On Tue, Nov 12, 2013 at 10:57:43PM +0100, Lodewijk andré de la porte wrote:
The software was highly specific and messed with the controller of centrifuges. Speeding it up and slowing it down faster than they should, messing with the bearings (or something like that). I didn't know the ISS had that sort of centrifuges there.
Regardless, the protip is: don't windows for critical systems.
The final payload was specific to the Natanz turbine controllers. The Windows malware delivery mechanism, though, could in theory infect any Windows host it came in contact with (that didn't have the 0days fixed). The intermediate stage attacked the Siemens Step7 software, which runs on Windows and which could potentially be used in space applications (although it seems somewhat unlikely that it would have been used *on* the ISS). The intermediate stage was designed to be inactive unless the specific configuration of hardware found at Natanz was detected, so in theory it should be "safe" even if Step7 were found on an ISS system, but that theory seems risky to depend on. Reading the reports charitably, I would suspect that the Windows malware delivery mechanism might have been transported to the ISS, but would have been inactive there in the absence of a Step7 installation for the intermediate stage to infect. -andy