U.S. warns of dangerous security flaws in Chinese software

department_of_homeland_security_sealThe U.S. Department of Homeland Security on Thursday warned that Chinese-made software used by chemical, defense, and energy firms contains major security holes that hackers could exploit and use to harm critical systems.

With so many hacking incidents in the news right now, including events with Lockheed Martin and Sony, the Homeland Security advisory is particularly worrisome. If a hacker had a clear path to, say, a nuclear power plant’s systems, who knows what damage could be done?

Homeland Security warned specifically of vulnerabilities in software made by Beijing-based Sunway ForceControl. The company makes supervisory control and data acquisition (SCADA) software, which controls and monitors manufacturing plants and equipment used in all sorts of industries. The security holes, which were found by NSS Labs researcher Dillon Beresford, could allow hackers to issue denial-of-service attacks or remotely execute code on critical systems.

Upon learning about the security flaws, Homeland Security notified both Sunway and China’s National Vulnerability Database. Sunway said it has issued patches for both holes.

Sunway’s products are mostly used in China, but the report says the software is also used in parts of Europe, the Americas, Asia, and Africa. Industries that use SCADA software include “petroleum, petrochemical, defense, railways, coal, energy, pharmaceutical, telecommunications, water, manufacturing, and others,” according to the Homeland Security advisory.

How concerned are you about hacking incidents? Do you think companies need to be taking extra precautions with cybersecurity?