Stuxnet p0wns the Physical World

by gem on Friday, September 24, 2010

If the code here (courtesy of Ralph Langner) looks unfamiliar, that means you’re probably not a process control engineer familiar with the Siemens Step 7 programming language. And if you are, software security is probably unfamiliar territory!

Stuxnet worm graphic

This code turns out to be the payload of the Stuxnet worm, meant to be injected into the Ladder Logic of a programmable logic controller (PLC). It is meant to disrupt a physical world process, impacting a control system with likely kinetic impact.

Stuxnet is a very sophisticated attack that is tightly targeted. It’s a weapon. To learn more about Stuxnet, read my informIT column “How to p0wn a Control System with Stuxnet”.

Software security goes well past web applications.

2 Responses to “Stuxnet p0wns the Physical World”

  1. gem says:

    Markoff just wrote a NY Times article speculating about the worm and saying some interesting things about intel blowback:
    http://www.nytimes.com/2010/09/27/technology/27virus.html?_r=1&scp=1&sq=worm&st=cse

    Steve Bellovin disagrees:
    http://www.cs.columbia.edu/~smb/blog/2010-09/2010-09-27.html

    Happy reading.

    gem

  2. gem says:

    Adapted from SANS newsbytes:
    Iranian president Mahmoud Ahmadinejad says publicly that some centrifuges used to enrich uranium in Iran were sabotaged by “enemies” with “software … installed in electronic devices.” While Ahmadinejad did not specify what software he meant, it is likely that Stuxnet is responsible for the problems.

    http://www.washingtonpost.com/wp-dyn/content/article/2010/11/29/AR2010112903468.html

    http://www.wired.com/threatlevel/2010/11/stuxnet-sabotage-centrifuges/

    http://www.bbc.co.uk/news/world-middle-east-11868596

    gem