing, but are of generally very poor quality and reliability.

For quite a while now FTDI has their driver software (which is available for windows, Mac, Linux and various other systems) set up to detect fake chips and refuse to access the chip. This didn't stop the fakes. Most cheap manufacturers would simply supply an old version of the driver, or a hacked version.

A couple of days ago, FTDI released a new driver. This one is being automatically pushed out with Windows update. This time, however, it is outright war. The new driver when it detects a fake chip, doesn't just refuse to communicate with it, instead it erases part of the chip's firmware, irreparably deactivating the chip. The result is that the product containing the chip is now inoperable on any computer.

http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/

I suspect there might be quite a bit of fallout from this move. I wonder if this counts as criminal damage?

[Executive Sadman]

#badusb ?

[Bloo Loo]

my USB stick failed on Monday...stuck in a new Windows 7 machine.

This was an 8GB corsair flash drive...

Its about 3 years old..

coincidence?

[Gigantic Purple Slug]

Many cheap USB widgets contain a chip (called a UART) that handles the complicated electrical system of USB, and translates it into an easy to use serial signal. One of the market leaders in this field is a Scottish manufacturer called FTDI.

However, their success at having the best product on the market has been tempered by Chinese manufacturers flooding the market with counterfeit chips that work just well enough to pass some basic testing, but are of generally very poor quality and reliability.

For quite a while now FTDI has their driver software (which is available for windows, Mac, Linux and various other systems) set up to detect fake chips and refuse to access the chip. This didn't stop the fakes. Most cheap manufacturers would simply supply an old version of the driver, or a hacked version.

A couple of days ago, FTDI released a new driver. This one is being automatically pushed out with Windows update. This time, however, it is outright war. The new driver when it detects a fake chip, doesn't just refuse to communicate with it, instead it erases part of the chip's firmware, irreparably deactivating the chip. The result is that the product containing the chip is now inoperable on any computer.

http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/

I suspect there might be quite a bit of fallout from this move. I wonder if this counts as criminal damage?

I use these IC's in my products, but the 245 variant. They work pretty well.

Some of the ICs don't contain flash memory, which contains the firmware, some do. If they don't the firmware is on an external ic. In any case all you need to do is reprogram the firmware and roll back the driver if you want to make something work. My guess is that there is a routine in the control DLL to get the chip PID so you can check whether its been altered.

It will be interesting to see how robust their chip checking technique is - that would be my main worry, because if for example there was some sort of communications failure with a genuine ic it could reprogram that.

[Gigantic Purple Slug]

my USB stick failed on Monday...stuck in a new Windows 7 machine.

This was an 8GB corsair flash drive...

Its about 3 years old..

coincidence?

Possible. But unlikely. These chips are not normally used for flash drives I think (although there may be a variant that incorporates a flash memory controller).

All you have to do is look under device manager, check the USB ports and see whether an FTDI device is on there.

[interestrateripoff]

Can't wait for the law suits on this one when it disables a legit USB device.

[Bloo Loo]

Possible. But unlikely. These chips are not normally used for flash drives I think (although there may be a variant that incorporates a flash memory controller).

All you have to do is look under device manager, check the USB ports and see whether an FTDI device is on there.

My controller is an Intel C216 on a toshiba.

The corsair bricked on a clients new HP Windows 7.

Both machines report the device is not recognisable

[Wurzel Of Highbridge]

I used to used these IC's back when I was developing embedded software for 8 bit IC's, when they came out there was nothing else comparable on the market at that price. It was a couple of quid for their USB to serial/parralel converters. I guess a few of my old products are still using these decives, but i'm not surprised that there are many generic copies as things have moved on over the last 10 years.

Bit shocked at FTDI killing peoples USB peripherals.

[Wurzel Of Highbridge]

My controller is an Intel C216 on a toshiba.

The corsair bricked on a clients new HP Windows 7.

Both machines report the device is not recognisable

The IC's are located in the peripherals not the computer.

USB stick's have an all in one controller, so it will not contain a FTDI USB<=>SERIAL converter. It's will mainly be small production quntity/hobbiest/cheap Chinese eBay stuff.

Things like eBay cnc/milling machines spring to mind.

[Bloo Loo]

The IC's are located in the peripherals not the computer.

USB stick's have an all in one controller, so it will not contain a FTDI USB<=>SERIAL converter. It's will mainly be small production quntity/hobbiest/cheap Chinese eBay stuff.

Things like eBay cnc/milling machines spring to mind.

Thats what I thought...chip on the stick.

Saying that, Memory is serial.....so Im not expecting a wave of clients with failed USB sticks?

[erat_forte]

How are the Chinese chips 'fake' or 'counterfeit'? If they do the job?

[The Masked Tulip]

Been reading a lot on hotukdeals about people buying fake USB/SD cards on sites like ebay and even on Amazon from third party retailers.

[Bloo Loo]

How are the Chinese chips 'fake' or 'counterfeit'? If they do the job?

not painted by the original artist.

[The Masked Tulip]

How are the Chinese chips 'fake' or 'counterfeit'? If they do the job?

Apparently they have smaller sized drives in them - i.e. they are sold, for example, as a 16GB drive but actually only contain a 1GB drive. That kind of thing.

[ChumpusRex]

How are the Chinese chips 'fake' or 'counterfeit'? If they do the job?

They are outwardly identical to the real thing. However, they are of poor quality with a tendency to malfunction, causing reputation and technical support problems for the original manufacturer.

