Friday, February 5, 2016

FTDI abuses Windows Update, pushing driver that breaks counterfeit chips

The Scottish design firm FTDI has used Windows Update to push a malicious driver that identifies counterfeit chips modeled after FTDI's design. The chip in question is an RS-232 to USB converter commonly found inside pre-built, finished products widely available for order online, as well as sold in hobbyist projects such as Arduino. The new driver intercepts the intended input and output between the connected device and PC, and replaces it with arbitrary data. As such, the victims in this scenario are the purchasers of finished products or DIY kits who have unknowingly purchased products thought to be genuine, which worked properly prior to driver interference by FTDI.

How the driver targets counterfeits

This driver update sends the signal "NON GENUINE DEVICE FOUND!" instead of functioning normally. This isn't a dialog box being presented to the user—the driver actually sends this message as arbitrary data when connected to a computer with the malicious driver. (Generally, this is not visible to an end-user.) With the continued use of RS232 devices in industrial control equipment—heavy machinery, electrical grid monitoring, among other uses—transmitting arbitrary data in the pursuit of fighting counterfeiting introduces a risk potential for personal injury, equipment damage, or industrial accident. There is a substantial difference between programming a driver to refuse to work with counterfeit chips (zero response), and programming a driver to actively interfere with the normal functioning of a given device.
This isn't the first time FTDI has used Windows Update to inhibit the functioning of counterfeit chips. In October 2014, FTDI pushed a driver via Windows Update which identified the counterfeit chips, and set the PID (Product ID) to zero, making the device unidentifiable to the driver. As a result, uninstalling the offending driver will not return the devices using this chipset back to a usable state. Even if the device is plugged into any other computer, running a different operating system, the device will still be inoperable unless the PID is rewritten to the correct value. Although the device is not completely unrecoverable, the resulting effect is that the device is bricked, to the extent that an average user would not have the ability to restore the PID. This update was later pulled after user complaints.

Why this is a problem

Given that the affected devices worked with the driver prior to FTDI's interference, and likely worked long enough that the devices in question are now out of warranty, end users of the affected products are the victim of such interference. Additionally, considering the nature of supply chains, it is entirely conceivable that companies thinking they have purchased legitimate parts are now being impacted as well. With the difficulty of ensuring that components in a supply chain are genuine, this action by FTDI serves as a disincentive to use any part labeled FTDI in the future.

http://www.techrepublic.com/article/ftdi-abuses-windows-update-pushing-driver-that-breaks-counterfeit-chips/

No comments:

Post a Comment