Biz & IT —

Windows Update drivers bricking USB serial chips beloved of hardware hackers

The move to combat counterfeit chips leaves hobbyists stuck in the middle.

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The driver in question is for a line of USB-to-serial chips designed by Scottish firm FTDI. FTDI's chips are incredibly popular in this space, as just about every microcontroller and embedded device out there can communicate over a serial port. But this popularity has a downside; there's a vast number of knock-off chips in the wild that appear to be made by FTDI, but in fact aren't.

FTDI develops drivers for its chips. The drivers can be obtained directly from FTDI, or they can be downloaded by Windows automatically, through Windows Update. This latter feature is a great convenience for most people, as it enables plug-and-play operation. The latest version of FTDI's driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it's not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts. It can be difficult to tell, and stories of OEMs and ODMs quietly ignoring design specs and using knock-offs instead of official parts are not uncommon. As such, even hardware that was designed and specified as using proper FTDI chips could be affected.

Every USB device has a pair of IDs. One, the Vendor ID (VID), is allocated by the USB group. Each vendor has its own unique VID and uses that VID on every USB device it makes. The second is the Product ID (PID), allocated by the vendor, with each distinct chip type having its own PID. Windows uses the VID/PID pair to figure out which driver a given piece of hardware needs. The counterfeit chips use FTDI's VID and set the PID to the PID of whichever chip it is they're cloning (FTDI has a range of similar parts, each with their own PIDs).

The new driver reprograms the PID of counterfeit chips to 0000. Because this PID does not match any real FTDI part, it means that FTDI drivers no longer recognize the chips and, hence, no longer provide access to them. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.

The broken parts do appear to be recoverable; FTDI has recovery software that enables chips to be reprogrammed, and when used with some older drivers, it appears possible to reinstate the "correct" PID. If the chips are ever used with the recent drivers, however, their PID will once again be set to 0000.

It's not immediately clear how or why the drivers are acting this way. It's possible that they're somehow detecting counterfeits and deliberately reprogramming them. It's also possible that the drivers are sending the same commands to both good and bad parts, and these commands just happen to cause bad things in counterfeit parts while being harmless on the real ones. We've asked FTDI for comment but received nothing as yet.

We've also asked Microsoft for comment; while it's Microsoft's software that's actually detecting the hardware and installing the drivers, potentially breaking end-user hardware, the company had no comment to offer us and instead told us to speak to FTDI.

The immediate reaction among the hardware hacker community is anger toward FTDI. The assumption is that this behavior is deliberate, and while there is some amount of sympathy for a hardware company that's having its products so widely cloned, there is a great sense that FTDI has gone too far, making its drivers not only cease working with the fake parts, but also rendering them inoperable.

Update: Microsoft has given us a statement:

Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.

Listing image by Grzesiek

Channel Ars Technica