Author Topic: Siglent SDS1104X-E and SDS1204X-E Mixed Signal Oscilloscopes  (Read 157278 times)

0 Members and 2 Guests are viewing this topic.

Offline technogeeky

  • Frequent Contributor
  • **
  • Posts: 538
  • Country: us
  • Older New "New Player" Player Playa'
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #50 on: September 28, 2017, 08:32:20 am »
:-DD

the racism and comments about the security of optional features that nobody in this thread could have possibly evaluated

 :-DD
Racism? What racism? That doesn't seem to make sense.

While probably technically true that the security features have not been evaluated, it also pretty much fully irrelevant. Networked devices have a terrible track record when it comes to network security and there is no reason this device would be different. I will eat my words when Siglent announces 15, 10 or even 5 years of regular security updates for it, but I don't think anyone will be holding his breath. Unless the law starts dictating that the software and associated updates are as much part of a device as the hardware is, the situation is unlikely to improve.

The racism quote wasn't about you, don't worry.
 

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 5923
  • Country: us
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #51 on: September 28, 2017, 08:54:22 am »
A piece of test equipment has no place on an insecure network so security isn't necessary. Worse, it will probably in the way of regular use anyway. Imagine having to access a scope using SSH from a piece of software  :scared: The overhead alone is going to be a problem and how are lab technicians going to troubleshoot network problems? So in reality test equipment is always on local networks which are not accessible from the outside.
You're not understanding the problem. This type of hardware may very well make the network insecure, rather than it being put on an insecure network. We'll have to see how that effectively works out, but history isn't painting a pretty picture. Also, let's not be naive. These scopes will at least in part end up in places with little to no IT support. They shouldn't be a risk to the local network, period. That means it needs properly developed and tested software, which gets updated on a regular basis. It will be interesting to see if and how Siglent deals with that part.

Well, let's just watch for a few years and see what happens.

I can't figure out WHY I would poke a hole in my firewall to allow access from the Internet.  I might even create a subnet for testing and make sure the NAT feature doesn't translate it.

Or, more likely, I won't even bother to connect the network cable.  As a simple user, I see no utility in networking test equipment.  It's not like I need automation.

Others will have to deal with this security problem as they see fit.  I have my solution!  Don't plug in the cable...
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 16838
  • Country: nl
    • NCT Developments
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #52 on: September 28, 2017, 04:09:48 pm »
A piece of test equipment has no place on an insecure network so security isn't necessary. Worse, it will probably in the way of regular use anyway. Imagine having to access a scope using SSH from a piece of software  :scared: The overhead alone is going to be a problem and how are lab technicians going to troubleshoot network problems? So in reality test equipment is always on local networks which are not accessible from the outside.
You're not understanding the problem. This type of hardware may very well make the network insecure, rather than it being put on an insecure network. We'll have to see how that effectively works out, but history isn't painting a pretty picture. Also, let's not be naive. These scopes will at least in part end up in places with little to no IT support. They shouldn't be a risk to the local network, period.
And how exactly does a piece of test equipment becomes a risk to the network? I don't see this happening in any realistic scenario unless it is 'infected' at the factory.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 6641
  • Country: 00
  • Display aficionado
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #53 on: September 28, 2017, 05:11:12 pm »
And how exactly does a piece of test equipment becomes a risk to the network? I don't see this happening in any realistic scenario unless it is 'infected' at the factory.
Why do you think that? It just needs a vulnerability like many simple networked devices have, in no small part because these devices are rarely conceived with security in mind. The device gets compromised through wifi, the network itself or USB. After an attacker gains a foothold, he can work to compromise the rest of the network. Once you're in, traversing the network is a lot easier. It also allows for more complex attacks, where a temporary compromise elsewhere gets turned into a permanent foothold within the network. This isn't theoretical either, but has become a real life everyday threat.

