Security News > 2020 > January > Use of SCPI Protocol Exposes Measurement Instruments to Attacks
Measurement instruments that support the Standard Commands for Programmable Instruments protocol are exposed to hacker attacks, cybersecurity firm Trend Micro warned on Tuesday.
First released in 1990, SCPI is an ASCII-based standard designed for test and measurement devices.
SCPI includes no authentication mechanism and now that measurement devices are increasingly connected to networks and even directly to the internet, the use of the protocol can pose serious security risks.
The company conducted tests on a digital multimeter from Keysight Technologies, an important supplier of test and measurement devices, but noted that products from other vendors are likely exposed to the same types of attacks if they use SCPI. Trend Micro researchers found that the multimeter's web and other interfaces were easily accessible and were not protected by a password by default.
"Although we have taken the Keysight digital multimeter as an example , the SCPI protocol is supported by major instrument vendors," Trend Micro researchers said.