Blitzortung.org Forum
Device security (against hacking) - Printable Version

+- Blitzortung.org Forum (https://forum.blitzortung.org)
+-- Forum: Public Forums (https://forum.blitzortung.org/forumdisplay.php?fid=29)
+--- Forum: Hardware, Software, Lightning Physics (https://forum.blitzortung.org/forumdisplay.php?fid=30)
+--- Thread: Device security (against hacking) (/showthread.php?tid=2156)



Device security (against hacking) - Kellogs - 2017-05-12

Dear Friends,

Just a stupid question about network security before ordering a probe:

Did you implement network security against hacking the firmware?
Is firmware publicly available and Free software?

Kind regards,
Kellogs


RE: Device security (against hacking) - kevinmcc - 2017-05-13

Firmware is available to people with registered stations.

I do not believe the links are publicly available to everyone.


RE: Device security (against hacking) - allsorts - 2017-05-13

Note that the firmware is that, the compiled code that the receivers CPU runs. I'm fairly sure the source code is not available so one would have to reverse engineer the firmware to make pretty much any changes to it.

The reciever doesn't need to be visible from the internet. IMHO if you want to be able to view/configure the reciever over the internet use a VPN into the LAN where the receiver is located.

There is no seperate charge for the firmware.


RE: Device security (against hacking) - Kellogs - 2017-05-14

Hardware is from ST.com, so it is quite easy to fork a firmware using ST tools.
Is firmware upgrade protected by password in administration page?


RE: Device security (against hacking) - cutty - 2017-05-14

(2017-05-14, 12:02)Kellogs Wrote: Hardware is from ST.com, so it is quite easy to fork a firmware using ST tools.
Is firmware upgrade protected by password in administration page?

The Blitzortung operational Firmware is proprietary to Blitzortung Org, and is available only to licensed, registered operators and if it were 'forked' or stolen, there are 'cross checks' on Blitzortung server preventing unauthorized station connections. Only the registered user can access the Bitzortong server station settings, and no system will function on the network unless those are set properly. . The local Controller access is controlled by each specific operator who controls access to controller admin. When ordered the system will come with latest stable FW release installed.

Kellogs does NOT speak for or represent Blitzortung Org, developers, operators, or moderators of this forum.


RE: Device security (against hacking) - BobW - 2017-05-14

(2017-05-14, 12:02)Kellogs Wrote: Hardware is from ST.com, so it is quite easy to fork a firmware using ST tools.
Is firmware upgrade protected by password in administration page?

Hey Kellogs,


You appear really interested in the project and it's capabilities. I would suggest that you purchase and install a sensor so you can learn what goes into siting it, and the work involved with maintaining it. It's what we call "baby steps". While some of the "product" of the project is publicly visible, much of it is not. What is out there publicly isn't intended for anything other than use as a novelty.


This is the very reason that those of us that are members of the project haven't gone forward with some of the things that you have proposed in the couple of days since you have discovered Blitzortung. It's also the reason that "sponsors" should have no interest in funding any part of the project. There is nothing in it for them, and there shouldn't be. There are commercial entities that provide lightning data. We do not compete with them, and do nothing that they do, and do many things that they do not do. I happen to host a sensor for one of the commercial providers also. 

If you are interested in "filling gaps", just put "host a lightning sensor" in google or the equivalent in addition to purchasing and installing one of these.

To get back to the context of your post. While anything can be reverse engineered, there's really not much reason to hack the station firmware. There's no OS. It's function is really simple... precision timestamp, and send a sample of digitized analog waveform upon being triggered to do so by the contents of that sampled waveform. The equipment is intended to be protected from the Internet behind NAT or another firewall, so no vulnerabilities there.


RE: Device security (against hacking) - Kellogs - 2017-05-15

Thanks. I am just discovering that there are commercial networks for lightning detection. Blitzortung is really a nice project !