Slashdot Mirror
Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages (arstechnica.com)
mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:
-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."
-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."
Smithers! fire that Simpson fellow!
Into the trash it goes.
If the messages are unencrypted, are they not authenticated either? What's to stop someone spoofing messages that induce the operators to shut the plant down? Or even worse to take some course of action that damages the plant with the wrong action, or by ignoring warnings they think were cancelled?
I'm sure the regulations say they should check, but we know how often those are ignored in this industry.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
No clickbait headlines here, no siree Bob.
...strikes again. Except in extremely rare situations (the stack dump), which was of questionable usefulness to an attacker, most of this stuff is fairly benign.
Pagers still have superior range, penetration through walls, and resistance to electrical noise compared to other technologies. If you think pager messages are bad you should see some of the wireless industrial control stuff out there. Electric grids don't use encryption because the encryption delay can be the difference between an overload or a switching command. Most industrial control stuff is horribly insecure. (eg SCADA, automotive CANs, etc)
thanks to your employer. As for this, P.R. campaign is afoot, and smelly, of course.
Rest assured your posts are appreciated. While others mock you like jerks, thinking that would create some sort of protection for them and the industries for which they are shills, let me say we're not so gullible.
We need to remove this cancer (literally!) from our societies. It's a long battle, but it is the Good Fight. Please keep on doing it.
These guys have no shame; instead of talking about the worst part (the critical messages), they talk about how pager is a reasonable medium. How can one be more moronic? How stupid do they think we are? Even when hiring a shill, you have to set a minimum competence level!
Thank you, mdsolar.
To minimize explain away and scoff at those with questions.
track of where r3formatted
Oh look, mdsolar is giving us another sensationalizing story about nuclear power where he shows his complete and total bias towards his product rather than whats right, whats intelligent, whats good for human beings, or anything other than shear selfish greed.
Dear mdsolar,
You are a worthless douche.
Take your bullshit fear mongering articles and shove them up your ass. There is absolutely NOTHING wrong with using pagers for this purpose.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
If you crypt all this information, only the PR guys will tell you nothing.
This tech is there to improve our knowledge of what is going on.
Just like police should not be using encryoted channels either. It is another form of "policy body cameras.
Oh look, It's bitztream, the autism-hating Slashdot troll!
I can't speak for chemical plants etc, but I do currently work at a nuclear power plant as an engineer.
Pagers are not used for any control function of the plant. Any digital control system is scrutinized for cyber security.
The only use of pagers is as part of a call out system, so that in case of a plant event, people are alerted to come in to resolve the issue. This is rarely used. As part of this system they also call people on the phone. No specific plant information is ever transmitted as part of this call, just the classification of the plant event. I know this because I function as a communicator in the Emergency Response Organization.
I wish people would stop spreading lies about nukes. There are certainly some negative aspects of nuclear power. If you don't think it is worth it, then fine that is your opinion, and feel free to defend it in a rational, intellectually honest way. That people have to make stuff up to justify that opinion is telling about how strong their position is.
Park your car some 2km from a typical nuclear facility or chemical plant with a simple radio scanner. You can pick up complete operational information. Most of it will be gibberish. Alarms and notifications sent over pagers are equally useless. Without in-depth information of the inner workings of the plant this information gains you nothing, and if you have the supporting information some pager messages are the least of a plant's "espionage" worries.
Or just wait a day and read about the upset or incident in a news paper. I know when units are upset in refineries around the world based purely on a subscription to a magazine which sends out daily news. No need for espionage there.
Pager is unencrypted and unauthenticated. It is trivial to spoof the messages. Pager also suffers from undetected bit errors. In my testing we had a 0.4% chance per message of a single bit error.
There are several hospitals in Eastern Ontario that use pager for patient room transfers. Watching the pager messages you can see who is being moved and between which rooms. While this is a big privacy problem I'm also concerned that the bit errors have caused patients to be sent to the wrong room.
Sure, sure, it's MDSolar clickbait.
The real thing to look at, is that pager technology is becoming obsolete. My last job was at a utility company, and many of the substation capacitor banks were operated by pager broadcast message. It's simple and fairly reliable - but cell companies are wanting to turn the service off. Likewise, much of the old analog communications infrastructure to larger substations is via analog phone circuits. AT&T (and others) have published sunset timelines, because they don't want to have to mess with them any longer.
The root case is doubly so with nuke plants - you MUST have a stable, highly controlled environment. The plant can't go down. Changes therefore must be well justified and very, very well planned. "This is newer and cool!" is not good enough. If it's a stable platform but old as dirt, then it stays. The spice must... err... the lights must stay on.
Army Vehicle Disappears (after being camouflaged)
Porn Star Sues over Rear End Collision
Oh Hail No
There Will Be Hell Toupee
The whole point of a headline is to be attention-getting. If you can make it clever, all the better. Nuclear Plants Leak is pure gold. Don't pretend people don't make jokes about how wind farms are hot air yuk yuk yuk. On the other hand, if you're a bit sensitive about jokes about nuclear plants leaking, well... u mad, bro?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What the fuck do they want them to do? Get a non-descript pager message telling them to go find a computer and log into their encrypted 'alert portal' to securely view the message? Yeah, because that's exactly the sort of shit they should waste their time on when getting an alert like that. You know what they'd probably do in that case? Call someone at the plant. And have an insecure conversation that could be eavesdropped on. Because, you know, security is more important than a swift response to a fucking nuclear reactor malfunction.
I myself work in telecom. When critical infrastructure mucks up, we get paged. Nowadays it means we get text messages on our mobiles. And yes, there is some pretty important information in those sometimes. Being a security-conscious organization, we considered the potential leak of information and less informative messages. We concluded that being immediately made aware of exactly what the problem was, in a business where downtime is to be kept to less than a thousandth of a percent, was more important than a well-funded or equipped bad actor being able to determine minor facts about our infrastructure. I should hope business which handle nuclear or toxic materials, or those which are responsible for keeping the lights on and keeping people alive would have similar priorities.
And seriously, who are you talking about securing this shit against? The guy who stole the on-call tech's pager? The gov agent with a stingray? A foreign power who's eavesdropping on the pager network (which would be dumb, as it would be a lot of effort for terribly little gain)? The terrists (who aren't that adept anyways)? You want to know the REAL threat to your security? Look at your HR dept. I GUARANTEE the lowliest drone in your organization can, within 3 months of employment, scurry off with more sensitive data than someone could get by mining your pager messages for years.
So, security panic, clickbait, yadda yadda. This is really a back-asswards non-story.
Unless this was to bring attention to the problem after two years of letting the operators of these facilities make changes to fix them... why the HELL is this al over the front page of slashdot?
Unless they're sending access codes or something sensitive like that, what's the issue? You get a page that valve #2 or tower #3 is malfunctioning, so go in and fix it. Is that really overly useful information to third parties?
Perhaps they're worried that attackers will be able to use these to verify their attacks are working? Sorry, but if an attacker is able to remotely access systems to cause a "reactor leak" then he/she can probably see any internal statuses beyond the pagers.
There's a trade-off between response time and security. If you have to go through ten layers of security, a TSA pat-down, a body scan, and a cavity search before you can get in to fix a critical issue then the problem is going to be a lot worse by the time you get to address it. Notifications are similar. Sometimes simple: easy to read and reliable is better than uber-secure but complex/unreliable. Sometimes complexity just adds to the potential points of failure.
This is slashdot and we're now calling hacks leaks, just sayin'.
Here is how to encrypt your pager/SMS outgoing messages using RFC822 over TLS.
# grep smtps /etc/services
smtps 465/tcp # SMTP over SSL (TLS)
# openssl s_client -connect mail.yoursmtpserver.com:465
helo 1.2.3.4
.
mail from: someuser@someplace.com
rcpt to: 1234567890@vtext.com
data
here is my pager/SMS message
quit
Nobody on the wire will be reading that.
ditch the pager crap. disconnect from the web. use a mediator system and if the local politicians want to meddle, tell them you'll install a siren that goes past 11 to 35.
if this is supposed to be a new economy, how come they still want my old fashioned money?
We need nuclear power that can be shut down at a moment's notice, with no further intervention necessary by the operators.
Gen 1 designs require 30 days of cooling post-shutdown before daughter nuclei decay stops producing massive heat.
I am looking for a salt plug that melts and scrams the core in a boron bath.
The TESCO employees were desperate for batteries for the cooling system, because they knew what was about to happen. I have the same reactor design 50 miles away. It's colossally dumb, and we need these things offline pronto.
Trend Micro relies on unsecured anti-virus to protect all their customer's computers.
"First they came for the slanderers and i said nothing."
Fuck you mdsolar
The actual weak points are physical.
You're doing it wrong.
-- Tigger warning: This post may contain tiggers! --
Satellite pagers (and in more modern times, texts over the cellular network) are the most reliable way to get alarms out to field and on-call personal. Sure, someone could send a malicious fake page or text, but these alarms are mainly just heads-up to personal who are not in the operations center that something is amis. The main board will always be checked / personal will always call in and double check before anyone actually pushes any buttons.
This is a really stupid article.
-Matt
"The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."
It's almost as if regulation doesn't work.
Is so safe that these few little glitches make no difference, I am sure.
It's BS because you have no realistic threat model here and the only thing remotely sensitive is an allegation of a stack trace that is probably not meaningful and which would involve things to which they have no access anyhow. The pagers are simple alerts. They're not a two-way communication channel. Pagers don't "automate" anything--they can't control anything because there's no outbound communication. Which is basically the first line of the summary, so we know pretty much how much you (didn't) read.
This is Slashdot. You should know that people are going to call you on this kind of BS. We remember. I already know what to expect when I read your posts. The "mindless" part of your name pretty well sums it up.
Send 4/ 9d we are going to a dance.
You claimed the summary was "pretty accurate." I just pointed out many reasons why it isn't. Doesn't really surprise me that you don't get it, though. Not convinced you read anything given the problems in the very first line of the Slashdot summary. For the rest, mindlessly supporting things just makes you indistinguishable from the rest.