Homeland Security warns of holes in Chinese software

The US Department of Homeland Security has warned that products made by Beijing-based Sunway ForceControl Technology are insecure and could be a gateway for hackers.

According to Reuters, what is unusual about the announcement is that it is less likely to harm US companies, but could bring those in China to their knees.

The software is used in China to help run weapons systems, utilities and chemical plants. If the US ever did want to declare a cyber war against China, it just warned the glorious People’s Republic of China what one of its best weapons would be.

Apparently, Sunway’s products are also used in the US enough for the DHS’s Industrial Control Systems Cyber Emergency Response Team to be concerned.

Dillon Beresford, a researcher with private security firm NSS Labs, who discovered the bugs said that the bugs make it a doddle for a hacker or cyber terrorist to do some serious damange.

Beresford said he has worked with Sunway, Chinese authorities and the DHS to fix the bugs he found. Apparently, Sunway has developed software patches to plug the holes, but it could take customers months to install them.

This means that for the next few months, hackers have a window of time in which to exploit those vulnerabilities.

The bugs are typical of those which are blighting supervisory control and data acquisition (SCADA) computer systems used to monitor and control industrial processes. SCADA systems were designed before the Internet and were can’t withstand Web-based attacks.

This means that security systems have been bolted onto SCADA systems and are often vulnerable.

Beresford said that by putting this information out and getting it into the public domain is so that we can pressure vendors to patch the vulnerabilities instead of sitting on them.