The U.S. Department of Homeland Security on Thursday warned that Chinese-made software used by chemical, defense, and energy firms contains major security holes that hackers could exploit and use to harm critical systems.
With so many hacking incidents in the news right now, including events with Lockheed Martin and Sony, the Homeland Security advisory is particularly worrisome. If a hacker had a clear path to, say, a nuclear power plant’s systems, who knows what damage could be done?
Homeland Security warned specifically of vulnerabilities in software made by Beijing-based Sunway ForceControl. The company makes supervisory control and data acquisition (SCADA) software, which controls and monitors manufacturing plants and equipment used in all sorts of industries. The security holes, which were found by NSS Labs researcher Dillon Beresford, could allow hackers to issue denial-of-service attacks or remotely execute code on critical systems.
Upon learning about the security flaws, Homeland Security notified both Sunway and China’s National Vulnerability Database. Sunway said it has issued patches for both holes.
Sunway’s products are mostly used in China, but the report says the software is also used in parts of Europe, the Americas, Asia, and Africa. Industries that use SCADA software include “petroleum, petrochemical, defense, railways, coal, energy, pharmaceutical, telecommunications, water, manufacturing, and others,” according to the Homeland Security advisory.
How concerned are you about hacking incidents? Do you think companies need to be taking extra precautions with cybersecurity?
VentureBeat is creating an index of the most exciting cloud-based services for developers. Take a look at our initial suggestions and complete the survey to help us build a definitive index. We’ll publish the official index later this month, and for those who fill out surveys, we’ll send you an expanded report free of charge. Speak with the analyst who put this survey together to get more in-depth information, inquire within.