It's nearly 2019, and your network can get pwned through an oscilloscope

Researchers find head-slapping backdoors in lab equipment

Man in suit performs double facepalm, presumably after witnessing incident of great stupidity. Photo by shutterstock

Administrators overseeing lab environments would be well advised to double-check their network setups following the disclosure of serious flaws in a line of oscilloscopes.

On Friday, SEC Consult said it had uncovered a set of high-impact vulnerabilities in electronic testing equipment made by Siglent Technologies.

In particular, the bug-hunters examined the Siglent SDS 1202X-E Digital line of Ethernet-enabled oscilloscopes and found the boxes were lacking even basic security protections.

Among the flaws found by researchers was the use of completely unauthenticated and unguarded TCP connections between the oscilloscopes and any device on the network, typically via the EasyScopeX software, and the use of unencrypted communications between the scope and other systems on the network.

"Two backdoor accounts are present on the system," the researchers explained. "A Telnet service is listening on port 23 which enables an attacker to connect as root to the oscilloscope via LAN."

As a result, anyone who had local network access would be able to get onto the device and tamper with it.

Siglent did not respond to a request for comment on the matter.

Chalk this up as yet another example of the dangers brought on by the growing market for connected internet-of-things devices.

Oscilloscope Pong

Pong, anyone? How about Pong on a vintage oscilloscope?


Normally, an oscilloscope would be the last thing an admin would have to worry about, however as new connectivity is bolted onto devices that traditionally operated in isolation, it is inevitable that some otherwise basic security measures will be overlooked.

Aside from the obvious dangers of allowing an attacker to use the compromised devices as a starting to point for attacks on other network devices, SEC Consult noted that someone could also use the vulnerabilities to mess with the oscilloscope's own readings - offering a handy route for sabotage.

"Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope," SEC Consult said of the flaw. "Therefore, all procedures which are executed with this device are untrustworthy."

That point is particularly noteworthy as observers have noted a marked increase in industrial espionage and IP theft attacks in recent years. It is not beyond the realm of possibility that a company wanting to hamper the progress of a rival, or a state-sponsored group that wanted to disrupt R&D, would look to mess with engineering equipment of a targeted facility. ®

Sponsored: How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools

More from The Register

AMD underwater

Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms

Updated SEV code cracked to leak secret keys

IEEE joins the ranks of non-backdoored strong cryptography defenders

'Exceptional access' is a really bad idea, says standards-setter, but one-off malware is cool

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto
The international uniform of hackers, the hoodie

Guess who's back, back again? China's back, hacking your friends: Beijing targets American biz amid tech tariff tiff

Everything little thing Xi does is magic, everything Xi do just turns me intrusion alarms on
A mole

NPM Inc settles union-busting complaints on third try – after CEO trolled for ordering internal mole hunt

Stuffed mole toys arrive at JavaScript biz after chief exec demands to know who was talking to El Reg

SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints

How to work on encrypted data without having to decrypt it first

Hack computers to steal someone's identity in China? Why? You can just buy one from a bumpkin for, like, $3k

Black Hat Exploit an 3l33t zero-day and reverse-shell that backend DB proxy server... or simply pay this farmer off
People playing whack-a-mole game

LAPD loses job applicant details, Project Zero pokes holes in iOS, AWS S3 whack-a-mole continues, and more

Roundup Plus, Cisco patches up router pwnage vulnerability

Biting the hand that feeds IT © 1998–2019