back to article Flaws in web-connected, radiation-monitoring kit? What could go wrong?

Vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs) present a potential mechanism for triggering false alarms and worse, according to research unveiled at Black Hat on Wednesday. RDMs are used to monitor radiation in critical infrastructure such as nuclear power plants, seaports, borders, and hospitals. …

  1. Marketing Hack Silver badge
    IT Angle

    Perhaps El Reg should report on IoT done right...

    It would be less work, more time spent down at the pub, and the readership can fully embrace their current understanding that any IoT not specifically ID'd as well-done is probably total crap.

    1. kain preacher Silver badge

      Re: Perhaps El Reg should report on IoT done right...

      Actually it would require more time,m ore work. Seriously when have you heard of IoT done right ? It would be faster for el reg to create it's own secure IoT device then to scour the world to find one.

  2. Doctor Syntax Silver badge

    "Worse yet, the device communicates via cleartext, so attackers would be able to falsify readings, disable alarms, or perform any other originally supported operation."

    This gains it the highest approval rating from both our house-trained Home Secs (I'm counting the one currently installed in number 10).

  3. John Smith 19 Gold badge
    Unhappy

    Still, not like it's doing anything important with life threatening implications

    Oh, they do..

  4. John Smith 19 Gold badge
    WTF?

    Joking aside are these the most potentially seriousl vulnerabilies seen outside of Stuxnet?

    Stuxnet was designed to seriously damage enrichment centrifuges loaded with Uranium Hexafluoride, which would be pretty nasty even if it wasn't radioactive (a dab of water vapor and you've got a cloud of Hydrofluoric acid in your face, which is best avoided if you want to have a face left).

    Here we have the option to trigger site evacuations on demand, or conversely a no inspection pipeline to take nuclear material out of a plant. What's very disappointing is this kit looks like it costs serious money and is only installed by serious people who are worried about some very nasty s**t indeed. :-( .

    Granted, outside of fiction actual real full on "nuclear terrorists" are virtually unknown but with IoT security this loose (plaintext data transmitted by wireless, and hence readily forged) how many of the regular sort of terrorist, or just general nut jobs, wouldn't be tempted to take a punt?

    It seems it doesn't matter how expensive the IoT hardware is, the security level is still s**t.

    1. allthecoolshortnamesweretaken

      Re: Joking aside are these the most potentially seriousl vulnerabilies seen outside of Stuxnet?

      Well, potentially, yes.

      Okay, this is B-movie plot logic, but technically, this could be exploited by bad actors to bring in a nuclear device through a seaport in a shipping container. Perhaps a country ruled by an insane dictator that has nukes, but hasn't reliable ICBMs?

      1. John Smith 19 Gold badge
        Unhappy

        Okay, this is B-movie plot logic,

        I think the current term is "straight to download."

      2. Alan Brown Silver badge

        Re: Joking aside are these the most potentially seriousl vulnerabilies seen outside of Stuxnet?

        "this could be exploited by bad actors to bring in a nuclear device through a seaport in a shipping container."

        Whereas all they need to do now is hide it in a shipping container full of bananas.

    2. patrickstar

      Re: Joking aside are these the most potentially seriousl vulnerabilies seen outside of Stuxnet?

      I'm not an expert on centrifuge design but these things do blow up occasionally on their own, so they are designed to deal with that without being a hazard to their surroundings. Both when it comes to gas leaks and flying steel/carbon fibre parts.

      Also, some chemistry nitpicking:

      UF6 actually isn't very radioactive. It's certainly toxic though (think heavy metal poisoning) and corrosive.

      Also, HF isn't a very strong acid. You'll still have your face... until it starts to decompose with the rest of your body, because HF is absorbed through the skin and is very toxic once it gets inside.

  5. This post has been deleted by its author

  6. Paul J Turner

    I don't think that word means what you think it means...

    "Santamarta's research focused on testing software and hardware, firmware reverse engineering and radio frequency analysis"

    And covering just about everything is 'focused' is it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019