The post addressed what FTDI singled out as its "genuine customers" -- maintaining its stance that all users of FTDI chips affected by its actions are knowingly using fakes.
Dart said he acknowledged that silently bricking the chips of its users "caused concern amongst our genuine customer base" and that FTDI did not wish to cause distress "to them" -- yet the post holds no apology for FTDI's actions.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur.
The driver is in the process of being updated and will be released next week.
This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
FTDI says it's not targeting users, but shifts the blame to users in a tweet suggesting users may -- somehow -- knowingly be using cloned chips. In a now deleted tweet from October 22, 2014 @FTDIChip wrote, "@mikelectricstuf FTDI is definitely not targeting end users - if you're unsure if ICs are genuine then please don't use the drivers."
@mikelectricstuf FTDI is definitely not targeting end users - if you're unsure if ICs are genuine then please don't use the drivers.
The FTDI FT232 is one of the most common chips on devices with USB-serial port hardware functions. It's used to add a USB serial port to a device or project.
Hack A Day explained, "The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port."
this is technical, but basically details a chip kill switch used in the wild - "FTDI driver kills fake FTDI FT232": http://t.co/CdIt88lNif
The company's evident overreach has created a situation that leaders in the security communities consider unethical and untenable -- it will no doubt damage the company's reputation, and possibly its bottom line.
FTDI has threatened the entire security-critical ecosystem of silent automatic updates. It's not optional to manage this.