IOActive reveals security vulnerabilities in radiation monitoring devices

News by Roi Perez

Security researcher discovers numerous security flaws in multiple devices tasked with detecting radiation in critical facilities.

Details surrounding several security vulnerabilities found in widely deployed Radiation Monitoring Devices (RDMs), have been revealed by security experts from IOActive.

RDMs are used to monitor the radiation found in critical infrastructure, such as nuclear power plants, sea ports, borders, and even hospitals.

Announced at Black Hat USA 2017 by Ruben Santamarta, principal security consultant for IOActive, if the vulnerabilities identified are exploited, an attacker could wreak havoc on these critical systems used for monitoring radiation levels.

Attackers could falsify measurement readings to simulate a radiation leak, tricking authorities to give incorrect evacuation directions, or increasing the time an attack against a nuclear facility or an attack involving a radioactive material remains undetected by sending normal readings to deceive operators.

Santamarta's talk at Black Hat USA is accompanied by a whitepaper which includes technical details for the testing conducted during the research and the vulnerabilities identified.

Santamarta's research focused on testing software and hardware, firmware reverse engineering and RF analysis. In doing so, IOActive says, “he successfully uncovered security vulnerabilities in radiation monitoring devices from multiple vendors, including Ludlum and Mirion.”

“Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research,” said Santamarta. “Being able to properly and accurately detect radiation levels, is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders.”

IOActive informed the impacted vendors of the findings through responsible disclosure. All vendors acknowledged receipt of the information and despite initial responses indicating the issues would not be addressed, more recent communications from some vendors have indicated work is being done to patch the critical vulnerabilities uncovered.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews