A flaw was found in popular software that’s used to manage processes in industries from manufacturing to energy.
The bad news: Researchers at Tenable, a security firm, found a serious bug in code from Schneider Electric, which has issued a fix after being given a heads-up about the problem. The flaw leaves the software vulnerable to a “buffer overflow attack.” Computer programs allocate set amounts of memory—or buffers—to hold data they’re working on. The attack pumps more data into a buffer than it’s designed to hold; the overflow corrupts memory nearby, letting hackers introduce malicious code there that can take control of servers and other systems.
The (slightly) better news: The attack worked with software running on Windows 7; more modern operating systems have built-in protections that make it much harder. That’s no reason to be complacent, though, because many industrial control systems with older OSes are still being hooked up to the internet.
Why this matters: Code governing control systems at industrial sites has already been the target of attacks, and US officials recently warned Russian hackers are probing for security holes in software controlling critical infrastructure like nuclear facilities and dams.
The US military wants to understand the most important software on Earth
Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted
Corruption is sending shock waves through China’s chipmaking industry
The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.
The hacking industry faces the end of an era
But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.
Energy-hungry data centers are quietly moving into cities
Companies are pushing more server farms into the hearts of population centers.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.