Stuxnet p0wns the Physical World

by gem on Friday, September 24, 2010

If the code here (courtesy of Ralph Langner) looks unfamiliar, that means you’re probably not a process control engineer familiar with the Siemens Step 7 programming language. And if you are, software security is probably unfamiliar territory!

Stuxnet worm graphic

This code turns out to be the payload of the Stuxnet worm, meant to be injected into the Ladder Logic of a programmable logic controller (PLC). It is meant to disrupt a physical world process, impacting a control system with likely kinetic impact.

Stuxnet is a very sophisticated attack that is tightly targeted. It’s a weapon. To learn more about Stuxnet, read my informIT column “How to p0wn a Control System with Stuxnet”.

Software security goes well past web applications.