CHINA'S WEAPONS SYSTEMS have several major software bugs that could be exploited by hackers, the US Department of Homeland Security (DHS) and security firm NSS Labs have revealed.
The vulernabilities were exposed in an advisory from the DHS Industrial Control Systems Cyber Emergency Response Team and are found in software made by Sunway Forcecontrol Technology, which provides products for China's weapons systems, utilities and chemical plants. The software is also used in other countries, including the US, albeit to a much lesser extent.
NSS Labs discovered the bugs, which it said could be leveraged by hackers to cause significant destruction. The company has worked with Sunway, the DHS and Chinese authorities to help fix those bugs, but it could take months for Sunway's clients to update to the latest secure version, according to Reuters.
While those systems continue to use outdated and insecure software there is a huge risk that hackers could develop an exploit that could potentially shut down systems or cause extensive damage.
The advent of the Stuxnet worm, which infected Iran's nuclear fuel programme last year, raised awareness throughout the world of the potential devastation that targeted malware could wreak on national infrastructure. Stuxnet infected many other systems, but it appears to be dormant on those, lending many security experts to believe that Iran's nuclear systems were deliberately targeted by rival nations.
A recent spate of cyber attacks on a number of companies and agencies, including Sony, the International Monetary Fund, the CIA, and several gaming companies, has caused growing alarm over the security of networks. Many of these attacks were made by groups like Anonymous and Lulzsec, either to make a point or just for the fun of it, but the potential that hacking attacks could become more serious, where damage could be done to essential infrastructure, is growing.
The kind of devastation caused by the "firesale" hack in the film Die Hard 4 might have been just fiction a few years ago, but there is growing concern that infrastructure is not secure enough to withstand cyber attacks, as evidenced by the vulnerabilities in China's weapons systems. µ
Slack, hack and crack
A flaw in the protocol affects iOS, macOS and Windows 10
Wig wearer has issue with non-wig-wearer