iQ Series Instrument Security Improvements

Beginning January 1, 2020, the state of California requires any manufacturer of a device that connects “directly or indirectly” to the internet be equipped with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. (SB-327 Law)
To comply with this request, Thermo Fisher Scientific is releasing a new firmware update (Version 1.6.8) for iQ Series instruments in November 2019, featuring enhanced instrument security. These enhancements include:

1. Password protection enabled for VNC, MySQL, and SNMP, with unique default password for each instrument;
2. Ability to enable or disable non password-protected protocols;
   
3. Disable unused Ethernet ports.

When you receive a new iQ Series instrument or after you install the new firmware to an existing iQ Series instrument, you will need to follow the steps as listed below:

All new instruments shipped after Dec 6th, 2019 will be installed with the security enhanced software and a default instrument password, it is our recommendation that users upgrade any field instruments to the security enhanced firmware and ePort version 4.0.

The default instrument password format is an alternating combination of instrument serial number and installed firmware build number. For example if your instrument serial number is 123456789 and the instrument firmware version is 1.6.8.ABCDE where the last five digits are the build number, then the default instrument password number will be 1A2B3C4D5E6789.

If you are upgrading your instrument to the security enhanced firmware, the instrument password will be left blank after the upgrade. When you execute the ‘Change Instrument Password’ function in the GUI security access levels menu, the instrument will prompt for the ‘current’ instrument password. In this case there is no ‘current instrument password’ so you would simply ‘continue’ through that GUI page to set your personalized instrument password.

If you pressed NO on the Automatic Instrument Reboot dialog, it will go back to the Security Access Levels screen and you’ll need to start the password process from scratch again.

Instrument will now reboot to enable new password

As part of the enhanced security, the user now has the option to enable/disable communication protocols that are not uniquely password protected. This feature is intended to protect the instrument from being accessed remotely over unused protocols. It is the factory recommendation that users disable any unused protocols.

By default, all new instruments will ship with all protocols disabled. Users will need to enable Modbus, Streaming or Bayern Hessen to utilize the mobile app and/or those communication protocols. To access this feature, go to

Setting -> Communications -> Ethernet Protocol Selection

Example when streaming is select.

Instruments that are upgraded in the field will have all protocols enabled to ensure backward compatibility is maintained.

If you encounter any issue when updating the firmware or resetting your password, please contact our Technical Support team. We will make our best efforts to assist you with your iQ instruments.