It's nearly 2019, and your network can get pwned through an oscilloscope
Researchers find head-slapping backdoors in lab equipment
Administrators overseeing lab environments would be well advised to double-check their network setups following the disclosure of serious flaws in a line of oscilloscopes.
On Friday, SEC Consult said it had uncovered a set of high-impact vulnerabilities in electronic testing equipment made by Siglent Technologies.
In particular, the bug-hunters examined the Siglent SDS 1202X-E Digital line of Ethernet-enabled oscilloscopes and found the boxes were lacking even basic security protections.
Among the flaws found by researchers was the use of completely unauthenticated and unguarded TCP connections between the oscilloscopes and any device on the network, typically via the EasyScopeX software, and the use of unencrypted communications between the scope and other systems on the network.
"Two backdoor accounts are present on the system," the researchers explained. "A Telnet service is listening on port 23 which enables an attacker to connect as root to the oscilloscope via LAN."
As a result, anyone who had local network access would be able to get onto the device and tamper with it.
Siglent did not respond to a request for comment on the matter.
Chalk this up as yet another example of the dangers brought on by the growing market for connected internet-of-things devices.
Pong, anyone? How about Pong on a vintage oscilloscope?READ MORE
Normally, an oscilloscope would be the last thing an admin would have to worry about, however as new connectivity is bolted onto devices that traditionally operated in isolation, it is inevitable that some otherwise basic security measures will be overlooked.
Aside from the obvious dangers of allowing an attacker to use the compromised devices as a starting to point for attacks on other network devices, SEC Consult noted that someone could also use the vulnerabilities to mess with the oscilloscope's own readings - offering a handy route for sabotage.
"Any malicious modification of measurement values may have serious impact on the product or service which is created or offered by using this oscilloscope," SEC Consult said of the flaw. "Therefore, all procedures which are executed with this device are untrustworthy."
That point is particularly noteworthy as observers have noted a marked increase in industrial espionage and IP theft attacks in recent years. It is not beyond the realm of possibility that a company wanting to hamper the progress of a rival, or a state-sponsored group that wanted to disrupt R&D, would look to mess with engineering equipment of a targeted facility. ®