Full Disclosure mailing list archives

Re: Viral infection via Serial Cable


From: James Tucker <jftucker () gmail com>
Date: Mon, 30 Aug 2004 22:24:51 +0100

I might also suggest that it is likely (although not guaranteed, maybe
ask the manufacturer) that the application will put a full lock on the
RS232 comms, and as such, a virus could only transfer data to the OS /
program if the lock was removed (program was closed).

As for viral infections via this route in more general terms, anyone
ever tried hacking a serial port thats not running an app on the other
end? Good luck hacking the black hole of a dead end.

Of course it would be quite amusing now if a virus was written to
break in there, a DoS caused by a CAD/CAM laser burn down of the
building :S

If the software can run over the network, and that is why you are
considering using the NIC then you might consider using the IPSec
settings to close all ports except the one used by the cutting
application.

I would not recommend installing updates or software, as it is likely
that the machine is built for stability, changes may alter that
stability too (as is typical with such software in my experience).


On Mon, 30 Aug 2004 14:54:14 -0400, Über GuidoZ <uberguidoz () gmail com> wrote:
Very interesting situation. To be honest I've never tried to
experiment with such a setting in a virus lab, however I do know that
viruses can travel via any electronic means of communication. Back
before RJ-45 jacks were used much, NICs had serial or BNC plugs
instead. Viruses traversed through them just like they do today.

It completely depends on the communication setup I suppose. Granted, I
doubt your everyday worm would be able to make the jump via
specialized instructions to the serial outlet, however if something
was programed to do such a thing, I'm sure it's possible.

If it's just connected to the LAN as a PC, then you have a lot more to
worry about obviously. (Depending on the network protocol, there may
be little limitations at all.) Are you able to update this Windows
2000 install? Is it extremely customized for this laser, or does the
laser software just work on Windows?

~G

On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg


<gruneberg () absamail co za> wrote:
Hi all

OK - here is a basic question - sorry if this is totally clueless.

I have a client who runs a heavy engineering shop.  To date all his
computerised punches and bend breaks etc. have been driven via a windows CAD
workstation talking to them on a serial cable - basically a data dump to the
machine which runs a modified dos based OS.

So he buys a new sheet metal laser cutter and they bring the system online
whilst I'm busy throwing shielded cabling for serial comms to the new
machine - lo and behold the system boots to windows 2000 (the concept of a
high powered laser metal cutting device driven by windows is another
conversation entirely...)

So I have a closer look at the beast and it is basically a pc built into a
very large machine - has all the usual LAN / USB etc.  The system even comes
pre-installed with Norton AV.  We (read me) make a management decision not
to park said machine on the LAN (concept of disgruntled employee and said
laser)  also the data suite that talks to the laser is now windows based and
not an old dos prompt data suite to the older machines.

So the question is, is a pc / machine connected to another pc via serial
cable only using specialised windows software to move data to the machine at
all vulnerable to viruses?  Can they transmit themselves across a serial
cable?

Jean

---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



--
Peace. ~G



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: