Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages (arstechnica.com)

Posted by BeauHD on from the alive-and-kicking dept.

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."

47 of 79 comments (clear)

  1. Mr. Burns by s1d3track3D · · Score: 3, Funny

    Smithers! fire that Simpson fellow!

    1. Re:Mr. Burns by e432776 · · Score: 3, Insightful

      these messages make the Springfield Nuclear Plant look well-run!

  2. Analyzing... by Anonymous Coward · · Score: 5, Funny

    Nuclear Power - Check
    Poster mdsolar - Check

    Into the trash it goes.

    1. Re:Analyzing... by TheRealHocusLocus · · Score: 4, Insightful

      No action or even credible threat items here. Pager network originally chosen for its (local) reliability of coverage and assurance of message delivery, not for sensitivity of content. Potential terrorists could learn more with a set of binoculars on the ridge overlooking the plant.

      The goofballs who use smartphones want everyone to use smartphones, or else Something Is Wrong With You. Soon we'll be wiping our asses with them.

      Likewise, encryption can be yet another point of failure, The nuclear Permissive Action Link was set to 00000000 for years because military brass decided (smartly) that the system was fail-safe enough. Arbitrary complexity is worse when its use-by-mandate is effectively a mandate to use the public Internet. Or even private virtual Internets using Internet hardware or infrastructure, or requires transport on congested radio bands.

      I'm not saying pager is da bomb either. When I carried one in the early 80s I saw voice message queue delay time grow to five minutes at times because its one-channel system was over-sold. Data only pagers busted this problem for awhile but pager companies are dissolving all over the place. Your entire world is dangling from a cellphone tower now. Hope it works out.

      I just saw a "live feed" from a campaign rally dissolve into no-audio, choppy video and spans because, as a voice-over form their control room said, "We're experiencing bandwidth issues because too many people at the rally are on their phones." Lie down with infrastructure dogs and you wind up with infrastructure fleas.

      --
      <blink>down the rabbit hole</blink>
    2. Re:Analyzing... by AHuxley · · Score: 1

      It really depends on what is still kept working for such devices. Readers might recall the US and the Galaxy IV issue when it was discovered that one network was the pager network.
      https://en.wikipedia.org/wiki/...
      Hope that everyone needed has a sat phone, the pager device is very different now and the POTS works :)

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Analyzing... by Zontar+The+Mindless · · Score: 1

      Heaven forbid that a scientist would submit a tech website's story about issues relating to tech to another tech website.

      --
      Il n'y a pas de Planet B.
    4. Re:Analyzing... by Xenographic · · Score: 5, Insightful

      This is a BS summary saying that they have pagers that get alerts telling operators to check things that's basically nuclear fear mongering. Which is basically all mdsolar ever writes as a story. It's to the point where I know who wrote it just by looking at the headline.

    5. Re:Analyzing... by monkeyman.kix · · Score: 5, Interesting

      This is a BS summary saying that they have pagers that get alerts telling operators to check things that's basically nuclear fear mongering. Which is basically all mdsolar ever writes as a story. It's to the point where I know who wrote it just by looking at the headline.

      This. So much. It baffles me the number of stories of FUD about nuclear power that mdsolar gets published here. I am not sure who is promoting and publishing their stories but you are right...see the headline, guess that mdsolar wrote it and then confirm via the rest of the text.

      Why Slashdot?

    6. Re:Analyzing... by Zontar+The+Mindless · · Score: 1

      Looks to me like a pretty accurate summary of the article that's been published on Ars.
      And a case of "Waaaaaah! Someone said something less than worshipful of nuclear power!"

      If you think the article's inaccurate, maybe you should post some actual evidence of that. And maybe you should post that to Ars where the people who actually wrote the story can benefit from your feedback.

      --
      Il n'y a pas de Planet B.
    7. Re: Analyzing... by Anonymous Coward · · Score: 2, Interesting

      Another example of how anti nukers have to rely on misleading FUD , as the facts don't support their position.

      Yet this crap will be parroted by the ignorant press as well.

