The Rigol 1054 is one of the most popular scopes in the DIY space. It's brilliant for the price of ~£370. And it's wide open at the back too. No authentication at all, helped along with automatic DHCP so all one need do is to shove a network cable up it's ass and it's on line.
You get full remote control of the scope, as well as total access to the sampling data. So you can read the wave forms from my little circuits. Great! The real issue is that this is a powered and networked computer with no sign on whatsoever. It may already be the case that it can be made to execute code remotely, due to some bug in the LXI command interface. What if you then can load malware onto it via Ethernet? Could you simply brick it for a bit of fun, or use it as a clandestine staging post for further exploits? Stuxnet-LXI perchance?
My nightmare is that my oscilloscope might be taken over and connect with my on-line wine chiller...
Biting the hand that feeds IT