Quote
Or, as John Pironti, president of IP Architects puts it, "A lot of adversaries, and a lot of people who are looking at this problem, aren't looking at it as 'let me go and attack your toaster': they're looking at it as 'let me attack your toaster to use it as a way to get into the rest of your network'."

http://www.zdnet.com/article/the-rise-of-iot-hacking-new-dangers-new-solutions/
« Last Edit: September 28, 2017, 05:14:48 pm by Mr. Scram »
 

Offline Gabri74

  • Regular Contributor
  • *
  • Posts: 87
  • Country: it
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #54 on: September 28, 2017, 05:40:44 pm »
That sounds horrible. Unless there is fast and effective support for any bugs and security flaws found for the next 10-15 years, which there inevitably won't be, it sounds like a huge security liability. Companies just don't seem to learn that hooking things up to the internet is the easy part. It's effectively supporting it and making sure things are safe that's the hard part. Having a botnet running on your oscilloscope isn't much fun, having it being an entry point for further compromise is even worse.

You know what they say: the "S" in IoT stands for security.

Been at a client laboratory recently... several Lecroy top-notch scopes (the ones you are scared to death to stumble on the probes and have to sell your home to pay it back)... Windows 7.... connected to the Company Windows Domain.... about 15 minutes (not kidding!) to boot up... antivirus installed.....   man.... the pain...
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 14843
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #55 on: September 28, 2017, 05:43:49 pm »
It might seem Mr Scram might not be happy with any equipment that offers any kind of remote connectivity.  :-//
USB, LAN, WiFi are all here to stay so the only grace is that Siglent run Linux OS on their gear.

From the Cn website, a look at the web server, DSO control from PC browser:

Avid Rabid Hobbyist
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #56 on: September 28, 2017, 05:56:40 pm »
Having a WiFi interface is not inherently worse than having an Ethernet interface, which nowadays we consider a given.

There are risks with any software that can be accessed through a network and, indeed, models will be eventually phased out, turning them into sitting ducks. Just have a look at all the perfectly functional gear out there based on Windows. I dare you to connect and old Agilent or LeCroy oscilloscope, based on Windows, to a more or less open university network. But more than a risk to the whole network it's a risk to the instrument itself. If the software gets corrupted you might end up with an expensive door stop.

There has been a lot of publicity about the risks of the Internet of Things, but the risk itself depends on the application. Right now the worst culprits, for example, are web accessible cameras that have become bots used in denial of service attacks. That is indeed a risk to your network because it can saturate your Internet connection. And of course a hacked camera can be used as an entry point to explore your whole network and look for other targets.

But web cameras and, in general, sensors, are generally conceived so that you will access them from a remote location. The user of such a device will often define a NAT mapping in order to be able to access a builtin web server from a remote location. And that is certainly a security risk. There have been serious incidents and there will be lots more.

However, is this a likely scenario with a device such an oscilloscope? I don't think so. Of course it can be convenient to monitor an experiment from home. But I don't think it will be such a frequent usage. So, the risk is not the same.

Thanks to the scarcity of IPv4 addresses most Internet connections are configured with NAT (network address translation) which turns the router into a de facto firewall. None of the devices you plug inside your network can be accessed from the outside unless you explicitly set up a mapping in your router. With IPv6 and no NAT this will change radically and routers will need an explicit firewall functionality. Fortunately IPv6 address spaces are so large, it will be impractical to scan address ranges in order to discover vulnerable devices. I've been using IPv6 at home for a year now and I have set up a packet capture for the parts of my address space I am not using (a /48 network). I am still to see a single packet, let alone a scan, directed to my network, while the IPv4 addresses get hit several times per hour.

So, is it worse with WiFi? I don't think so. Moreover, WiFi access points make it easier to segment your network than network switches. On most you can create several SSIDs and you donĀ“t need to bother with assigning ports one by one to different VLANs (which can be a bothersome chore in a network switch). Also you can configure many access points so that wireless users can't contact each other, reducing the probability of "propagation" of an "infection" from one device to another.

In short: what I would suggest to manufacturers is to provide a way to disable all forms of connectivity in the instruments. Not just WiFi, but Ethernet and/or USB. That will be useful in student labs where you want to minimize risks. Those "security" preferences should be protected by some sort of admin password, so that a user won't be able to use the network ports of an instrument without permission.

 

Offline MrW0lf

  • Frequent Contributor
  • **
  • Posts: 921
  • Country: ee
    • lab!fyi
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #57 on: September 28, 2017, 06:11:01 pm »
Having a WiFi interface is not inherently worse than having an Ethernet interface, which nowadays we consider a given.