    8. Re:Analyzing... by Anonymous Coward · · Score: 1

      This is a BS summary saying that they have pagers that get alerts telling operators to check things that's basically nuclear fear mongering. Which is basically all mdsolar ever writes as a story.

      The story is worded to imply that pager messages are actually used to control some devices, then of course all the examples are precisely not that at all...

    9. Re:Analyzing... by jrmcferren · · Score: 1

      Satellite communication is only required for long distance pager networks. A pager network with a local coverage can be done on site along with the other IT infrastructure. The antenna can even be installed on site as well depending on the coverage needs. Pager networks do not require public infrastructure at all.

      --
      sudo mod me up
    10. Re:Analyzing... by Mr+D+from+63 · · Score: 1

      BeauHD is either a clickbait tool or simply ignorant as she has proven that she can't distinguish agenda driven troll pieces from actual news or fact based articles.

    11. Re:Analyzing... by Coren22 · · Score: 1

      Also, pagers are allowed in restricted areas. That smartphone likely isn't allowed in a reactor building, but a one-way pager is just fine.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  3. Spoofing? by AmiMoJo · · Score: 1

    If the messages are unencrypted, are they not authenticated either? What's to stop someone spoofing messages that induce the operators to shut the plant down? Or even worse to take some course of action that damages the plant with the wrong action, or by ignoring warnings they think were cancelled?

    I'm sure the regulations say they should check, but we know how often those are ignored in this industry.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Spoofing? by Anonymous Coward · · Score: 3, Insightful

      Other than the fact that these are just alerting an operator to a potential condition that they need to verify before acting on?

      There's no automated responses, just waking someone up.

    2. Re:Spoofing? by AHuxley · · Score: 1

      What spoofing? A nuclear shift is called back to work at night due to the night shift having issues. Thats the text. Night shift if its daytime.
      The staff know to get to work without delay and help with an issue.
      Most staff also got a POTS phone that was only to be used for work in many related areas with unique skills. The phone rings, a message is given, drive to work. Re "by ignoring warnings they think were cancelled"
      The only code is to drive to work to help the night or day shift if the work POTS or pager is used.
      Most of the reactors are in the US are so old its generational and the staff live local. On the days off or night off, its only going to be one type of call.
      When the staff get to work they can be told face to face whats going on or to stand down. The pager only has one function, to get staff in.
      Contract crews with remote sites all over the USA will have a provided sat phone and talk to staff they know to get clear understanding of tasks in their own industries. i.e. thats more than a reactor site to drive to.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Spoofing? by hawguy · · Score: 2

      If the messages are unencrypted, are they not authenticated either? What's to stop someone spoofing messages that induce the operators to shut the plant down? Or even worse to take some course of action that damages the plant with the wrong action, or by ignoring warnings they think were cancelled?

      I'm sure the regulations say they should check, but we know how often those are ignored in this industry.

      When I get paged from work, the first thing I do is check independent monitoring systems to see if the problem that's reported is actually occurring since False alarms sometimes happen. I don't just blindly reboot a server because I get a page saying that it has a problem, I make sure that problem exists before I "fix" it.

      I'd like to think that nuclear plant workers do the same and don't vent steam from the reactor just because their pager said that pressure is high, I'd hope that they verify from multiple independent sources.

      About the worst you could do with unencrypted alerts is change them - change "steam pressure elevated" to "steam pressure critical" or "steam pressure normal" or "you got p0wned". But if you have the ability to re-write plain text alert messages, even if they are encrypted you'll have the ability to block them or corrupt them and prevent important messages from getting through.

    4. Re:Spoofing? by Joe_Dragon · · Score: 2

      "Core temperature normal."
      "Vent radioactive gas." YES / NO?
      "Venting prevents explosion."
      "Vent radioactive gas." YES / NO?

    5. Re:Spoofing? by swb · · Score: 1

      I'm pretty sure nuclear plants aren't run by just one guy who logs in when he gets a pager message and then hits the "shut down plant" button.

      There's an entire staff and it would take spoofing all of them and making the on site people not believe the actual plant control systems to take an action that would be "wrong".

    6. Re: Spoofing? by hawguy · · Score: 1

      Blocking pager messages is quite hard.. You have to be close to the recieving pager and block it for all retransmissions.

