Skip to main content
  1. Home
  2. Computing
  3. News

DHS warns of Chinese infrastructure software vulnerabilities

Geoff Duncan
By
China Qinshan Nuclear Plant II (under construction)
Image used with permission by copyright holder

The U.S. Computer Response Readiness Team—a part of the Department of Homeland Security—has issued a bulletin (PDF) warning of software vulnerabilities in two software applications widely used in China to help control public utilities, chemical and manufacturing plans, and even weapons systems. The vulnerabilities are classic heap-based buffer overflow errors, the same type of exploit that has been repeatedly leveraged by malware authors for Windows and other operating systems.

If exploited successfully, the flaws could enable attackers to execute arbitrary programming on the systems, or perform a remote denial of service attack. Successful attacks could be highly destructive, shutting down plants and utilities or potentially creating dangerous conditions in chemical or manufacturing facilities that could lead to much larger problems. Exploitation of the problems in weapons systems could be potentially disastrous.

Recommended Videos

The U.S.’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says it has coordinated with NSS Labs researcher Dillon Beresford (who uncovered the problems), as well as Sunway and the China National Vulnerability Database, and patches are available now that address both problems. However, it could take months for industries and operations to install the patches, leaving a potential window of vulnerability where the bugs could be exploited. There are currently no known exploits in the wild.

Related

Sunway applications are mainly used in China, but are also utilized in parts of Asia, Africa, Europe, and the Americas, according to the advisory.

In an era when cyberattacks against corporations and infrastructure are increasingly common, the vulnerabilities highlight the potential risk of Internet based attacks against infrastructure systems. The Sunway software in question is used in supervisory control and data acquisition (SCADA), SCADA systems often control critical infrastructure and manufacturing processes, but were often developed before the Internet became widely available and, in many cases, were never intended to be part of network systems. Although companies have increasingly built Internet-enabled interfaces to SCADA systems, the systems themselves often have never undergone significant security audits.

Last year, the sophisticated Stuxnet worm targeted Siemens WinCC industrial control software in an apparent attempt to hamstring Iran’s uranium enrichment efforts, demonstrating how industrial systems can be vulnerable to Internet-based attacks.

Editors' Recommendations

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Amazon deals: TVs, laptops, headphones and more
iPad Air on a white background.

Amazon is one of the most popular retailers on the planet. It has almost anything and everything you could hope to shop for, and that includes tech like laptops, headphones, TVs, and even devices made to make life around the home a little easier. And whether you’re shopping for one of the best smart home devices or something more tailored to work or play, Amazon always shows up with ways to save. Right now it has a ton of laptop deals, TV deals, headphone deals, and more to shop. We’ve walked down the aisles of Amazon and picked out what we feel are some deals worth shopping, so read onward for more details.
Vizio 50-inch V-Series 4K smart TV — $223, was $360

The Vizio V-Series 4K Smart TV amazing picture quality for its price point, as well as a wide variety of smart features. It has an IQ Active Processor that delivers superior picture processing. This processor also enables the TV to upscale all of your favorite HD content into 4K quality as you watch. This TV also features a gaming engine that makes gameplay more responsive with less lag and a high refresh rate. This is something to consider if you’re a gamer and somebody who likes to watch fast-paced content such as sports and action movies.

Read more
How to delete files on a Chromebook
HP Dragonfly Pro Chromebook top down view showing keyboard and touchpad.

Your Chromebook has quickly become your everyday computer. Using it for just about everything, including web browsing, word processing, gaming, and social media, we bet there’s going to come a time when you need to delete some files from your PC. Doing so will not only allow you to store more media locally, but it should also help to improve the performance of your go-to Chromebook device.

Read more
Best gaming chair deals: Save on Corsair, Razer, and more
Razer - Iskur Gaming Chair.

Sitting down to play video games for hours and hours can be a lot of fun, but it can also be pretty bad for your health. Beyond just the lack of circulation, most modern chairs are not really made to have us sit in them for long periods, and so they don't offer things like lumbar support or breath to help keep us cool. Luckily, gaming chairs have come to the rescue, and if you're looking to at least help keep your body safe and healthy, going for a gaming chair can make a big difference. That said, gaming chairs can be quite expensive, which is why we've gone out and found some of our favorite gaming chair deals for you to pick from.
Homall Massage Gaming Chair -- $85, was $170

The Homall Massage Gaming Chair is affordable, but it will get the job done of keeping you comfortable while playing video games with its ergonomic design and high-quality PU leather materials. It's got head and waist pillows with a massage function that sets it apart from other cheap gaming chairs. The backrest can recline between 90 degrees and 180 degrees so you can find the perfect angle, and it also has a retractable footrest for an extra sitting position.

Read more