SECurity FUNdamentals

Compliant Yet Vulnerable: Critical Risks of Measuring Instruments in Production Line

Virtual October 22, 2020 10:10 am - 10:50 am Feedback     

Bookmark and Share

Philippe Lin
Shin Li

In this talk, we are going to review the LAN eXtensions for Instrumentation (LXI), a common protocol among testing and measuring devices. Most legacy wired protocols function on the assumption that they are interconnected in a closed, trusted, secure network. However, once connected to the internet this assumption is no longer true. LXI is one such protocol. It is used in important infrastructure and is the standard for test and measuring instruments to interoperate over Ethernet, labs, wafer fabrications, and PCB manufacturing, to name a few. Should adversaries alter test and measuring instrument readings, production failure rate can drastically increase, among other heavy consequences. To review the security of this protocol, we inspected devices found on Shodan and designed a simulated close-loop scenario that leads to burning a UUT in a lab. Our research and talk also delves into the LXI consortium’s latest draft to discuss securing the protocol. Additional reasons on why the study is important and what can attendees put into practice: The LXI standard was proposed in 2005. At present, it is gradually replacing GPIB and was adopted by all leading vendors in the industry. As a widely used and prominent protocol, reviewing its security is important. Its capability to connect multi-vendor devices inside a lab with a unified language makes it a lucrative target for hackers. In addition, like all legacy protocols, its lacking authentication can lead to security risks. These risks can affect a wide range of environments, since measuring instruments are needed not only in university labs but also in production lines and wafer manufacturers. Its lack of authentication and data integrity for one begets risks similar to an unsecured factory. Even though the cybersecurity industry is experienced in securing a legacy protocol, there is still a need to make devices owners, protocol designers, and respected colleagues in the industry aware of the risks we discuss. After all, impacted devices are expected to be of use in their industries with their decade-long operational lifespan.