      Harder than editing them before they are received?

    7. Re: Spoofing? by AHuxley · · Score: 1

      As the AC mentioned, the problem would then be one fake call out to all staff and it would be fixed.

      --
      Domestic spying is now "Benign Information Gathering"
    8. Re: Spoofing? by Zero__Kelvin · · Score: 1

      But not necessarily. In this case they don't know for sure it is spoofed, and they may well spend time troubleshooting the problem before they determine what is really going on.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  4. "Nuclear Plants Leak..." by SeaFox · · Score: 4, Insightful

    No clickbait headlines here, no siree Bob.

    1. Re:"Nuclear Plants Leak..." by BitZtream · · Score: 2, Funny

      The post if from mdsolar.

      He doesn't know how to do anything else. When it comes to anything that can any way be linked/related to solar power ... mdsolar says: solar power is good, or any other form of power is bad, will kill you, start WW3, starve the children and cause cancer well past the predicted end of the universe.

      If you look at his post history it becomes readily apparent that if solar power was generated by making babies cry, he'd be the first one to sign up, cattle prod in hand. Like wise, if it were shown that there were absolutely 0 bad sides to using nuclear power including peace on Earth, he would immediately start telling us how thats a bad thing because war is good.

      He's a selfish nut job that only cares about selling solar panels, nothing he produces is trustworthy.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    2. Re:"Nuclear Plants Leak..." by Anonymous Coward · · Score: 1

      It's bitztream, the autism-hating Slashdot troll!

  5. mdsolar clickbait by Anonymous Coward · · Score: 4, Interesting

    ...strikes again. Except in extremely rare situations (the stack dump), which was of questionable usefulness to an attacker, most of this stuff is fairly benign.

    Pagers still have superior range, penetration through walls, and resistance to electrical noise compared to other technologies. If you think pager messages are bad you should see some of the wireless industrial control stuff out there. Electric grids don't use encryption because the encryption delay can be the difference between an overload or a switching command. Most industrial control stuff is horribly insecure. (eg SCADA, automotive CANs, etc)

  6. Not nuke plants by Anonymous Coward · · Score: 4, Informative

    I can't speak for chemical plants etc, but I do currently work at a nuclear power plant as an engineer.

    Pagers are not used for any control function of the plant. Any digital control system is scrutinized for cyber security.

    The only use of pagers is as part of a call out system, so that in case of a plant event, people are alerted to come in to resolve the issue. This is rarely used. As part of this system they also call people on the phone. No specific plant information is ever transmitted as part of this call, just the classification of the plant event. I know this because I function as a communicator in the Emergency Response Organization.

    I wish people would stop spreading lies about nukes. There are certainly some negative aspects of nuclear power. If you don't think it is worth it, then fine that is your opinion, and feel free to defend it in a rational, intellectually honest way. That people have to make stuff up to justify that opinion is telling about how strong their position is.

  7. So? by thegarbz · · Score: 1

    Park your car some 2km from a typical nuclear facility or chemical plant with a simple radio scanner. You can pick up complete operational information. Most of it will be gibberish. Alarms and notifications sent over pagers are equally useless. Without in-depth information of the inner workings of the plant this information gains you nothing, and if you have the supporting information some pager messages are the least of a plant's "espionage" worries.

    Or just wait a day and read about the upset or incident in a news paper. I know when units are upset in refineries around the world based purely on a subscription to a magazine which sends out daily news. No need for espionage there.

  8. Pager use has problems but this isn't an example by FeelGood314 · · Score: 1

    Pager is unencrypted and unauthenticated. It is trivial to spoof the messages. Pager also suffers from undetected bit errors. In my testing we had a 0.4% chance per message of a single bit error.

    There are several hospitals in Eastern Ontario that use pager for patient room transfers. Watching the pager messages you can see who is being moved and between which rooms. While this is a big privacy problem I'm also concerned that the bit errors have caused patients to be sent to the wrong room.

