It is a system design and development platform issued by National Instruments.

LabView liability allows hackers to control your computer

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

LabView liability allows hackers to control your computer

 

LabView liability allows hackers to control your computer. It is a system design and development platform issued by National Instruments. The software is publicly used to build applications for data acquisition, instrument control and industrial automation.

Talos security researchers have discovered a code execution vulnerability that can be triggered by opening specially crafted VI files (a file format used by LabVIEW), which allow a remote attacker to execute arbitrary code.

“The VI file format describes various systems implemented in LabVIEW. Although there is no published specification for the file format, inspecting the files shows that they contain a section named ‘RSRC’, presumably containing resource information. Modulating the values within this section of a VI file can cause a controlled looping condition resulting in an arbitrary null write. This vulnerability can be used by an attacker to create a specially crafted VI file that when opened results in the execution of code supplied by the attacker.

LabView liability allows hackers to control your computer

Security researchers have successfully tested the flaw on LabVIEW 2016 version 16.0, but National Instruments has declined to acknowledge this problem as a flaw in their product and had no intentions to publish any patch to fix the flaw.

“National Instruments does not consider that this issue constitutes a vulnerability in their product, since any .exe like file format can be modified to replace legitimate content with malicious and has declined to release a patch.”

Users are recommended to not open any VI file received via an email.

ALSO READ  Be Aware of Equifax Fake Phishing Websites

 

What is LabVIEW?

Laboratory Virtual Instrument Engineering Workbench (LabVIEW) is a system-design platform and development environment for a visual programming language from National Instruments.

The graphical language is named “G”; not to be confused with G-code. Originally released for the Apple Macintosh in 1986, LabVIEW is commonly used for data acquisitioninstrument control, and industrial automation on a variety of operating systems (OSs), including Microsoft Windows, various versions of UnixLinux, and macOS. The latest versions of LabVIEW are LabVIEW 2017 and LabVIEW NXG 1.0, released in May 2017.

Dataflow programming

The programming language used in LabVIEW, named G, is a dataflow programming language. Execution is determined by the structure of a graphical block diagram (the LabVIEW-source code) on which the programmer connects different function-nodes by drawing wires. These wires propagate variables and any node can execute as soon as all its input data become available. Since this might be the case for multiple nodes simultaneously, G can execute inherently in parallel. Multi-processing and multi-threading hardware is exploited automatically by the built-in scheduler, which multiplexes multiple OS threads over the nodes ready for execution. LabView liability allows hackers to control your computer.

Graphical programming

LabVIEW integrates the creation of user interfaces (termed front panels) into the development cycle. LabVIEW programs-subroutines are termed virtual instruments (VIs). Each VI has three components: a block diagram, a front panel, and a connector panel. The last is used to represent the VI in the block diagrams of other, calling VIs. The front panel is built using controls and indicators. Controls are inputs: they allow a user to supply information to the VI. Indicators are outputs: they indicate, or display, the results based on the inputs given to the VI. The back panel, which is a block diagram, contains the graphical source code. All of the objects placed on the front panel will appear on the back panel as terminals.

ALSO READ  TV in California interrupted with an end of the world alert

LabView liability allows hackers to control your computer.

The back panel also contains structures and functions which perform operations on controls and supply data to indicators. The structures and functions are found on the Functions palette and can be placed on the back panel. Collectively controls, indicators, structures, and functions will be referred to as nodes. Nodes are connected to one another using wires, e.g., two controls and an indicator can be wired to the addition function so that the indicator displays the sum of the two controls. Thus a virtual instrument can be run as either a program, with the front panel serving as a user interface, or, when dropped as a node onto the block diagram, the front panel defines the inputs and outputs for the node through the connector pane. This implies each VI can be easily tested before being embedded as a subroutine into a larger program.

The graphical approach also allows nonprogrammers to build programs by dragging and dropping virtual representations of lab equipment with which they are already familiar. The LabVIEW programming environment, with the included examples and documentation, makes it simple to create small applications. This is a benefit on one side, but there is also a certain danger of underestimating the expertise needed for high-quality G programming. For complex algorithms or large-scale code, it is important that a programmer possess an extensive knowledge of the special LabVIEW syntax and the topology of its memory management. The most advanced LabVIEW development systems offer the ability to build stand-alone applications. Furthermore, it is possible to create distributed applications, which communicate by a client–server model, and are thus easier to implement due to the inherently parallel nature of G.

ALSO READ  Essex’s GlobalFoundries Plant Is Infected by a Virus
It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon