General > General Technical Chat
how secure/safe are modem day oscilloscopes??
Infraviolet:
I can't really imagine why you'd want to connect an oscilloscope to the internet, normally. The whole reason that I bought myself an o-scope as a full unit and not a plug-in USB one is because I like to be able to run it without having to turn on a PC and router. Yes, copying images or data filess off a scope can be useful, but this can be done over USB with no need for networking.
One thing I can be fairly confident of, even if malware specially written fro an o-scope somehow gets on to an o-scope, then unless the scope was abysmally porly designed malware should NOT be able to cause the scope to sustain physical damage to itself or cause physical damage to other devices. A scope should not be able to blow itself, or anything connected t it, simply as a consequence of what the software on it is doing. Atleast you'd hope that, you'd think scope manufacturers would have a few layers of non-rewritable firmware and physical circuitry between the fundamental electronics and the level at which smart network related stuff runs, and you'd think any fuses and other safety devices should be fully able to prevent whatever evils some piece of software wished to inflict.
SL4P:
If you’re really concerned, read about routers, buy a good one, then implement as much LAN level security as you want. VLANs, password, subnets etc.
But don’t give the router password out !
Black Phoenix:
--- Quote from: Bud on September 22, 2022, 09:29:21 pm ---
--- Quote from: mikeselectricstuff on September 22, 2022, 07:42:57 pm ---Most are probably not very secure, but who is going to put resources in developing malware for such a specialised piece of equipment?
--- End quote ---
Well, someone did put resourses into the Stuxnet malware, targeting even more specialized piece of equipment. :-X
https://en.wikipedia.org/wiki/Stuxnet
--- End quote ---
That was a different case. The PLCs are used industry wide for a lot of applications. From Kuka's to Fans, and in this case centrifuges for Uranium enrichment.
To be sincere, a very smart attack vector I must say. Unfortunately it propagated to other industries and energy producing operators.
An Oscilloscope although also widely use their consequences in other equipments are minimal, and probably only on the "scope" (pun intended) of wrong measurements.
ejeffrey:
--- Quote ---i want to ask how secure/safe are modem day oscilloscopes??
--- End quote ---
Zero. They make no attempt to be secure against any attack vector. You should assume that it is your responsibility to control access to the oscilloscope both physically as well as over any network interfaces, and that there is no "safe" way to give someone partial access while preventing them from getting full access.
Even if an instrument has the ability to implement user accounts and permissions, you should basically assume those are administrative conveniences and not intended to protect against a malicious actor.
If your co-worker is the malicious actor and needs access to the instrument then probably you need to have a chat with HR.
Halcyon:
Like any other device, if it doesn't need internet access, set it up in it's own VLAN or block all external traffic to/from it.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version