  9. A well-written headline by drinkypoo · · Score: 1

    Army Vehicle Disappears (after being camouflaged)

    Porn Star Sues over Rear End Collision

    Oh Hail No

    There Will Be Hell Toupee

    The whole point of a headline is to be attention-getting. If you can make it clever, all the better. Nuclear Plants Leak is pure gold. Don't pretend people don't make jokes about how wind farms are hot air yuk yuk yuk. On the other hand, if you're a bit sensitive about jokes about nuclear plants leaking, well... u mad, bro?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:A well-written headline by CrimsonAvenger · · Score: 2

      The whole point of a headline is to be attention-getting. If you can make it clever, all the better. Nuclear Plants Leak is pure gold. Don't pretend people don't make jokes about how wind farms are hot air yuk yuk yuk. On the other hand, if you're a bit sensitive about jokes about nuclear plants leaking, well... u mad, bro?

      LIke "Thousands killed by solar power"? Which, by the way, is true. Getting killed falling off a roof while installing solar panels is a more common way of dying than from a nuclear accident (total casualties in the USA due to civilian nuclear power: zero. Note the word "civilian". There was a military tet reactor that fit into a bathrub that managed to kill three people when they failed to follow procedure doing maintenance))....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    2. Re:A well-written headline by drinkypoo · · Score: 1

      Getting killed falling off a roof while installing solar panels is a more common way of dying than from a nuclear accident

      That's true! Being a handyman is much more dangerous than being a cop. Handyman lives matter!

      On the other hand, if we embrace more large-scale solar, the deaths will go down, because those deaths are primarily from small-scale installations.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  10. Yeah, THAT is exactly what we need... by Anonymous Coward · · Score: 5, Insightful

    What the fuck do they want them to do? Get a non-descript pager message telling them to go find a computer and log into their encrypted 'alert portal' to securely view the message? Yeah, because that's exactly the sort of shit they should waste their time on when getting an alert like that. You know what they'd probably do in that case? Call someone at the plant. And have an insecure conversation that could be eavesdropped on. Because, you know, security is more important than a swift response to a fucking nuclear reactor malfunction.

    I myself work in telecom. When critical infrastructure mucks up, we get paged. Nowadays it means we get text messages on our mobiles. And yes, there is some pretty important information in those sometimes. Being a security-conscious organization, we considered the potential leak of information and less informative messages. We concluded that being immediately made aware of exactly what the problem was, in a business where downtime is to be kept to less than a thousandth of a percent, was more important than a well-funded or equipped bad actor being able to determine minor facts about our infrastructure. I should hope business which handle nuclear or toxic materials, or those which are responsible for keeping the lights on and keeping people alive would have similar priorities.

    And seriously, who are you talking about securing this shit against? The guy who stole the on-call tech's pager? The gov agent with a stingray? A foreign power who's eavesdropping on the pager network (which would be dumb, as it would be a lot of effort for terribly little gain)? The terrists (who aren't that adept anyways)? You want to know the REAL threat to your security? Look at your HR dept. I GUARANTEE the lowliest drone in your organization can, within 3 months of employment, scurry off with more sensitive data than someone could get by mining your pager messages for years.

    So, security panic, clickbait, yadda yadda. This is really a back-asswards non-story.

  11. What's the problem by phorm · · Score: 1

    Unless they're sending access codes or something sensitive like that, what's the issue? You get a page that valve #2 or tower #3 is malfunctioning, so go in and fix it. Is that really overly useful information to third parties?

    Perhaps they're worried that attackers will be able to use these to verify their attacks are working? Sorry, but if an attacker is able to remotely access systems to cause a "reactor leak" then he/she can probably see any internal statuses beyond the pagers.

    There's a trade-off between response time and security. If you have to go through ten layers of security, a TSA pat-down, a body scan, and a cavity search before you can get in to fix a critical issue then the problem is going to be a lot worse by the time you get to address it. Notifications are similar. Sometimes simple: easy to read and reliable is better than uber-secure but complex/unreliable. Sometimes complexity just adds to the potential points of failure.

  12. s_client: this is what you need to do. by emil · · Score: 1

    Here is how to encrypt your pager/SMS outgoing messages using RFC822 over TLS.