The fakes often find there way into the supply chain via brokers and resellers, meaning that if you purchase this particular chip for your product, you cannot be sure you are getting a genuine article, or that if you subcontract the manufacturing of your product, you can't be sure that your contractor hasn't done a switch.

[corevalue]

How are the Chinese chips 'fake' or 'counterfeit'? If they do the job?

The "fake" silicon is a new design - not stolen, which copies the functionality of the original exactly. To avoid writing drivers though, they identify the part as a FTDI device, and also silkscreen the FTDI logo on the chip itself.

What FTDI have done is outrageous. The new driver should have just refused to work with the device and notified the user.

[Byron]

Bear with me on this one!

I guess from what you are all saying that my Kindle and Toshiba external hard drive have these chips.

But what about my ecig charger?

[Habeas Domus]

These drivers are digitally signed by Microsoft no?, sounds like its up to them to revoke the certificate or deal with a bunch of legal fallout.

I can see why the supplier would want to do this, but it doesn't stop the driver being classified as malware.

[stormymonday_2011]

The "fake" silicon is a new design - not stolen, which copies the functionality of the original exactly. To avoid writing drivers though, they identify the part as a FTDI device, and also silkscreen the FTDI logo on the chip itself.

What FTDI have done is outrageous. The new driver should have just refused to work with the device and notified the user.

Great news for Tort Lawyers

Counterfeit product may be illegal but that does not justify breaking the law in response.

Gucci can not forcibly grab fake handbags off peoples arms and trash the m simply because they are phoney. They have to get a court order first.

Sadly too many IT companies think their EULAs put them above the law

Refusing to load a driver for a device is one thing , Actively changing the settings on device so that users can not access their personal data is something else

In this case FTDI action may well breach Section 3 of the Computer Misuses Act because it is unauthorised modification of someone elses computer material .It also could fall foul of Section 36 of the Police and Justice Act 2006

http://www.legislation.gov.uk/ukpga/2006/48/section/36

It could mean potential jail time for those involved

BTW the VID/PID being reset is just an industry agreed (USB-IF) set of numbers (vendor Id/Product Id).

Simple number sequences generally can not be copyrighted.

[ChumpusRex]

Some more information is starting to come out on technical forums. Someone posted a decompilation of the driver code, which shows a pretty sophisticated method of clearing the EEPROM on the clone chips (including performing a pre-image attack on the configuration checksum, to prevent the chip reverting to factory defaults).

I don't know what the legality of this is, but it's doubtful that they can argue that this is accidental or an oversight. I wouldn't want to be whoever signed off on this stunt.

[stormymonday_2011]

Some more information is starting to come out on technical forums. Someone posted a decompilation of the driver code, which shows a pretty sophisticated method of clearing the EEPROM on the clone chips (including performing a pre-image attack on the configuration checksum, to prevent the chip reverting to factory defaults).

I don't know what the legality of this is, but it's doubtful that they can argue that this is accidental or an oversight. I wouldn't want to be whoever signed off on this stunt.

The more I read about this subject the more it looks like a clear violation of the UK criminal law.

I dont know what idiot authorised this move at FTDI but they have really screwed the pooch here.

Hope they have some decent lawyers because they are going to need them

[MarkG]

What FTDI have done is outrageous. The new driver should have just refused to work with the device and notified the user.

So, let me get this right. I have some device connected to the USB port of a Windows PC, which is, I don't know, operating some safety system in a power station, or medical equipment in a hospital. And now, suddenly, I update Windows and get a box saying 'sorry, I'm not supporting that any more'?

[libspero]

So, let me get this right. I have some device connected to the USB port of a Windows PC, which is, I don't know, operating some safety system in a power station, or medical equipment in a hospital. And now, suddenly, I update Windows and get a box saying 'sorry, I'm not supporting that any more'?

I don't think anything safety critical is usually ever operated by a USB device.. not least because of how easily they could be accidentally unplugged (compared to serial which normally have retention screws).

Other than that, yes.. except it doesn't say "not supported", it actually destroys the device.

[onlyme2]

I don't think anything safety critical is usually ever operated by a USB device.. not least because of how easily they could be accidentally unplugged (compared to serial which normally have retention screws).

Other than that, yes.. except it doesn't say "not supported", it actually destroys the device.

Many external independently operational devices are reprogrammed and updated by plugging in as a perpheral usb device.

[Bloo Loo]

Great news for Tort Lawyers

Counterfeit product may be illegal but that does not justify breaking the law in response.

Gucci can not forcibly grab fake handbags off peoples arms and trash the m simply because they are phoney. They have to get a court order first.

Sadly too many IT companies think their EULAs put them above the law

Refusing to load a driver for a device is one thing , Actively changing the settings on device so that users can not access their personal data is something else

In this case FTDI action may well breach Section 3 of the Computer Misuses Act because it is unauthorised modification of someone elses computer material .It also could fall foul of Section 36 of the Police and Justice Act 2006

http://www.legislation.gov.uk/ukpga/2006/48/section/36

It could mean potential jail time for those involved

BTW the VID/PID being reset is just an industry agreed (USB-IF) set of numbers (vendor Id/Product Id).

Simple number sequences generally can not be copyrighted.

I suppose it is similar to the law that a supplier who locks out his users by password or other means,cannot claim payment for services, for, being locked out, clearly the supplier has supplied nothing at all.