I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).
As Ars Technica explains:
Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.
…
The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:
Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT
The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.
The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.
Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.
Heck, it could be an article.
Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.