    # grep smtps /etc/services
    smtps 465/tcp # SMTP over SSL (TLS)

    # openssl s_client -connect mail.yoursmtpserver.com:465

    helo 1.2.3.4
    mail from: someuser@someplace.com
    rcpt to: 1234567890@vtext.com
    data
    here is my pager/SMS message
    .
    quit

    Nobody on the wire will be reading that.

  13. dude, the 80s are so OVER! by swschrad · · Score: 1

    ditch the pager crap. disconnect from the web. use a mediator system and if the local politicians want to meddle, tell them you'll install a siren that goes past 11 to 35.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  14. Nuke shutdown by emil · · Score: 1

    We need nuclear power that can be shut down at a moment's notice, with no further intervention necessary by the operators.

    Gen 1 designs require 30 days of cooling post-shutdown before daughter nuclei decay stops producing massive heat.

    I am looking for a salt plug that melts and scrams the core in a boron bath.

    The TESCO employees were desperate for batteries for the cooling system, because they knew what was about to happen. I have the same reactor design 50 miles away. It's colossally dumb, and we need these things offline pronto.

    1. Re:Nuke shutdown by emil · · Score: 1

      Still, if I prevent human intervention for 48 hours, then I render a large portion of the country uninhabitable for hundreds (or thousands) of years.

      This is not a reasonable risk. These devices should be retired. (And thanks for your corrections.)

    2. Re:Nuke shutdown by chihowa · · Score: 1

      Still, if I prevent human intervention for 48 hours, then I render a large portion of the country uninhabitable for hundreds (or thousands) of years.

      What country are you talking about? Monaco?

      The Chernobyl Exclusion Zone is only 2,600 km^2, or less than half a percent of the area of a not-that-big country, and even it is full of thriving wildlife and tourists. Modern reactor designs would be desirable, but no commercial reactor is going to make a mess big enough to render a large portion of the country uninhabitable. FUD.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  15. Trend Micro by phantomfive · · Score: 1

    Trend Micro relies on unsecured anti-virus to protect all their customer's computers.

    --
    "First they came for the slanderers and i said nothing."
  16. That's not the weak points by WillAffleckUW · · Score: 1

    The actual weak points are physical.

    You're doing it wrong.

    --
    -- Tigger warning: This post may contain tiggers! --
  17. Stupid article by m.dillon · · Score: 1

    Satellite pagers (and in more modern times, texts over the cellular network) are the most reliable way to get alarms out to field and on-call personal. Sure, someone could send a malicious fake page or text, but these alarms are mainly just heads-up to personal who are not in the operations center that something is amis. The main board will always be checked / personal will always call in and double check before anyone actually pushes any buttons.

    This is a really stupid article.

    -Matt

  18. Re:Probably another CTR shill. by Zontar+The+Mindless · · Score: 1

    You're pretending to take issue with an argument that I did not make.

    As for "CTR", I have no idea what you're talking about, and thus it and I most likely have nothing whatsoever to do with one another.

    --
    Il n'y a pas de Planet B.
  19. Re:mdsolar by fisted · · Score: 1

    So then let's start with the headline. "Nuclear Plants Leak Critical Alerts [...]"

    Leak? That would imply they're not dispatched intentionally. And "Leak" in the context of nuke plants...? Yes, that's totally not trying to make people click the link.

    Do reasonable non-sensationalist submissions and we can discuss them reasonably.

    --
    CLI paste? paste.pr0.tips!
  20. Re: mdsolar by MrKaos · · Score: 1

    All the mdsolar rants

    Simplification, generalization, ad hom. Same boring tactics.

    --
    My ism, it's full of beliefs.
  21. Re:mdsolar by MrKaos · · Score: 1

    Do reasonable non-sensationalist submissions and we can discuss them reasonably.

    hahaha, going for the moral highground. First paragraph of the article:

    A surprisingly large number of critical infrastructure participants—including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers—rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage.

    doesn't seem to be singling nuclear out. doesn't say they have or will be hacked, just that they are open to it along with other utilities. That doesn't seem very sensationalist to me. How would you phrase it?

    And "Leak" in the context of nuke plants...?

    Well what would you say?

    --
    My ism, it's full of beliefs.