Chinese software flaw makes infrastructure vulnerable, warns report

China's public infrastructure is vulnerable to cyber attack because of vulnerabilities in software used to run weapons systems, utilities and chemical plants, according to Reuters.

China's public infrastructure is vulnerable to cyber attack because of vulnerabilities in software used to run weapons systems, utilities and chemical plants, according to Reuters.

The US Department of Homeland Security (DHS) has issued a warning about the vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology.

The DHS says hackers could exploit the vulnerabilities to launch attacks on critical infrastructure in China and other countries where the software is used, including the US.

 

Open door for hackers

The flaws were identified by security firm NSS Labs, which has worked with Sunway, the Chinese authorities and the DHS to produce security patches.

But NSS Labs says it could take customers months to install the patching, giving attackers a window of opportunity to exploit the vulnerabilities.

The discovery of the flaws comes amid growing concern since the discovery of the Stuxnet worm about the safety of supervisory control and data acquisition (SCADA) computer systems used to control processes in a wide variety of power plants and water distribution networks.

Stuxnet, which is widely believed to have been targeted at damaging centrifuges used in Iran's nuclear programme, highlighted the vulnerability of SCADA systems to cyber attacks.

 

SCADA systems suppliers should patch vulnerabilities

NSS Labs has urged suppliers of SCADA systems to patch vulnerabilities instead of sitting on them because these systems are inherently flawed by design.

In May, the firm announced that it had discovered several methods hackers could use to sabotage critical national infrastructure.

NSS researcher Dillon Beresford, who discovered the Sunway flaws, reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) targeted by Stuxnet.

While Stuxnet targeted PLCs through operating system software, NSS researchers found ways to reprogram the devices directly if they can be reached on a network.

Read more on Hackers and cybercrime prevention

CIO
Security
Networking
Data Center
Data Management
Close