:clap:
https://www.hacker9.com/hack-public-wifi-hotspots-cracking-passwords.html

Overall, anytime you feel that made network (esp. wireless) or installation secure just watch some
https://www.youtube.com/user/DEFCONConference
videos, feeling will pass ::)
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #58 on: September 28, 2017, 06:22:08 pm »
Having a WiFi interface is not inherently worse than having an Ethernet interface, which nowadays we consider a given.

:clap:
https://www.hacker9.com/hack-public-wifi-hotspots-cracking-passwords.html

Overall, anytime you feel that made network (esp. wireless) or installation secure just watch some
https://www.youtube.com/user/DEFCONConference
videos, feeling will pass ::)
Again, mixing risks.

The worst "IoT" security risks come from random abuse by people who could be at any distance. I am talking about the classical abuses of web based cameras, etc. WiFi won't make a difference here.

Regarding WPA2 (the rest of the WiFi encryption protocols are insecure) you need a lot of resources to crack a good WiFi password. Of course, any encryption system is inherently vulnerable to brute force attacks or even random luck. But cracking a good WPA2 password is impractical. WiFi networks are being abused largely thanks to WEP and WPS.

Nevertheless, what are we talking about? I said that having a wireless interface in an oscilloscope is not inherently worse than having an Ethernet interface. Or is it worse to have it in your oscilloscope than having it in a computer/tablet/phone?

 

Offline MrW0lf

  • Frequent Contributor
  • **
  • Posts: 921
  • Country: ee
    • lab!fyi
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #59 on: September 28, 2017, 06:31:10 pm »
Nevertheless, what are we talking about? I said that having a wireless interface in an oscilloscope is not inherently worse than having an Ethernet interface. Or is it worse to have it in your oscilloscope than having it in a computer/tablet/phone?

It actually is worse. Because if get enabled for any reason (user error, firmware bug, (timed) firmware exploit, ...) it will be there to probe. However disconnected LAN cable is just that - disconnected cable and will require physical security breach to compromise.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 6641
  • Country: 00
  • Display aficionado
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #60 on: September 28, 2017, 06:32:10 pm »
It might seem Mr Scram might not be happy with any equipment that offers any kind of remote connectivity.  :-//
USB, LAN, WiFi are all here to stay so the only grace is that Siglent run Linux OS on their gear.

From the Cn website, a look at the web server, DSO control from PC browser:


Let's not be like that. We both know that networking capabilities get literally put in everything and the kitchen sink nowadays and that security is almost all cases is, at best, an afterthought. It's only fair to be wary in this case, as even big brand names often get it wrong and in ways that cause serious problems. Add to that the conclusion that the more well known Chinese test gear manufacturers don't have a stellar record when it comes to firmware updates.

If Siglent shows a commitment to providing properly developed and well maintained software, I certainly wouldn't mind as much. Communicating how long the device will be supported wouldn't hurt either. That's all.

Again, mixing risks.

The worst "IoT" security risks come from random abuse by people who could be at any distance. I am talking about the classical abuses of web based cameras, etc. WiFi won't make a difference here.

Regarding WPA2 (the rest of the WiFi encryption protocols are insecure) you need a lot of resources to crack a good WiFi password. Of course, any encryption system is inherently vulnerable to brute force attacks or even random luck. But cracking a good WPA2 password is impractical. WiFi networks are being abused largely thanks to WEP and WPS.

Nevertheless, what are we talking about? I said that having a wireless interface in an oscilloscope is not inherently worse than having an Ethernet interface. Or is it worse to have it in your oscilloscope than having it in a computer/tablet/phone?
Computer software certainly is much better maintained than that of simpler networked devices. Phone software sometimes is, although a lot of manufacturers are just as bad as the IoT folks. I've seen all phone support being dropped within 6 months of release, which meant users were vulnerable to known issues within a year of purchase without recourse.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 14843
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #61 on: September 28, 2017, 06:36:18 pm »
I said that having a wireless interface in an oscilloscope is not inherently worse than having an Ethernet interface. Or is it worse to have it in your oscilloscope than having it in a computer/tablet/phone?
Exactly, no worse than any other device.
For this unit both LAN and WiFi can be enabled/disabled OR unplugged.

