Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages (arstechnica.com)

Posted by BeauHD on from the alive-and-kicking dept.

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."

7 of 79 comments (clear)

  1. Re:Mr. Burns by e432776 · · Score: 3, Insightful

    these messages make the Springfield Nuclear Plant look well-run!

  2. "Nuclear Plants Leak..." by SeaFox · · Score: 4, Insightful

    No clickbait headlines here, no siree Bob.

  3. Re:Spoofing? by Anonymous Coward · · Score: 3, Insightful

    Other than the fact that these are just alerting an operator to a potential condition that they need to verify before acting on?

    There's no automated responses, just waking someone up.

  4. Re:Analyzing... by TheRealHocusLocus · · Score: 4, Insightful

    No action or even credible threat items here. Pager network originally chosen for its (local) reliability of coverage and assurance of message delivery, not for sensitivity of content. Potential terrorists could learn more with a set of binoculars on the ridge overlooking the plant.

    The goofballs who use smartphones want everyone to use smartphones, or else Something Is Wrong With You. Soon we'll be wiping our asses with them.

    Likewise, encryption can be yet another point of failure, The nuclear Permissive Action Link was set to 00000000 for years because military brass decided (smartly) that the system was fail-safe enough. Arbitrary complexity is worse when its use-by-mandate is effectively a mandate to use the public Internet. Or even private virtual Internets using Internet hardware or infrastructure, or requires transport on congested radio bands.

    I'm not saying pager is da bomb either. When I carried one in the early 80s I saw voice message queue delay time grow to five minutes at times because its one-channel system was over-sold. Data only pagers busted this problem for awhile but pager companies are dissolving all over the place. Your entire world is dangling from a cellphone tower now. Hope it works out.

    I just saw a "live feed" from a campaign rally dissolve into no-audio, choppy video and spans because, as a voice-over form their control room said, "We're experiencing bandwidth issues because too many people at the rally are on their phones." Lie down with infrastructure dogs and you wind up with infrastructure fleas.

    --
    <blink>down the rabbit hole</blink>
  5. Re:Analyzing... by Xenographic · · Score: 5, Insightful

    This is a BS summary saying that they have pagers that get alerts telling operators to check things that's basically nuclear fear mongering. Which is basically all mdsolar ever writes as a story. It's to the point where I know who wrote it just by looking at the headline.

  6. Re:bitztream by Anonymous Coward · · Score: 0, Insightful

    Oh look, It's bitztream, the autism-hating Slashdot troll!

  7. Yeah, THAT is exactly what we need... by Anonymous Coward · · Score: 5, Insightful

    What the fuck do they want them to do? Get a non-descript pager message telling them to go find a computer and log into their encrypted 'alert portal' to securely view the message? Yeah, because that's exactly the sort of shit they should waste their time on when getting an alert like that. You know what they'd probably do in that case? Call someone at the plant. And have an insecure conversation that could be eavesdropped on. Because, you know, security is more important than a swift response to a fucking nuclear reactor malfunction.

    I myself work in telecom. When critical infrastructure mucks up, we get paged. Nowadays it means we get text messages on our mobiles. And yes, there is some pretty important information in those sometimes. Being a security-conscious organization, we considered the potential leak of information and less informative messages. We concluded that being immediately made aware of exactly what the problem was, in a business where downtime is to be kept to less than a thousandth of a percent, was more important than a well-funded or equipped bad actor being able to determine minor facts about our infrastructure. I should hope business which handle nuclear or toxic materials, or those which are responsible for keeping the lights on and keeping people alive would have similar priorities.

    And seriously, who are you talking about securing this shit against? The guy who stole the on-call tech's pager? The gov agent with a stingray? A foreign power who's eavesdropping on the pager network (which would be dumb, as it would be a lot of effort for terribly little gain)? The terrists (who aren't that adept anyways)? You want to know the REAL threat to your security? Look at your HR dept. I GUARANTEE the lowliest drone in your organization can, within 3 months of employment, scurry off with more sensitive data than someone could get by mining your pager messages for years.

    So, security panic, clickbait, yadda yadda. This is really a back-asswards non-story.