LabVIEW

I haven't personally seen a virus that was written in G.

However, I do recall someone interested in writing a keylogger,

which I assume was probably for some type of spyware,

but I like to give people the benefit of the doubt

I have followed others who's code could qualify as "malware", but haven't seen any "virii" written in G. Most viruses and other malware tend to be pretty small "executable" type pieces of code that insert themselves (a la "virus") into other code, or disguise themselves as something other than what they are. Since LabVIEW exe's require the runtime engine to be installed, the targets would be pretty limited, one of the reasons that Apple OS based systems have been fairly free of malware. If someone is making the effort you go after the target rich environment. I would think that a G based malware would have to have a specific, and probably limited, target in mind, and this would be a case where writing it in G would be a lot harder than in C/C++, Java, etc. I hope no one makes me a liar and releases GbotX into the world!

Putnam
Certified LabVIEW Developer

Senior Test Engineer North Shore Technology, Inc.
Currently using LV 2012-LabVIEW 2018, RT8.5


LabVIEW Champion

---

I believe that it's possible to find a G-virus one day if the cyberwarfare escalates. But we need to start from the stuxnet, not the common script-kiddy virus. So an estimated effort of 5-10 developers for 6 month (estimate by anti-virus companies). Also we need to consider that it won't be plain G but the initial spread would be using 0-day exploits of win/Flash/.NET/whatever is installed everywhere. Just on the target it would attack via G like stuxnet did with the Step7 rootkit.

A second interesting theory on stuxnet's developement is, it might have been a military-strategic attack. So in a first step, they did reconaissance before the attack. Not the script-kiddy that is daily watching how many spam bot's are already in the wild.

If an operation is carried out with this ressources, then I really know enough security holes in the LabVIEW IDE to imagine such a virus.

But as said before, it won't be plain G. And it would need military/intelligence resources (and those guys are able to just bomb you when your firewall is strong enough).

Felix

Well written, Felix.  I think your analysis is correct.  A possibility could certainly be something similar to Stuxnet (GNet?), where it spreads/multiplies using non-G code, but then attacks end-points using G.  Something like that could potentially deal a blow to a government/military/research institution who use a lot of NI hardware/software (e.g NASA). 

I think that the openness of the engineering/scientist community also puts us in danger.  By nature, we like to help each other.  We share code like crazy, and often blindly trust each other.  That certainly leaves us vulnerable to the likes of Stuxnet.  Thankfully, we have our IT department to force security on us and keep us "safe". 

I think that the openness of the engineering/scientist community also puts us in danger.  By nature, we like to help each other.  We share code like crazy, and often blindly trust each other.

Put it other way round.

Technically: The most reliable security (software) is Open Source. The german computer magazine ct did hack several 'USB high-security' sticks just because their 'secret' random number generator was flawed...

Politically/Ethically: We are nice guys. Of course we are the guys that can make devastating weapons of all kind. But most of our society are peaceful. Think of:

Max Born Percy W. Bridgman Albert Einstein Leopold Infeld Frederic Joliot-Curie ...

and many others (Pauling got the Nobel Peace Prize!).

Felix

---

@f. Schubert wrote:

I think that the openness of the engineering/scientist community also puts us in danger.  By nature, we like to help each other.  We share code like crazy, and often blindly trust each other.

 

Put it other way round.

Technically: The most reliable security (software) is Open Source. The german computer magazine ct did hack several 'USB high-security' sticks just because their 'secret' random number generator was flawed...

Politically/Ethically: We are nice guys. Of course we are the guys that can make devastating weapons of all kind. But most of our society are peaceful. Think of:

Max Born Percy W. Bridgman Albert Einstein Leopold Infeld Frederic Joliot-Curie Herman J. Muller Lin...

and many others (Pauling got the Nobel Peace Prize!).

 

Felix

 

---

Nobel mde his money from inventing TNT.

Many of my customers are military and they are well aware of the threat and the measures they have taken are ... more than adequit.

The critical networks aren't in anyway connected to the outside the world and there are shoes involved in geting anything into the network.

And if you have ever wondered why you seldom hear that I am using Open source ...

Ben

Iran's critical networks were probably also not connected to anything in the outside world.  This was certainly "more than adequate" until Stuxnet was carried right in their front door on thumbdrives.  Just an example. 

---

@josborne wrote:

Iran's critical networks were probably also not connected to anything in the outside world.  This was certainly "more than adequate" until Stuxnet was carried right in their front door on thumbdrives.  Just an example. 

 

 

---

After I get past the first set of guards with machine guns and they have confirmed my visit, I can park my car and start emptying stuff out of my pockets... Cell phones, thumb dirves... before I go to the next set of guards that search everything.

If it does not fit into my head then it does not get in. And that is for the non-confidetial stuff.

Ben

I never worked for a military customer, but it sounds kind of difficult to get any work done if you can't bring a laptop onsite.