Bit different to a USB scope where you have to have connectivity to another device in order just to use it.  ::)
Avid Rabid Hobbyist
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #62 on: September 28, 2017, 06:36:45 pm »
Nevertheless, what are we talking about? I said that having a wireless interface in an oscilloscope is not inherently worse than having an Ethernet interface. Or is it worse to have it in your oscilloscope than having it in a computer/tablet/phone?

It actually is worse. Because if get enabled for any reason (user error, firmware bug, (timed) firmware exploit, ...) it will be there to probe. However disconnected LAN cable is just that - disconnected cable and will require physical security breach to compromise.
That's true. Anyway in this particular case it's a USB dongle that you can disconnect as well.

And, again, wireless based attacks are necessarily local in scope and risky. More and more equipment manufacturers are incorporating security measures that can promptly detect such an attack attempt, which makes it risky.

 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #63 on: September 28, 2017, 06:38:04 pm »
Bit different to a USB scope where you have to have connectivity to another device in order just to use it.  ::)
Yes, a Windows based computer, which is extremely unlikely to be compromised with at least a piece of remotely controlled malware.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 6641
  • Country: 00
  • Display aficionado
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #64 on: September 28, 2017, 06:52:11 pm »
That's true. Anyway in this particular case it's a USB dongle that you can disconnect as well.

And, again, wireless based attacks are necessarily local in scope and risky. More and more equipment manufacturers are incorporating security measures that can promptly detect such an attack attempt, which makes it risky.
I gather the device will retain the network key, even when not connected over wifi.

In any case, this has turned into a much larger discussion than intended. Let's just say that a lot of us hope that manufacturers take networking security serious, instead of it being an afterthought. Siglent can show us how things should be done here.
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #65 on: September 28, 2017, 07:00:35 pm »
In any case, this has turned into a much larger discussion than intended. Let's just say that a lot of us hope that manufacturers take networking security serious, instead of it being an afterthought. Siglent can show us how things should be done here.
I'm afraid that won't happen. Security is very hard. And their priority will be to offer functionality.

Have you tried connecting any instrument to a network and feeding it nonsense? (Parameters out of range, strings that are too long, etc?). You are likely to make them crash. And that means there's a potential buffer overflow vulnerability there waiting to be abused.

There is a fundamental problem in the way we program and the architecture of our processors. Unless those problems are really addressed (and that's an extremely hard problem to tackle) even the best designed software will have vulnerabilities, period.

Anyway, for equipment not designed to be serving on the Internet, intended instead to be connected to small, restricted networks, the risk is not so large. And the local wireless attacks discussed by MrW0lf's are likely to be experienced only by high value targets, if any.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 14843
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #66 on: September 28, 2017, 07:17:08 pm »
That's true. Anyway in this particular case it's a USB dongle that you can disconnect as well.

And, again, wireless based attacks are necessarily local in scope and risky. More and more equipment manufacturers are incorporating security measures that can promptly detect such an attack attempt, which makes it risky.
I gather the device will retain the network key, even when not connected over wifi.
"Saving" can be optional.
Avid Rabid Hobbyist
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 6641
  • Country: 00
  • Display aficionado
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #67 on: September 28, 2017, 07:32:17 pm »
I'm afraid that won't happen. Security is very hard. And their priority will be to offer functionality.

Have you tried connecting any instrument to a network and feeding it nonsense? (Parameters out of range, strings that are too long, etc?). You are likely to make them crash. And that means there's a potential buffer overflow vulnerability there waiting to be abused.

There is a fundamental problem in the way we program and the architecture of our processors. Unless those problems are really addressed (and that's an extremely hard problem to tackle) even the best designed software will have vulnerabilities, period.

Anyway, for equipment not designed to be serving on the Internet, intended instead to be connected to small, restricted networks, the risk is not so large. And the local wireless attacks discussed by MrW0lf's are likely to be experienced only by high value targets, if any.
Security is very hard to do right and you are probably right about the priorities here, which is why I'm wary and initially started the discussion. Software development isn't mature at all either, which leads to all sorts of problems, as you state correctly.

About attacks happening only to high value targets I unfortunately have to disagree. Most people think they, their hardware or their information is not valuable enough, but experience has taught us that almost everyone has something an attacker can perceive as valuable. Just the fact that a device could be in a test lab could make it a very interesting target. We've also already seen botnets comprised of IP camera's. In that case, even the feeble calculative horsepower of a tiny chip was considered a valuable enough target. In one infamous case, simply having a three letter Twitter handle was enough.

