Since I'm often messing around with electronics near my workstation, which is 2-3 meters away from the equipment rack, I've started looking into making a remote control for my lab power supply. The thing is has LXI support, which means I can hook it up to the network and send commands to it -- both to query state and to change the state. Setting voltage and current limit, turning outputs on and off etc.
The idea was to use an ESP8266, hook up a display to it and a couple of buttons and rotary encoders, and then write some firmware for it which allows you to talk to the power supply -- setting voltage and current for the outputs, plus add support for a few other things. Perhaps not terribly useful for anyone but me, but a fun project.
While reading the documentation for the SCPI commands of the lab supply it struck me that this stuff has no security whatsoever. None. Zero. No username, no password, no standard keying scheme. You just connect and you send commands and the machine does stuff. There may be some lab equipment that has security features, but none of the stuff I have has any protection whatsoever.
Which means that in just a few lines of code, you can build a network scanner that will look for LXI-enabled devices, figure out what they are and then manipulate them. Actually, one of the open source tools for talking to LXI/SCPI enabled devices has a scanning feature for finding devices -- so figuring out how to do this is trivial.
This means that if you connect to a lab network with LXI-enabled devices, you could query a power supply to find out how much juice it can deliver on each channel and then crank up the voltage and current limits to the maximum value on every output. If you are building electronics that operate at 3.3 or 5.0 volts and have them hooked up, that would probably fry them. Perhaps you could even start a fire that way.
Or you could be more subtle and introduce small intermittent problems. Like monitoring the current draw of a device and then reduce the current limit on an output to deliver slightly less current in order to provoke erratic behavior in electronics.
I started looking for security information on LXI on the web. Not a big research project, but just a few google searches to get some feel for what's going on here.
I stumbled across a talk by a representative of some instrument manufacturer talking about this. His take was that "well, you'll have to deal with this in routers...create VLANs and deal with whitelists and packet filters etc".
Well, sure, this is lab equipment, but really? This fellow lives in la-la-land. If he thinks that this works in real life he is mistaken. If you need to get some lab equipment up quickly and perhaps log some data or remote control some gear, you'll do whatever you can to get it working and then leave it at that. You will not be having meetings with the IT department to have your network configured every time you get a new piece of gear. And if you do have a messy network setup with all manner of access control, it is going to be slow and time-consuming to make any changes. You'll be screwing over your engineers or your production staff.
I'm not so sure I want to implement a remote for my power supply now. I wouldn't want to be sitting with my nose hovering over some piece of electronics and then suddenly have stuff blow up in my face because someone decided to write malware that targets LXI enabled devices. I know myself well enough to know that I'm not going to bother setting up a separate network for my lab equipment.