Tag: usb

Personal storage market was flat last year

storage75.7 million personal and entry level storage products shipped in 2014 and that means the market was essentially flat.

IDC estimated that annual shipment values fell 1.5 percent compared to 2013, with a value of $6.6 billion.

Personal stort age suffered from competition from public cloud providers and people started using online streaming more, said IDC.

The entry level market is largely dominated by vendors that don’t make hard drives but their share fell as much as 17.6 percent compared to the year before.

USB continues to be the choice for the personal and entry level storage market, while Ethernet is preferred for entry level market. Thunderbolt based devices fell by 5.7 percent in the fourth quarter of 2014, the first time it had showed a decline.

Devices with over four terabytes of storage now account for a third of all shipments in the quarter.

Microsoft bricks Scottish FTDI clones

kirkhillyard2Hardware hackers building interactive gadgets based on Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked fake FTDI chips.

The Scottish outfit FTDI makes USB-to-serial chips.  They are very popular and every microcontroller and embedded device out there that can communicate over a serial port uses one. As a result there’s a vast number of knock-off chips in the wild that appear to be made by FTDI, but in fact aren’t.

FTDI develops drivers for its chips which are obtained directly from FTDI, or they can be downloaded by Windows automatically, through Windows Update. But the latest version of FTDI’s driver, released in August, contains some new language in its EULA reprograms counterfeit chips rendering them largely unusable. According to its license:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, may irretrievably damage that component.

Of course no one reads the licence, which is stored inside the driver files, but at least the owners of cloned chips were warned.

What is also happening though is that developers who thought that they had bought legitimate FTDI parts are suddenly discovering that their supplier has been ignoring design specs and using knock-offs.

The new driver reprograms the PID of counterfeit chips to 0000 which means that necause this PID does not match any real FTDI part, the FTDI drivers no longer recognise the chips, and block access. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.

FTDI has recovery software that enables chips to be reprogrammed, and when used with some older drivers, it appears to be possible to reinstate the “correct” PID. If the chips are ever used with the recent drivers, however, their PID will once again be set to 0000.

While there is some amount of sympathy for a hardware company that is having its products so widely cloned, there is a great sense that FTDI has gone too far by rendering them inoperable.

More here http://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/.

 

USB drives pose big risk

Dangerous-USBUSB drives are so insecure they should not be allowed near a corporate network, according to the latest research from two security boffins.

SR Labs’ Karsten Nohl and Jakob Lell have come up with a collection of proof-of-concept malicious software to show how the security of USB devices is fundamentally broken.

The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC and alter files installed from the memory stick, or even redirect the user’s internet traffic.

BadUSB does not live in the flash memory storage of USB devices, but in the firmware that it. The attack code can remain hidden even if the data has been wiped.

The researchers said that there is no easy fix because it exploits the way that USBs are designed.

They reverse engineered the firmware that runs the basic communication functions of USB devices which is the controller chips that allow the devices to communicate with a PC and let users move files on and off them.

Unless the IT guy has the reverse engineering skills to find and analyse that firmware, “the cleaning process doesn’t even touch the files we’re talking about.”

All USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed in the same way.

Nohl and Lell have tested their attack on an Android handset plugged into a PC.

And once a BadUSB-infected device is connected to a computer, Nohl and Lell could do more or less what they liked.

The malware can hijack internet traffic too, change a computer’s DNS settings to siphon traffic. It can also spy on a computer’s activity.

BadUSB’s ability to spread from USB to PC and back raises makes it impossible to use USB devices securely at all.