Of course, we're not even talking about issues like test results being compromised or even manipulated. There could be severe liability consequences.
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #68 on: September 28, 2017, 07:39:45 pm »
About attacks happening only to high value targets I unfortunately have to disagree. Most people think they, their hardware or their information is not valuable enough, but experience has taught us that almost everyone has something an attacker can perceive as valuable. Just the fact that a device could be in a test lab could make it a very interesting target. We've also already seen botnets comprised of IP camera's. In that case, even the feeble calculative horsepower of a tiny chip was considered a valuable enough target. In one infamous case, simply having a three letter Twitter handle was enough.
I said that the kind of local scope attacks such as sophisticated wireless network attacks (which need a lot of resources to crack passwords) are more likely to be experienced by high value targets.

Random, indiscriminated attacks are a completely different story. People suffer this attacks regardless of the local network connection medium, attackers can be anywhere in the world and often the goal of the miscreants is to obtain resources for other attacks (for example, zombies for DDoS).

The devil is in the details.

Quote
Of course, we're not even talking about issues like test results being compromised or even manipulated. There could be severe liability consequences.
Indeed, just imagine a multimeter hacked so that it will display voltages higher than, say, 25 V as low voltage noise. It could cost actual lives.
 

Offline MrW0lf

  • Frequent Contributor
  • **
  • Posts: 921
  • Country: ee
    • lab!fyi
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #69 on: September 28, 2017, 07:52:46 pm »
I said that the kind of local scope attacks such as sophisticated wireless network attacks (which need a lot of resources to crack passwords) are more likely to be experienced by high value targets.

For bored punk every WiFi he can see in flat complex is high value target :-DD

 

Offline exe

  • Supporter
  • ****
  • Posts: 1141
  • Country: nl
  • self-educated hobbyist
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #70 on: September 28, 2017, 09:31:06 pm »
I'd say protect your equipment as you never know all the possible scenarios of attacks. There might be a vulnerability (in e.g. Linux core) common to several classes of devices. And the scope can be infected "along the way"*. I can't evaluate the probability of this (perhaps, nobody can), but why put yourself into risk?

Or, if it's a university, students can do such things just for fun. Or hackers may start hunting for industrial equipment. Just think of Stuxnet.

So, keep it in DMZ with no Internet just in case :)

* I know that there might be compatibility issues. But, hey, everything is on ARM now, so that's not impossible. Or with shell scripting.

PS I work in security industry, so I can be biased :). It's also very easy to fall into "more protection is better" trap and "over-protect" your stuff.
 

Offline borjam

  • Supporter
  • ****
  • Posts: 664
  • Country: es
  • EA2EKH
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #71 on: September 28, 2017, 09:37:35 pm »
PS I work in security industry, so I can be biased :). It's also very easy to fall into "more protection is better" trap and "over-protect" your stuff.
I've just ordered the new variant. No Ethernet, radiation hardened and IP67  :-DD
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 6641
  • Country: 00
  • Display aficionado
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #72 on: October 04, 2017, 10:40:10 am »
Has this device actually been released in the Chinese domestic market? It surprises me a bit that not a single video or any other user generated information or content has been posted to the internet.
 

Online tautech

  • Super Contributor
  • ***
  • Posts: 14843
  • Country: nz
  • Taupaki Technologies Ltd. NZ Siglent Distributor
    • Taupaki Technologies Ltd.
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #73 on: October 04, 2017, 10:48:02 am »
Has this device actually been released in the Chinese domestic market? It surprises me a bit that not a single video or any other user generated information or content has been posted to the internet.
Not sure.
The one I have has only a low 2 digit SN# so maybe only enough have been made to send to beta testers and reveal at trade shows.
The factory is on hols this week so after that we'd expect some new FW and then some more further checks before it's anywhere ready for release. ATM core functionality is pretty good.
Avid Rabid Hobbyist
 

Offline stj

  • Super Contributor
  • ***
  • Posts: 2156
  • Country: gb
Re: Siglent SDS1204X-E released for domestic markets in China
« Reply #74 on: October 04, 2017, 11:25:33 am »
the chinese arent big utube addicts, they have there own streaming video hosts.
so there may be lots of stuff - you just cant see it.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf