Chinese software flaw makes infrastructure vulnerable, warns report


Chinese software flaw makes infrastructure vulnerable, warns report

Warwick Ashford

China's public infrastructure is vulnerable to cyber attack because of vulnerabilities in software used to run weapons systems, utilities and chemical plants, according to Reuters.

The US Department of Homeland Security (DHS) has issued a warning about the vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology.

The DHS says hackers could exploit the vulnerabilities to launch attacks on critical infrastructure in China and other countries where the software is used, including the US.


Open door for hackers

The flaws were identified by security firm NSS Labs, which has worked with Sunway, the Chinese authorities and the DHS to produce security patches.

But NSS Labs says it could take customers months to install the patching, giving attackers a window of opportunity to exploit the vulnerabilities.

The discovery of the flaws comes amid growing concern since the discovery of the Stuxnet worm about the safety of supervisory control and data acquisition (SCADA) computer systems used to control processes in a wide variety of power plants and water distribution networks.

Stuxnet, which is widely believed to have been targeted at damaging centrifuges used in Iran's nuclear programme, highlighted the vulnerability of SCADA systems to cyber attacks.


SCADA systems suppliers should patch vulnerabilities

NSS Labs has urged suppliers of SCADA systems to patch vulnerabilities instead of sitting on them because these systems are inherently flawed by design.

In May, the firm announced that it had discovered several methods hackers could use to sabotage critical national infrastructure.

NSS researcher Dillon Beresford, who discovered the Sunway flaws, reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) targeted by Stuxnet.

While Stuxnet targeted PLCs through operating system software, NSS researchers found ways to reprogram the devices directly if they can be reached on a network.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy