Friday, May 5, 2017

Bug discovered in software could ‘do a lot of damage’ if exploited

A critical vulnerability has been discovered in the software controlling sensitive government facilities, including at the Lucas Heights nuclear plant in Sydney and a Royal Australian Air Force (RAAF) base.

Key points:

  • Vulnerability found in software in more than 200 buildings in Australia
  • Cyber security company was able to gain administrative access to one of the affected government facilities
  • Affected government organisations, including Defence, have taken steps to secure systems

Ed Farrell from security company Mercury ISS said his team identified more than 200 buildings in Australia containing the vulnerability, which, the ABC understands, the software manufacturer is working urgently to patch.

According to Mr Farrell, if the bug was exploited, it would allow hackers to take control over critical functions in what are supposed to be among the nation’s most secure buildings.

“If a criminal or foreign intelligence service were to gain unauthorised access to such a facility, they could change settings in heating, ventilation, air conditioning — they could potentially do a lot of damage,” he said.

Mercury ISS is a Sydney-based cyber security company which test systems for bugs in order to keep them secure.

“The exploit [that the Mercury ISS team developed] demonstrated that we could go from having no log-ins to this facility to getting administrative access to one of these facilities,” Mr Farrell said.

Source: Bug discovered in software could ‘do a lot of damage’ if exploited – ABC News (Australian Broadcasting Corporation)


No comments:

Post a Comment