DHS warns of Chinese infrastructure software vulnerabilities

China Qinshan Nuclear Plant II (under construction)

The U.S. Computer Response Readiness Team—a part of the Department of Homeland Security—has issued a bulletin (PDF) warning of software vulnerabilities in two software applications widely used in China to help control public utilities, chemical and manufacturing plans, and even weapons systems. The vulnerabilities are classic heap-based buffer overflow errors, the same type of exploit that has been repeatedly leveraged by malware authors for Windows and other operating systems.

If exploited successfully, the flaws could enable attackers to execute arbitrary programming on the systems, or perform a remote denial of service attack. Successful attacks could be highly destructive, shutting down plants and utilities or potentially creating dangerous conditions in chemical or manufacturing facilities that could lead to much larger problems. Exploitation of the problems in weapons systems could be potentially disastrous.

The U.S.’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says it has coordinated with NSS Labs researcher Dillon Beresford (who uncovered the problems), as well as Sunway and the China National Vulnerability Database, and patches are available now that address both problems. However, it could take months for industries and operations to install the patches, leaving a potential window of vulnerability where the bugs could be exploited. There are currently no known exploits in the wild.

Sunway applications are mainly used in China, but are also utilized in parts of Asia, Africa, Europe, and the Americas, according to the advisory.

In an era when cyberattacks against corporations and infrastructure are increasingly common, the vulnerabilities highlight the potential risk of Internet based attacks against infrastructure systems. The Sunway software in question is used in supervisory control and data acquisition (SCADA), SCADA systems often control critical infrastructure and manufacturing processes, but were often developed before the Internet became widely available and, in many cases, were never intended to be part of network systems. Although companies have increasingly built Internet-enabled interfaces to SCADA systems, the systems themselves often have never undergone significant security audits.

Last year, the sophisticated Stuxnet worm targeted Siemens WinCC industrial control software in an apparent attempt to hamstring Iran’s uranium enrichment efforts, demonstrating how industrial systems can be vulnerable to Internet-based attacks.

Health & Fitness

JLABS injects some tech into the medical industry

Innovating health care is expensive, risky, and complicated legally. One company is trying to remove these barriers with clever and altruistic approach.
Mobile

How does fast charging work? Here’s every single standard compared

Modern smartphones can charge in mere minutes instead of hours. How does fast charging work? Here's a guide to the most popular standards, including Qualcomm Quick Charge, Apple fast charging, OnePlus Dash Charge, and more.
Product Review

Glas may be gorgeous, but this spendy thermostat is no smarter than the rest

A stunning OLED screen tops the prettiest thermostat we’ve reviewed in years. But GLAS lacks the brains required to justify its premium price. Read more about it in our full review.
Gaming

The best HTC Vive games available today

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

Microsoft drops Surface Go price to $350 for Black Friday week

The Microsoft Surface Go convertible tablet has seen a large price drop this Black Friday sales season, lowering the base model to $350 and even the upgraded ones have seen $50 knocked off of their asking price.
Deals

The Best Black Friday Deals from Best Buy in 2018

We've been hard at work assembling all the best Black Friday deals Best Buy offers in 2018 and putting them in one place to save you time and money this holiday season. From laptops to TVs, game consoles to smart speakers and much more…
Computing

Razer takes up to $500 off of its Blade gaming laptops for Black Friday

If you're a fan of Razer's understated aesthetics that earned the Blade comparisons with Apple's laptops, you can score some big savings on Black Friday, as Razer is offering up to $500 discounts off of its gaming notebooks.
Computing

Detangle your desk with a mighty wireless mouse. Here are our six favorites

If you're looking for the best wireless mouse on the market, we've got the list for you!. These six models have something for everyone, whether you're a hardcore gamer or simply looking to ward off carpal tunnel.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Buying Guides

Solid-state drives are speedier than hard disk drives. Are they worth it?

As the price of solid-state drives comes down, it's reached a point where it's hard to recommend a system without at least a hybrid solution. In the battle of SSD vs. HDD, a clear winner has emerged.
Computing

Service restored after glitch locks out Microsoft Office 365 business users

Microsoft reported that a problem with its system caused some users to be locked out of their accounts. Because the multifactor authentication system went down globally, some Office 365 and Azure users were unable to log in.
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Deals

The best Walmart Black Friday deals in 2018

Walmart has historically been the undisputed king of Black Friday deals. The mega-store is known for offering deals on products in almost every category, from smart TVs to children’s toys. We're combing through every deal as it is…
Computing

Want to game on your Chromebook? Here's where to start

Chromebooks aren't great for gaming, but there are a few titles that most machines can run. There's a surprisingly diverse crowd that includes role-playing games, action side-scrollers, and puzzlers.