Researchers Discover Critical Security Flaws Found In Nuke Plant Radiation Monitors

wiredmikey writes from a report via Security Week: Researchers have discovered multiple unpatched vulnerabilities in radiation monitoring devices that could be leveraged by attackers to reduce personnel safety, delay detection of radiation leaks, or help international smuggling of radioactive material. Ruben Santamarta, a security consultant at Seattle-based IOActive, at the Black Hat conference on Wednesday, saying that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities. There are many kinds of radiation monitors used in many different environments. IOActive concentrated its research on portal monitors, used at airports and seaports; and area monitors, used at Nuclear Power Plants (NPPs). However, little effort was required for the portal monitors: "the initial analysis revealed a complete lack of security in these devices, so further testing wasn't necessary to identify significant vulnerabilities," Santamarta explained in his report (PDF). In the Ludlum Model 53 personnel portal, IOActive found a backdoor password, which could be used to bypass authentication and take control of the device, preventing the triggering of proper alarms.

Re:Those thing are not supposed to be secure

[TheOuterLinux]

I don't think any medical device will be secure as we want them to be as long as they keep using Windows and Ethernet cables/Wifi for everything. Most offices in general don't even use USB cables for anything anymore, arguing that it is faster. Maybe, but when things break, now you got to hunt through a network to figure it out, risking breaking more things. Hope this posts; using w3m this time .