There is the very real risk that in future software updates all the 'bonus' features will disappear. Only you can decide if you want to take that risk.
So if I bought a rigol mso5000 in next week, can it then be hacked?
Sorry I am asking, it's because I am a noob and all those 22 pages of informations and comments confuse me.
There is the very real risk that in future software updates all the 'bonus' features will disappear. Only you can decide if you want to take that risk.
These annoying bug will force you to install further updates.
These annoying bug will force you to install further updates.
We now know so much about the MSO5000 that whatever Rigol does will be re-hacked in a hours.
(and nobody is *forcing* you to install updates)
I'm not sure why Rigol changed the password. The new password was obviously weak and if they want to keep people out they could just disable shell access completely (there's no reason to enable it, it's not useful to anybody except hackers).
I think they just didn't want it to be root/root to avoid basic IOT malware scanners.
He ( and I ) remain unconvinced that Rigol are deliberately making their devices 'hackable'. Its just they dont' know how to secure them properly.
I'm not sure why Rigol changed the password. The new password was obviously weak and if they want to keep people out they could just disable shell access completely (there's no reason to enable it, it's not useful to anybody except hackers).
I think they just didn't want it to be root/root to avoid basic IOT malware scanners.
I had an interesting chat ( face to face ) with another eevblog member last week ( who is well known and respected ) about the entire rigol thing. He ( and I ) remain unconvinced that Rigol are deliberately making their devices 'hackable'. Its just they dont' know how to secure them properly. Not suprizingly, so many 'devices' these days that are network attached, are just so insecure.. The IoT will be the finish of us all!
He ( and I ) remain unconvinced that Rigol are deliberately making their devices 'hackable'. Its just they dont' know how to secure them properly.
Complete bollocks.
Even the cheapo DS1000Z line can't be hacked easily once you get above the base model (eg. the DS1074Z Plus)
In the new 5000/7000 models? Xilinx secure boot is hardly a secret, they freely document it on their web site.
Whatever the reasons are, it's not incompetence.
These annoying bug will force you to install further updates.
The trick is not to install them two seconds after they're released.
Wait a few days until other people have done it.
He ( and I ) remain unconvinced that Rigol are deliberately making their devices 'hackable'. Its just they dont' know how to secure them properly.
Complete bollocks.
Even the cheapo DS1000Z line can't be hacked easily once you get above the base model (eg. the DS1074Z Plus)
In the new 5000/7000 models? Xilinx secure boot is hardly a secret, they freely document it on their web site.
Whatever the reasons are, it's not incompetence.
But secure-boot is hard and expensive. Getting the fuses set is something (I guess) will have to be done by xilinx in the factory, which is an extra service, not cheap.
Understanding how it all works and comes together, is also; not for the fait of heart.
But secure-boot is hard and expensive. Getting the fuses set is something (I guess) will have to be done by xilinx in the factory, which is an extra service, not cheap.This is BS. No extra service is needed, everything can be done via JTAG just like regular programming/configuration.
Understanding how it all works and comes together, is also; not for the faint of heart.Reading documentation is all it takes. But even if we suppose they are somehow too stupid to figure it out (yet somehow manage a several orders of magnitude more complicated task of designing an actual system in FPGAs), they could always enlist Xilinx FE to help them out.
I suggest you stop projecting. They clearly can read documentation, and I'm 99,(9)% sure they leave devices open on purpose.
Rather than incompetence, it could just be laziness, or not enough time. The engineer just does the bare minimum that the manager asks.
The manager finds on the net that you can log in with root/root and hack the scope, he asks the engineer to fix it ASAP. 5 minutes later he tries again to log in, he gets an error message, he is happy. Everyone is happy. Problem solved.
Rather than incompetence, it could just be laziness, or not enough time. The engineer just does the bare minimum that the manager asks.
The manager finds on the net that you can log in with root/root and hack the scope, he asks the engineer to fix it ASAP. 5 minutes later he tries again to log in, he gets an error message, he is happy. Everyone is happy. Problem solved.
Rather than incompetence, it could just be laziness, or not enough time. The engineer just does the bare minimum that the manager asks.
The manager finds on the net that you can log in with root/root and hack the scope, he asks the engineer to fix it ASAP. 5 minutes later he tries again to log in, he gets an error message, he is happy. Everyone is happy. Problem solved.I think it boils down to the Chinese mentality of making a product just good enough to ship.
Security is a very complex issue, and needs some imaginitive thinking (something that is very rare in China due to the educational system), to consider and pre-empt possible entry points.
You can put the best lock in the world on the front door but that's no good if you can open a window with screwdriver.
FPGA systems and tools are very complex, and so is Linux, and the designers need to have a far better grasp on it all to make it secure, than they do to ship a working product.
Firmware 01.01.03.05 Patch Notes:
- Incorporated all security features/approaches discussed on eevblog forums (thnx u)
Maybe I misunderstood the topic of this thread. I thought we were trying to hack the MSO5000, not advise Rigol on how to make it unhackableCode: [Select]Firmware 01.01.03.05 Patch Notes:
- Incorporated all security features/approaches discussed on eevblog forums (thnx u)
Somebody asked me to post a photo of my 'system information' screen.
Rather than incompetence, it could just be laziness, or not enough time. The engineer just does the bare minimum that the manager asks.
The manager finds on the net that you can log in with root/root and hack the scope, he asks the engineer to fix it ASAP. 5 minutes later he tries again to log in, he gets an error message, he is happy. Everyone is happy. Problem solved.