Siemens Patch Aims to Thwart Stuxnet Offspring

Siemens, which made the industrial controllers targeted by the Stuxnet cyberweapon, announced last week that it was releasing some patches aimed at foiling attacks on its hardware similar to those mounted by the now-famous worm.

Previous versions of the controllers used in SCADA (Supervisory Control and Data Acquisition) systems allowed DLL (Dynamic-Link Library) files to be loaded into the devices without validation. The fix by Siemens prevents that from happening now.

“This is a step in the right direction,” Eric Byres,CTO and vice president for engineering at Tofino Security Products, told TechNewsWorld.

“Sure, Stuxnet is yesterday’s worm,” he acknowledged, “but the hole is still there for this vulnerability. There are people who will say, ‘They haven’t patched that yet? I’ll make a Son of Stuxnet.'”

Nevertheless, Siemens has more work to do to secure its PLC controllers, Byres continued, and that work won’t be easy.

“There are some inherent design issues that span the world of PLCs that malware can take advantage of,” he said.

While it’s good that Siemens is offering patches to plug problems with its PLCs, there can be a significant lag time between when patches are released and when they’re installed, as any IT vet knows. That lag is even worse when dealing with industrial systems, Byres noted.

“People are really scared what the impact will be on a running process,” he explained. “Everyone has installed patches on their computer and had it run like crap for the next two days. That can get real ugly if you’re talking about a nuclear reactor or a sewage plant or an oil refinery.”

Get a Clueful

Clueful was bounced from Apple’s App Store more than a week ago under mysterious circumstances. The app, made by Bitdefender, is designed to keep owners of Apple mobile devices informed about what’s being done to the data in those devices by the apps running on them.

“Unfortunately, according to the NDA we have with Apple, Bitdefender cannot disclose any information regarding the reviewing process,” Chief Security Researcher Alexandru Catalin Cosoi told TechNewsWorld.

“We would obviously love to discuss the feedback we got from Apple, but we cannot,” he added.

That feedback apparently was encouraging to Bitdefender; the company expects to resubmit the app to Apple soon, Cosoi said.

Bitdefender also is mulling over the possibility of making the app for other platforms, he noted, “but right now, the main priority is getting Clueful back on the App Store.”

Apple at Black Hat

When it comes to security conferences, Apple has been a little gun-shy in the past, but that wasn’t the case last week when Platform Security Manager Dallas DeAtley delivered a presentation on iOS security at Black Hat 2012 in Las Vegas.

Apple’s decision to come in from the cold was praised by some security pros. “We’re really happy to see Apple at Black Hat,” F-Secure Chief Research Officer Mikko Hypponen told TechNewsWorld. “They should have always been here.”

The move may signal a change in attitude by the secretive company.

“Black Hat is not a crowd that will accept anything less than thorough disclosure and free discourse,” Intego Virus Hunter Lysa Myers told TechNewsWorld.

“Apple’s decision to attend the conference makes it seem as if the company’s intent is to provide a view into what’s going on behind the curtains of iOS,” she added. “We definitely applaud this direction, as cooperating with the security industry will improve the security of the operating system overall.”

An earlier appearance at Black Hat by Apple in 2008 was scotched when the company’s security team couldn’t get on the same page with its marketing department, and its presentation had to be pulled at the 11th hour.

Breach Diary

July 23. Reports appear that more than 8 million usernames and passwords stolen four months ago from gaming website Gamigo have been posted to a public forum on the Web.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Malware

Technewsworld Channels