Radiation sensing systems have hackable security flaws, warns researcher
The researcher, Ruben Santamarta, looked at two types of radioactive monitoring systems: a radioactivity sensor used at nuclear power plants, and a gate monitoring system designed to screen ingoing and outgoing vehicles and individuals at nuclear facilities, or cargo passing through borders and ports.
According to Santamarta, as reported by Wired, his findings present potentially serious weaknesses. Although he is not claiming that the vulnerabilities he found could lead to a meltdown scenario at a nuclear plant, he warns that they could be used to confuse nuclear engineers and potentially prevent timely response to a radioactive leak.
“You can send arbitrary information, malicious information that emulates a radiation leak that’s not actually happening, or send regular readings so an accident goes undetected,” he says. In addition, he points out, if a gate monitoring system is compromised, it could lead to radioactive materials being smuggled into or out of a facility.
Santamarta says he was inspired to investigate potential flaws in radioactivity detection equipment after reading an account of the Three Mile Island accident, which was in part caused by a faulty instrument reading of the position of a relief valve. “I wanted to know if there’s a chance for hackers to replicate that scenario in some way,” he says.
Santamarta tested two different radioactive detection systems. Radio-enabled radiation sensors from Mirion Technologies, and firmware from radioactive detection equipment firm Ludlum Measurements.
According to Santamarta, he was able to hack the radiation sensors and “send spoofed data to a nuclear plant’s Mirion transceivers from as far away as 30 miles.” This could not only send false data into a plant’s systems, he says, but also block real data signals from getting through.
With the gate monitoring system, he claims to have been able to hack its firmware using a “backdoor” that would allow unauthorized users to reprogram it. In addition, he says that the communication between the vehicle gates he examined and the server that collected data from them did not appear to use any encryption or authentication, which would allow a hacker to spoof data from the gate or prevent real data from reaching operators.
Most nuclear facilities do have other means of detecting radiation, and the above hypothetical attacks would likely require additional compromises at the facilities to actually be feasibly implemented. As for the manufacturers of the equipment in question, Santamarta says that Ludlum Measurements told him that its gate monitoring systems are used in secure facilities that would be protected from such attacks, while Mirion Technologies indicated that it was working to add more security protections to its future products.
For more, see “Hacker Warns Radioactivity Sensors Can Be Spoofed Or Disabled.”
Related articles:
Is your smart grid secured?
Swiss researchers develop cost-effective gamma ray detector material
Power grid ‘health’ monitoring needed for cybersecurity, say researchers
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
