FTDI-Gate: The WRONG way to fight counterfeits

NOTE: This article was written in 2016 for an internal group. I’ve decided to publish here for posterity
What or Who is FTDI?

FTDI is a major developer of USB communication chips and drivers. Their most common product is a line of serial to USB chips and drivers. If you have a USB to serial converter or a black box that connects older equipment to a USB port, chances are there is an FTDI chip at the heart of it.
FTDI also provides drivers for their chips. A driver is a piece of code that runs on your computer that tells Windows how to talk to the device.
The FTDI line of USB chips are incredibly popular and common in many electronic widgets. They are found in test equipment, DIY products (Arduinos, BeagleBone’s, Raspberry Pi etc) as well as many consumer electronics. Anything that speaks USB and Serial probably has an FTDI chip somewhere.

The Problem When You’re The Best:

FTDI chips are so reliable and popular that the market is awash with counterfeit FTDI chips. These fakes look just like genuine FTDI chips and can be impossible to distinguish without drastic testing. Often the only way a consumer can tell is by replacing a buggy piece of hardware with a different vendor. The real problem with the counterfeit chip business is that the end user or even a mid level producer often has no means of knowing if the chips they are getting are genuine or not. The supply chain is so heavily saturated with counterfeits, even distributors have a difficult time guaranteeing genuine parts.

FTDI’s Answer to Counterfeiting – FTDI-Gate Part 1:

In late 2014, rumors and blog posts started appearing describing problems with an updated FTDI driver being pushed out through Windows Update. Although not documented by FTDI, it was soon discovered that this new driver would modify the counterfeit chip in a specific way, rendering it useless. In the community this is known as “bricking” the device. The driver would alter a parameter in the chip that would stop it from functioning with any other computer. This was FTDI’s answer to the counterfeit chips, to disable them without the end users knowledge or consent.
As one could imagine, the online community erupted against FTDI. This action was seen as duplicitous, manipulative and possibly illegal. An analogy to this would be Honda remotely destroying your car because they discovered a counterfeit part in the engine. Punishing the end user for market problem far upstream was a very heavy handed action by FTDI who were forced eventually to rescind the damaging driver update, although bricked devices were not repaired.

FTDI Strikes Again – FTDI-Gate Part 2:

Fast forward to February 2016. Stories began to pop up about strange, random behavior of serial to USB adapters. With the stink of FTDI-Gate still fresh in peoples memories, the builder community began to suspect FTDI of shenanigans once again.
Like a rerun of a bad sitcom, it was soon determined that FTDI had once again modified it’s drivers, pushing a new poison pill out through the Windows Update service. This time, if the driver detected a counterfeit chip, the driver would inject text into the data stream. Specifically the driver would inject “NON GENUINE DEVICE FOUND!” into the serial and USB data streams.
This is different than bricking the fake chip, and in some ways worse. Imagine for a minute you have an old chiller that communicates to a BMS system via a serial to USB converter, which is not such an uncommon occurrence. The chiller receives commands and sends data via this serial to USB converter. Suppose again that this serial to USB converter was purchased from a major retailer like Best Buy, and was manufactured in China. The changes of having a counterfeit FTDI chip is probably 60/40. How would the chiller respond if it suddenly received “NON GENUINE DEVICE FOUND!” from the communication line? How would the BMS system respond to receiving this string from the Chiller? There really is no way of knowing.
Injecting invalid data into a production system is akin to sabotage, resulting in unpredictable results. Bricking the device at least leaves one in a known state.
This firmware update has not yet been revoked.

So Now What?

I wanted to bring this story up because it’s a good illustration of the types of struggles with electronic systems and why they suddenly stop working. In this case, there really is nothing the end user can do to ensure they are getting genuine FTDI parts other than being particular in where they buy products. Also as a warning to everyone who uses USB to Serial converters. If you happen to one day run into problems with the converter, you may have been affected by the FTDI-Gate.