High-end CNC machines can't be moved without manufacturers' permission


#1

[Permalink]


#2

Code is law... without even the pretense of being written for your benefit.


#3

Every owner of such a CNC machine should contact the manufacturer every day (or even more often) to request permission (and an unlock code) to move the machine (even if it's just a couple of feet.)

Once the manufacturers get annoyed at all the time and money spent in responding to these requests, they might reconsider (and, for example, only disable the machines if they report their location as "somewhere in Iran".)


#4

High-end proprietary CNC machines can't be moved...

And of course, there's a great "open" response to this - the Mech Mate: http://www.mechmate.com. Hundreds of enthusiasts around the world have built their own CNC machines, presumably without the burden of the "rights management" features that come in the closed versions wink

I'm a big fan of the MechMate community and my father-in-law has built one of these in his shop over the past few years. Here's a video I took a while back showing the machine in action. http://www.youtube.com/watch?v=lU3-6AapV3I.

He owns and operates a cabinet making business - woodforyou.net - so he's highly motivated to get this just right. The cost advantages for him are huge.


#5

Saying an infection of the CNC machine's code would be impossible to detect because of the GPS lock is kind of disingenuous. If anything, security placed on the code would make it harder to infect the machine! Here's how:

Critical binaries (or something equally important like calibration data) are signed using the manufacturer's private key, preferably a key unique to that machine but kept secret. The public key needed to verify the signature is on the machine but encrypted with a symmetric algorithm, using a key derived from the GPS coordinates. If you move the machine, you can no longer decrypt the public key, and the binaries won't run. You have to contact the manufacturer to get a new encrypted public key matching the new location.

You can't tamper with the binaries to bypass the GPS lock or infect the machine with malware because you don't know the signing key. This all assumes something like a secure environment to verify the signatures, and a secure GPS implementation.

There's always a weakest link, and in the case of these machines I would expect it to be the GPS. Most off-the-shelf GPS modules output serial data with no encryption or authentication... just substitute a fake GPS module and the machine never moved!


#6

MacGyver could totally hot wire that thing.


#7

doesn't come close to the machines being discussed...


#8

It's basically an export control issue. Governments want to be able to enforce bans and embargoes, so the companies are required to install such sensor packages. Also, the 1-month issue, as clearly explained in the thread, is about someone having a contract with a terrible service company. The Mfg rep weighed in very quickly with a "call me and I'll have that straightened out for you immediately" post.

Remember, we're not talking about garden gnomes or 3D printers. These machines are the real thing. Pick the right two, and you can very quickly be up and producing 50-100 machine guns a day. Real ones, not plastic zip guns. Or pump impellers for uranium enrichment plants, or nuclear weapon components, you name it.

Or, of course, excellent and non-controversial things like anti-lock brake components. The point is, the issue is about more than just companies being jerks.


#9

You keep using that word, "own." I do not think that word means what you think it means. Didn't somebody once say that the essence of ownership was the ability to deny the use of something by others?


#10

Aside from the export controls and all that, maybe there is a very, very simple reason why this would be the case - the machine is so precise that it is required to be set up for that particular spot on the floor.


#11

This seems pretty stupid in the case of the CNC company. If their concern is that they don't want it to work in Iran, then why not just make the GPS check to see if it is in Iran or not. If it's not, then let keep working.


#12

Good quality control includes xrays and thorough tracing of material from mill to shop to end product with all the appropriate ISO certification. Of the CNC machines I have seen in operation, none of them have been on the network, although information does get copied to them if my understanding was correct. Although I am kind of scared of ghosts in the shelving systems...


#13

This. There are surveyors who work in the field of placing equipment super accurately. Very well could be the reason, it might hurt the machine and the mfg doesnt want to be liable.


#14

Are you kidding? Security in this kind of machinery is mostly based on "this is too expensive for anyone to tamper with".


#15

My company is a subsidiary of [MAJOR METROLOGY FIRM], writing the software which runs their machines. We have dozens of their high end measuring systems in our lab -- and we still can't move them ourselves. We can't even have the source code for certain key drivers, despite being part of the same company and entirely relying on the workings of those drivers. The export control restrictions are serious business, for all that they regularly get violated.


#16

Well what happens when Iran invades and takes over the proposed new location...


#17

Security implications??? How about the potential for a denial of service attack. I don't even need to be on your premises -- just outside your property line in a van with a GPS constellation simulator and a directional antenna. Five minutes later, your machine thinks it was briefly in Alaska, and shuts you down until you get a reset.

The temporary GPS signal is never going to be around for very long, and if your antenna is directional enough, other GPS receivers likely will not even notice the change.

Suddenly, your ability to fulfill that rush order is threatened, and your customers start to wonder about whether you can keep the promises you make.


#18

I've been in the trade of repairing these machines for the last 20 years. This is becoming very common. Reason is simple: the machines are VERY expensive to repair and come with full coverage warranties. When a customer moves the machine, it needs to be fully recalibrated otherwise it could crash in on itself. Taking a chip out of the table, screwing up the head, causing any board to fry, these are all HUGE expenses a manufacturer has to cover. When your part time, semi-retired, forklift driver moves the machine and damages it, guess who gets the brunt of the cost. More often than not, the company who has the machine never wants to pay for legitimate (and self-inflicted) damage, they are very quick to blame the manufacturer and let them flip the bill.


#19

0_o seriously? This is a CNC machine, not a magic chicken that poops plutonium.

If they already sell to a neighbor of Iran, it is already a possibility it could fall into Iran's hands if they invaded. They would just have to be smart and not move it.


#20

great now i have to install GPS in my magic chickens.
edit: also i was no being serious about the grand invasion of the location one might want to move the machine.