Security? What security?

Since I'm often messing around with electronics near my workstation, which is 2-3 meters away from the equipment rack, I've started looking into making a remote control for my lab power supply. The thing is has LXI support, which means I can hook it up to the network and send commands to it -- both to query state and to change the state.  Setting voltage and current limit, turning outputs on and off etc.

The idea was to use an ESP8266, hook up a display to it and a couple of buttons and rotary encoders, and then write some firmware for it which allows you to talk to the power supply -- setting voltage and current for the outputs, plus add support for a few other things.  Perhaps not terribly useful for anyone but me, but a fun project.

While reading the documentation for the SCPI commands of the lab supply it struck me that this stuff has no security whatsoever.  None.  Zero.  No username, no password, no standard keying scheme. You just connect and you send commands and the machine does stuff.  There may be some lab equipment that has security features, but none of the stuff I have has any protection whatsoever.

Which means that in just a few lines of code, you can build a network scanner that will look for LXI-enabled devices, figure out what they are and then manipulate them.  Actually, one of the open source tools for talking to LXI/SCPI enabled devices has a scanning feature for finding devices -- so figuring out how to do this is trivial.

This means that if you connect to a lab network with LXI-enabled devices, you could query a power supply to find out how much juice it can deliver on each channel and then crank up the voltage and current limits to the maximum value on every output.   If you are building electronics that operate at 3.3 or 5.0 volts and have them hooked up, that would probably fry them.  Perhaps you could even start a fire that way.

Or you could be more subtle and introduce small intermittent problems.  Like monitoring the current draw of a device and then reduce the current limit on an output to deliver slightly less current in order to provoke erratic behavior in electronics.

I started looking for security information on LXI on the web.  Not a big research project, but just a few google searches to get some feel for what's going on here.

I stumbled across a talk by a representative of some instrument manufacturer talking about this.  His take was that "well, you'll have to deal with this in routers...create VLANs and deal with whitelists and packet filters etc".

Well, sure, this is lab equipment, but really?  This fellow lives in la-la-land.  If he thinks that this works in real life he is mistaken.  If you need to get some lab equipment up quickly and perhaps log some data or remote control some gear, you'll do whatever you can to get it working and then leave it at that.  You will not be having meetings with the IT department to have your network configured every time you get a new piece of gear.  And if you do have a messy network setup with all manner of access control, it is going to be slow and time-consuming to make any changes.  You'll be screwing over your engineers or your production staff.

I'm not so sure I want to implement a remote for my power supply now.  I wouldn't want to be sitting with my nose hovering over some piece of electronics and then suddenly have stuff blow up in my face because someone decided to write malware that targets LXI enabled devices.  I know myself well enough to know that I'm not going to bother setting up a separate network for my lab equipment.


  1. A gullsmed1 way to do this would be to diamond ring that she wears on a regular basis and bring it towards the gullsmed1 jewelry expert to have it calculated on the profe method. But when that is not possible, you might want to recruit certainly one of the woman's close friends or even family members whom you may trust to be discreet to drag this information from your fiancée for you personally.

  2. Have your security organization put in your agreement how they lead medicate screening and historical verifications, and ask where and how they enlist.Fast Guard Service LLC

  3. Reading something so delightful has a recuperating power for the spirit.
    paypal hack

  4. A large number of the issues that I say beneath can be ascribed to crafted by a security protect and they are likewise in-accordance with the issues of a security organization proprietor and customer.veriato360 employee monitoring software

  5. Equal surveillance cameras would bring sticker prices of over $100 greenbacks yet these cameras as of now have climate confirmation housings, infrared LEDs and remote transmitters. Cassandrah Stevens

  6. Home surveillance cameras are just the same old thing new in extensive homes and chateaus. Actually, it's nearly expected with the consistently expanding size of homes.Best Security Place

  7. I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. security camera installation

  8. In light of your inclinations and spending you could choose whether to go with either genuine or sham cameras for verifying your home or property.

  9. I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. Melbourne CCTV Systems

  10. Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading. Hikvision CCTV

  11. Gunung berapi yang meletus setiap 30 menit di depan Mirage. Keluarga dapat menontonnya dan memiliki banyak foto bersamanya
    paito vegas morning
    paito warna oregon 03
    paito warna oregon 12

  12. Great article Lot's of information to Read...Great Man Keep Posting and update to People..Thanks Hikvision

  13. This comment has been removed by the author.

  14. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. CCTV camera

  15. These may be helpful if you have no choice but to film in a dark area. Some surveillance cameras have a "night mode" that allows them to automatically switch to infrared shooting when necessary.Reolink camera support

  16. This particular papers fabulous, and My spouse and i enjoy each of the perform that you have placed into this. I’m sure that you will be making a really useful place. I has been additionally pleased. Good perform! DS-2CD2165G0

  17. It is truly a well-researched content and excellent wording. I got so engaged in this material that I couldn’t wait reading. I am impressed with your work and skill. Thanks. Best Smart Home Smoke Detectors

  18. Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained! CCTV Installers Melbourne