[Full-Disclosure] Viral infection via Serial Cable
jftucker at gmail.com
Mon Aug 30 22:24:51 BST 2004
I might also suggest that it is likely (although not guaranteed, maybe
ask the manufacturer) that the application will put a full lock on the
RS232 comms, and as such, a virus could only transfer data to the OS /
program if the lock was removed (program was closed).
As for viral infections via this route in more general terms, anyone
ever tried hacking a serial port thats not running an app on the other
end? Good luck hacking the black hole of a dead end.
Of course it would be quite amusing now if a virus was written to
break in there, a DoS caused by a CAD/CAM laser burn down of the
If the software can run over the network, and that is why you are
considering using the NIC then you might consider using the IPSec
settings to close all ports except the one used by the cutting
I would not recommend installing updates or software, as it is likely
that the machine is built for stability, changes may alter that
stability too (as is typical with such software in my experience).
On Mon, 30 Aug 2004 14:54:14 -0400, Über GuidoZ <uberguidoz at gmail.com> wrote:
> Very interesting situation. To be honest I've never tried to
> experiment with such a setting in a virus lab, however I do know that
> viruses can travel via any electronic means of communication. Back
> before RJ-45 jacks were used much, NICs had serial or BNC plugs
> instead. Viruses traversed through them just like they do today.
> It completely depends on the communication setup I suppose. Granted, I
> doubt your everyday worm would be able to make the jump via
> specialized instructions to the serial outlet, however if something
> was programed to do such a thing, I'm sure it's possible.
> If it's just connected to the LAN as a PC, then you have a lot more to
> worry about obviously. (Depending on the network protocol, there may
> be little limitations at all.) Are you able to update this Windows
> 2000 install? Is it extremely customized for this laser, or does the
> laser software just work on Windows?
> On Mon, 30 Aug 2004 19:35:25 +0200, Jean Gruneberg
> <gruneberg at absamail.co.za> wrote:
> > Hi all
> > OK - here is a basic question - sorry if this is totally clueless.
> > I have a client who runs a heavy engineering shop. To date all his
> > computerised punches and bend breaks etc. have been driven via a windows CAD
> > workstation talking to them on a serial cable - basically a data dump to the
> > machine which runs a modified dos based OS.
> > So he buys a new sheet metal laser cutter and they bring the system online
> > whilst I'm busy throwing shielded cabling for serial comms to the new
> > machine - lo and behold the system boots to windows 2000 (the concept of a
> > high powered laser metal cutting device driven by windows is another
> > conversation entirely...)
> > So I have a closer look at the beast and it is basically a pc built into a
> > very large machine - has all the usual LAN / USB etc. The system even comes
> > pre-installed with Norton AV. We (read me) make a management decision not
> > to park said machine on the LAN (concept of disgruntled employee and said
> > laser) also the data suite that talks to the laser is now windows based and
> > not an old dos prompt data suite to the older machines.
> > So the question is, is a pc / machine connected to another pc via serial
> > cable only using specialised windows software to move data to the machine at
> > all vulnerable to viruses? Can they transmit themselves across a serial
> > cable?
> > Jean
> > ---
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.744 / Virus Database: 496 - Release Date: 2004/08/24
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> Peace. ~G
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.