Crosstown Traffic: Sparkfun comments on fake FTDI chips, more info comes out

As I predicted yesterday, Sparkfun has now commented on the counterfeit FTDI problem.  I had no doubt that their boards, like Adafruit’s, used genuine components… but you never know what can slip into the distribution stream from others:

As soon as we heard about it (from Twitter, of course), we immediately began assessing our product line for products which might be of concern. At the moment, we have about 30 individual products using the FT232 chip. We immediately crossed most of them off the list; our in-house assemblies are all produced using chips from reputable suppliers (like Mouser, Digikey, Future, etc.).


We have less visibility into assemblies that come pre-made to us, however, so we immediately set about testing them for vulnerability to this change. Testing is still ongoing, but our preliminary tests show that current stock is not affected. We already had the discussion with suppliers in the past regarding counterfeit chips (you may recall that we had a brush with this issue in the past), so we’re quite confident in the product we’re currently selling.

When I heard about this yesterday, it rang a bell about a similar issue in the past.  I finally remembered what is was.  Prolific also makes USB to RS-232 chips and they had issues in the past with counterfeiters as well.  Their solution was to just have their driver not work with the counterfeits.  If you tried, you would get a BSOD.  However, alternative drivers soon came out that worked just fine.  I remember some time in the past trying to get a cheap USB-RS232 adapter to work and having to try an alternative driver.  At least their solution wasn’t destructive.

Back to FTDI.  Is destroying privately owned equipment while enforcing your intellectual property legal?  Deep in their website is this little gem:

The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.

Does this absolve them of any damages that might result from this?  Don’t get me wrong.  I’m all for protecting your intellectual property.  But this seems a little heavy handed — it is likely that the general public will have some devices that will be nuked in the coming weeks.  They will have no idea why their peripheral will just stop working forever.  They might try to return it only to get a replacement that will die the first time.  They may (rightly) blame the manufacturer.  They may just simply throw it away.

Arduino is a good example.  There are many “fake” Arduinos available on eBay.  I use the quotation marks because Arduino’s are open-souce — they actually publish the schematics and board layouts and such and don’t care if another company makes money on their designs.  They only ask that you don’t use the name “Arduino” (but they don’t seem to mind companies using the “-uino” at the end of their names).  Some of these “fakes” look very original, and some are obviously “fake.”  But I’d be willing to bet that many of them have the fake FTDI chips in them.  Many of them are about to die.  Most people won’t understand why.  But many of them will be upset.  And when enough research is done, and people search the forums and the blog posts (like this one) they will find out why and many will be upset with FTDI.  Remember when people got upset with Fluke? A well-respected manufacturer of fantastic test equipment had their Facebook and Twitter feeds clogged with profanity — it was a PR nightmare for them.  Fluke had no idea what was coming — it was a decision made by their lawyers — and graciously made up for the whole mess and everybody came away happy.  I don’t see that happening with FTDI.

Just before I published this, I found this article on arstechnica.  It has a good explanation of what is actually going on when the new driver kills the chip, and instructions on how to reverse the damage — easy for a hacker, hard for the average consumer.


(published from DFW, Texas)

Leave a Reply

Your email address will not be published. Required fields are marked *