Homeland Security advises that Chinese software contains dangerous security flaws

In a highly unusual move the U.S. Department of Homeland Security has issued a warning when it comes to using Chinese-made software, especially when it comes to the chemical, defense, and energy firms.

Much of the concern that comes in light of recent hacking attacks against companies like Lockheed Martin and Sony is centered around a specific Beijing software company called Sunway ForceControl.

The company specializes in supervisory control and data acquisition (SCADA) software and as anyone who remembers the Iran Stuxnet cyber attack these is the software that monitors and controls manufacturing plants and equipment that is used in all kinds of industries.

The security holes, which were found by NSS Labs researcher Dillon Beresford, could allow hackers to issue denial-of-service attacks or remotely execute code on critical systems.

Upon learning about the security flaws, Homeland Security notified both Sunway and China’s National Vulnerability Database. Sunway said it has issued patches for both holes.

Sunway’s products are mostly used in China, but the report says the software is also used in parts of Europe, the Americas, Asia, and Africa. Industries that use SCADA software include “petroleum, petrochemical, defense, railways, coal, energy, pharmaceutical, telecommunications, water, manufacturing, and others,” according to the Homeland Security advisory.

via VentureBeat