EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: aqarwaen on September 22, 2022, 04:19:35 pm
-
i want to ask how secure/safe are modem day oscilloscopes??
why this i mean how secure are oscilloscopes what have internet connectivty like,wifi,lan, bluetooth.
what is posibilty if i connect my oscilloscopes to internet,that some hacker may take it over with using security hole in oscilloscope costum os or hardware security??
is it possible for hack my oscilloscopes and mess with setting and make it blow up??
are there any malware made specifically for oscilloscopes ??
i know theys are question,buti am just currious about this.
-
router firewall
j
-
router and firewall really do anything,for example if hacker is co-worker,who screw you over and do harm for you.all he needs to do,is plug in any flash drive to usb port, since modem oscilloscopes have usb port.but not sure how easy it would even find such stuff
-
router and firewall really do anything,for example if hacker is co-worker,who screw you over and do harm for you.all he needs to do,is plug in any flash drive to usb port, since modem oscilloscopes have usb port.but not sure how easy it would even find such stuff
If the hacker has physical access you're done, period. The hardware it's not going to be inherently safe or hardened because it's someone else's job to make sure that only trusted parties can use the hardware.
Hacking from remote, yeah firewalls, isolated networks, the usual stuff.
The scope is DEFINETLY going to have security holes in networking, the system is customized and never really udpated because of the customizations.
-
Test equipment with LXI is generally not secure. These devices have no authentication - imagine someone connecting to your power supply and set it to output max power. Such devices should be kept on their own isolated network.
-
Used Yokogawa DSO eg DL1740, DL7440 since 1992, most on LAN/Ethernet, nerver hacked.
Use Linksys router WRT1900 etc plus DDWRT OS router firmware
j
-
The best thing is to wrap the oscilloscope in tin foil. Problem solved.
-
Most are probably not very secure, but who is going to put resources in developing malware for such a specialised piece of equipment?
-
router and firewall really do anything,for example if hacker is co-worker,who screw you over and do harm for you.all he needs to do,is plug in any flash drive to usb port, since modem oscilloscopes have usb port.but not sure how easy it would even find such stuff
Obviously if this is some "internal" attack, there's nothing much you can do. Except get better at hiring trustworthy people. Or stick to 40-year old scopes with no provision for firmware upgrades at all.
Otherwise, putting your equipment - and more generally speaking your LAN - behind a decent firewall is a rather common, and rather safe thing to do. You can even set up sub-LANs for different categories of machines so they don't all have access to the same things. It's not rocket science.
-
Most are probably not very secure, but who is going to put resources in developing malware for such a specialised piece of equipment?
Well, someone did put resourses into the Stuxnet malware, targeting even more specialized piece of equipment. :-X
https://en.wikipedia.org/wiki/Stuxnet (https://en.wikipedia.org/wiki/Stuxnet)
-
I can't really imagine why you'd want to connect an oscilloscope to the internet, normally. The whole reason that I bought myself an o-scope as a full unit and not a plug-in USB one is because I like to be able to run it without having to turn on a PC and router. Yes, copying images or data filess off a scope can be useful, but this can be done over USB with no need for networking.
One thing I can be fairly confident of, even if malware specially written fro an o-scope somehow gets on to an o-scope, then unless the scope was abysmally porly designed malware should NOT be able to cause the scope to sustain physical damage to itself or cause physical damage to other devices. A scope should not be able to blow itself, or anything connected t it, simply as a consequence of what the software on it is doing. Atleast you'd hope that, you'd think scope manufacturers would have a few layers of non-rewritable firmware and physical circuitry between the fundamental electronics and the level at which smart network related stuff runs, and you'd think any fuses and other safety devices should be fully able to prevent whatever evils some piece of software wished to inflict.
-
If you’re really concerned, read about routers, buy a good one, then implement as much LAN level security as you want. VLANs, password, subnets etc.
But don’t give the router password out !
-
Most are probably not very secure, but who is going to put resources in developing malware for such a specialised piece of equipment?
