Last week we published a post about how it was discovered through trial and error that Tektronix application modules are designed with laughable security. We’ll get to that part of it in a minute. We received a DMCA Takedown Notice from Tektronix (which you can read after the break) demanding that we remove the post. We have altered the original post, but we believe our coverage of this story is valid and we don’t agree that the post should be completely removed.
First off, Tektronix sells the modules to unlock the features already present on the Oscilloscope in questions. We’re operating on the moral assumption that using these features without paying their asking price is wrong. If you want the features they’ve developed you should pay for them.
The real story here is that Tektronix designed a woefully weak system for unlocking these modules. Learn from this. If you’re ever designing a hardware key, don’t do it like this!
An EEPROM, a connector, and a plain text string of characters which is already published publicly on their website is all that is necessary to unlock these “crippled” features. Let’s just say that again: apparently every hardware key is the same and just uses a plain-text string found on their website which is not encrypted or obfuscated. If you were selling these keys for $2.99 perhaps this would be adequate, but Tek values these modules at $500 apiece.
If you were designing this system wouldn’t it be worth using an encryption key pair based on the serial number or some other piece of unique information? How do you think this should have been done? Leave your comment below.
I am the Chief Intellectual Property Counsel at Test & Measurement group of companies including Tektronix, Inc.
I have been notified of a posting on the “Hack A Day” website concerning hacking of Tektronix’ copyrighted modules for use in oscilloscopes. Hacking those modules permits unauthorized access to and use of Tektronix’ copyrighted software by means of copying of Tektronix’ copyrighted code in those modules.
A copy of the offending posting is attached for your reference.
<Copied text removed>
The posting includes instructions for how to hack our modules and thereby violate Tektronix’ copyrights.
Tektronix has a good faith belief that there is no legal basis for this individual to provide such instructions to anyone, much less on a public forum.
I hereby submit that the above statements are true and accurate, and under penalty of perjury state that I am authorized to act on Tektronix’ behalf.
In view of the above, Tektronix demands that the posting identified above be expeditiously removed from the website.
Very Truly Yours,
Filed under: security hacks