Security flaws in Radiation Monitoring Devices could render nuclear plants vulnerable

Security flaws in Radiation Monitoring Devices could render nuclear plants vulnerable

Security flaws in Radiation Monitoring Devices could render nuclear plants vulnerable

Radiation Monitoring Devices feature several security vulnerabilities that can be exploited by cyber criminals with devastating effect, note researchers at IOActive.

Hackers can conduct man-in-the-middle attacks on Radiation Monitoring Devices to send incorrect readings of radiation levels to operators.

While inspecting Radiation Monitoring Devices that are widely-deployed in critical infrastructure like nuclear plants, hospitals, borders and seaports to detect real-time radiation levels, researchers at security firm IOActive discovered several security vulnerabilities that can be exploited by hackers for various purposes.

Hackers breached corporate networks of U.S-based nuclear power plants

Considering how important Radiation Monitoring Devices are in terms of keeping the population safe from nuclear radiation and detecting leakages in nuclear plants, losing control of such devices may render an entire population vulnerable to radiation as well as cause malfunctioning of nuclear plants. Considering that such devices feature software and hardware vulnerabilities, it is only a matter of time before they are exploited by criminals unless such issues are fixed.

By hacking into Radiation Monitoring Devices, hackers can falsify measurement readings to simulate a radiation leak, trick authorities to give incorrect evacuation directions, or send incorrect readings to operators to keep them from identifying radioactive materials.

Hackers successfully breached the UK’s industrial control systems, confirms NCSC

Researchers at IOActive found that security vulnerabilities exist in Radiation Monitoring Devices built by various vendors including Ludlum Measurements and Mirion. Ruben Santamarta, Principal Security Consultant for IOActive, conducted various tests on hardware and software and also used reverse engineering and RF analysis to uncover the said vulnerabilities.

“Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research. Being able to properly and accurately detect radiation levels, is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders,” he said.

Pacemakers found to contain 8,000 vulnerabilities including lack of encryption

Security vulnerabilities in radiation monitors are an indication of how critical infrastructure in various countries can be hacked or controlled by hackers with intent to cause damage. An eye-opening report from the National Cyber Security Centre revealed that earlier this year, hackers were able to compromise a number of Industrial Control System engineering and services organisations in the UK.

The report added that suspected hackers have been trying to connect organisations’ industrial control systems to malicious IP addresses using SMB and HTTP vulnerabilities in order to gain access to user passwords.

Hackers have also successfully breached ‘administrative and business networks’ of several nuclear power plants, manufacturing plants, and some energy facilities in the United States as confirmed by the FBI and the Department of Homeland Services. Fortunately, they were not able to breach critical networks as they were separated from the Internet as well as corporate networks.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]