Well, someone did put resourses into the Stuxnet malware, targeting even more specialized piece of equipment. :-X
https://en.wikipedia.org/wiki/Stuxnet (https://en.wikipedia.org/wiki/Stuxnet)
That was a different case. The PLCs are used industry wide for a lot of applications. From Kuka's to Fans, and in this case centrifuges for Uranium enrichment.
To be sincere, a very smart attack vector I must say. Unfortunately it propagated to other industries and energy producing operators.
An Oscilloscope although also widely use their consequences in other equipments are minimal, and probably only on the "scope" (pun intended) of wrong measurements.
-
i want to ask how secure/safe are modem day oscilloscopes??
Zero. They make no attempt to be secure against any attack vector. You should assume that it is your responsibility to control access to the oscilloscope both physically as well as over any network interfaces, and that there is no "safe" way to give someone partial access while preventing them from getting full access.
Even if an instrument has the ability to implement user accounts and permissions, you should basically assume those are administrative conveniences and not intended to protect against a malicious actor.
If your co-worker is the malicious actor and needs access to the instrument then probably you need to have a chat with HR.
-
Like any other device, if it doesn't need internet access, set it up in it's own VLAN or block all external traffic to/from it.
-
The best thing is to wrap the oscilloscope in tin foil. Problem solved.
Yes, good advice.
If you think your oscilloscope is watching you, just place a cover over the screen when not in use.
-
I can't really imagine why you'd want to connect an oscilloscope to the internet, normally.
You do not connect oscilloscopes or other Test equipment to the internet, you connect to LAN to make use of network commands to control them, to use software like Keysight Benchvue,etc. It is just happens that the LAN itself may become accessible from the internet.
-
Yep as others have said. Test equipment is not really secure at all, but at the same time is so rare that nobody bothers to develop exploits/malware for it.
There are some notable exceptions of osciloscopes, spectrum analyzers etc.. that run Windows XP and similar under the hood and can't be upgraded to anything newer since the computer inside is underpowered or the software/drivers would never run on anything more modern. You do want to keep those off a network.
But when it comes to just regular scopes that use a proprietary OS under the hood, they get security by obscurity. You generally don't expose there open ports out to the internet so people can't connect to it and they never really connect out into the internet on there own, so there is no real way to talk to it from the internet. It is mostly just other machines on your LAN that can talk to it.
So yes anyone that can see your scope on the LAN can send commands to it, but i don't see the reason to do so apart from perhaps playing a prank on someone. Viruses won't use oscilloscopes as a replication method on a LAN because they are too rare for the exploit development to be worth it (they target other PCs or routers or IOT crap etc..).
So yeah if you are worried about a coworker tampering with your scope over the network then have your equipment inside its own VLAN area. Or more simply just buy another network card and plug your scope directly into your PC rather than a network.
-
Yep as others have said. Test equipment is not really secure at all, but at the same time is so rare that nobody bothers to develop exploits/malware for it.
There are some notable exceptions of osciloscopes, spectrum analyzers etc.. that run Windows XP and similar under the hood and can't be upgraded to anything newer since the computer inside is underpowered or the software/drivers would never run on anything more modern. You do want to keep those off a network.
Pretty much any benchtop test equipment with a network port is running some widely used commercial OS. High end equipment indeed often has the embedded version of windows XP/Vista/7, but if it doesn't use that it will have WinCE, VxWorks, or some linux flavor. At the low end you will find some microcontrollers running FreeRTOS and lwIP or maybe even a wiznet ip stack, but in my experience that is the exception. Low power or cheap test equipment that uses small microcontrollers generally use USB rather than ethernet.
But when it comes to just regular scopes that use a proprietary OS under the hood, they get security by obscurity.
"Proprietary" operating systems basically don't exist any more. There are like 6 operating systems that anyone uses in anything and you should assume that active network exploits exist for all of them. Just become nobody intends to infect your LCR meter with a virus doesn't mean it won't happen. And even if the instrument hast mostly read only storage and won't be tremendously negatively infected by an attack doesn't mean that it won't then be used to exploit other devices on the network. Keep in mind that vxi11 is just sun RPC and most ethernet connected instruments have some sort of web server built in too. These are common enough to get caught up in a lot of vulnerability scanners.