Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the US Department of Homeland Security (DHS).
The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.
Sunway’s products, widely used in China, are also deployed to a lesser extent in other countries, including the US, DHS Industrial Control Systems Cyber Emergency Response Team said in its advisory.
“These are vulnerabilities that hackers could leverage to cause destruction,” said Dillon Beresford, a researcher with private security firm NSS Labs, who discovered the bugs.
The DHS advisory comes amid a wave of high-profile cyber -attacks on institutions ranging from the IMF to Citigroup Inc and Sony Corp. The attacks focused primarily on stealing data; only in a few instances has critical infrastructure been attacked.
Last year the Stuxnet computer worm surfaced, targeting industrial control systems manufactured by Siemens. Security experts widely believe that the worm was built as part of a state-backed attack on Iran’s nuclear program.
Iran said the worm was used to attack computers at its Bushehr nuclear reactor. There has been widespread speculation that -Stuxnet actually damaged the plant, something Iran denies.
Beresford has worked with Sunway, Chinese authorities and the DHS to fix the bugs he found. Sunway has developed software patches to plug the holes, but it could take customers months to install those patches, Beresford said.
That gives hackers a window of time in which to exploit those vulnerabilities.
“Customers need to be notified and given proper time to patch,” said Beresford, who also discovered security bugs in industrial control management systems from Siemens. The German company addressed those vulnerabilities in an advisory it released last week.
Representatives for Sunway could not immediately be reached for comment.
The Sunway software flaws highlight growing concerns about the safety of supervisory control and data acquisition (SCADA) computer systems that are used to monitor and control processes in a wide variety of facilities, including nuclear power plants, chemical factories, water distribution networks and pharmaceutical plants.
SCADA systems — designed before Internet use became widespread — were not built to withstand Web-based attacks.
Security systems to deal with Web threats have been bolted on rather than incorporated into SCADA systems, leaving holes that hackers can penetrate.
Beresford said that there are other vulnerabilities in SCADA systems that have yet to be documented by security experts and plugged by the manufacturers.
“The point of my putting this information out and getting it into the public domain is so that we can pressure the vendors to actually patch the vulnerabilities instead of sitting on them because these systems are inherently flawed by design,” he said.
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) founder Morris Chang (張忠謀) yesterday said that Intel Corp would find itself in the same predicament as it did four years ago if its board does not come up with a core business strategy. Chang made the remarks in response to reporters’ questions about the ailing US chipmaker, once an archrival of TSMC, during a news conference in Taipei for the launch of the second volume of his autobiography. Intel unexpectedly announced the immediate retirement of former chief executive officer Pat Gelsinger last week, ending his nearly four-year tenure and ending his attempts to revive the
WORLD DOMINATION: TSMC’s lead over second-placed Samsung has grown as the latter faces increased Chinese competition and the end of clients’ product life cycles Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) retained the No. 1 title in the global pure-play wafer foundry business in the third quarter of this year, seeing its market share growing to 64.9 percent to leave South Korea’s Samsung Electronics Co, the No. 2 supplier, further behind, Taipei-based TrendForce Corp (集邦科技) said in a report. TSMC posted US$23.53 billion in sales in the July-September period, up 13.0 percent from a quarter earlier, which boosted its market share to 64.9 percent, up from 62.3 percent in the second quarter, the report issued on Monday last week showed. TSMC benefited from the debut of flagship
A former ASML Holding NV employee is facing a lawsuit in the Netherlands over suspected theft of trade secrets, Dutch public broadcaster NOS said, in the latest breach of the maker of advanced chip-manufacturing equipment. The 43-year-old Russian engineer, who is suspected of stealing documents such as microchip manuals from ASML, is expected to appear at a court in Rotterdam today, NOS reported on Friday. He is accused of multiple violations of the sanctions legislation and has been given a 20-year entry ban by the Dutch government, the report said. The Dutch company makes machines needed to produce high-end chips that power
Taiwan would remain in the same international network for carrying out cross-border payments and would not be marginalized on the world stage, despite jostling among international powers, central bank Governor Yang Chin-long (楊金龍) said yesterday. Yang made the remarks during a speech at an annual event organized by Financial Information Service Co (財金資訊), which oversees Taiwan’s banking, payment and settlement systems. “The US dollar will remain the world’s major cross-border payment tool, given its high liquidity, legality and safe-haven status,” Yang said. Russia is pushing for a new cross-border payment system and highlighted the issue during a BRICS summit in October. The existing system