Skip to Content
Computing

Researchers warn of new flaw that lets hackers blow up factories

A flaw was found in popular software that’s used to manage processes in industries from manufacturing to energy. 

The bad news: Researchers at Tenable, a security firm, found a serious bug in code from Schneider Electric, which has issued a fix after being given a heads-up about the problem. The flaw leaves the software vulnerable to a “buffer overflow attack.” Computer programs allocate set amounts of memory—or buffers—to hold data they’re working on. The attack pumps more data into a buffer than it’s designed to hold; the overflow corrupts memory nearby, letting hackers introduce malicious code there that can take control of servers and other systems.

The (slightly) better news: The attack worked with software running on Windows 7; more modern operating systems have built-in protections that make it much harder. That’s no reason to be complacent, though, because many industrial control systems with older OSes are still being hooked up to the internet. 

Why this matters: Code governing control systems at industrial sites has already been the target of attacks, and US officials recently warned Russian hackers are probing for security holes in software controlling critical infrastructure like nuclear facilities and dams.

Deep Dive

Computing

Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

A new age of disaster recovery planning for SMEs

How cybersecurity threats have morphed, why SMEs need to plan for disaster recovery, and what they should do about it.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.