Brett Neilson/Flickr

Nuclear power plants are still using pagers to communicate, and that's a big problem

"Not secure at all."

PETER DOCKRILL
27 OCT 2016
 

Nuclear power plants and other critical infrastructure could be vulnerable to hacking or attacks due to their continued reliance on a technology most young people today wouldn't even recognise: pagers.

According to a new report, these archaic precursors to mobile phones are still in regular use by workers at nuclear plants, who use them to send messages and alerts about plant operations.

 

But the danger is that most of these communications have zero security, meaning they can easily be intercepted.

Researchers at tech security firm Trend Micro collected almost 55 million pager messages – called pages – sent over US airwaves during a four-month sting earlier in the year, intercepting sensitive communications from nuclear (and other power) plants, plus chemical plants, defence contractors, and more.

And the worst part is it sounds like it would be almost trivial for anybody else – including hackers or worse – to snoop on these kinds of critical facilities the same way.

"Unfortunately, we discovered that communication through pagers is not secure at all," the researchers write in their report.

"Since pager messages are typically unencrypted, attackers can view pager messages even at a distance – the only thing attackers need is a combination of some know-how on software-defined radio (SDR) and US$20 for a dongle."

While early pagers could only send numeric data back and forth – which people used as a way of finding out who they'd missed calls from on their landline phones – later models added the ability to send text messages as well, before mobile phones and SMS superseded the older tech.

 

And it's these text communications that can reveal what the researchers call "passive intelligence" – basically, giving up free information to anybody who might be listening in.

"Pages, it turns out, are considered a source of high quality passive intelligence," the report explains. "During four months of observation, we saw messages containing information on contact persons, locations inside manufacturers and electricity plants, [and] thresholds set in industrial control systems," in addition to identifying details on other critical operations.

In the context of nuclear plants, the researchers say most of the communications they intercepted were written by staff, as opposed to automated messages being sent between systems.

These included details on incidents such as reduced pumping flow rates in the plant, leaks in the plant (including water, steam, and coolant leaks), and information about nuclear contamination (which didn't involve injury to staff).

Other information related to reports of fire accidents on site, and people requiring medical attention.

While most of this data might seem fairly unimportant or meaningless to casual observers, the researchers warn that when used in combination with things like employee names, delivery tracking numbers, and project names, you've got enough intel to start sending spoofing (fraudulent) messages or even mount an assault.

"Knowledge of issues within the plant, like minor mechanical failures, etc. can be creatively used by determined attackers to craft social engineering attacks that will appear highly believable because of prior reconnaissance," the authors write.

"Less likely but also plausible, would be for highly skilled attackers to make use of the specific issues inside, for instance, a nuclear plant, to trigger some form of sabotage, after they have gained physical access."

It's not the first time we've heard about technological vulnerabilities endangering critical facilities.

In April, the operators of Germany's Gundremmingen nuclear power plant disclosed that it had been infected by numerous computer viruses.

And just two months ago, security researchers announced the discovery of an advanced (and possibly state-sponsored) form of malware targeting governments, military sites, and corporations – and which had been lurking in infected systems for at least five years before it was detected.

Compared to those more advanced cyber-threats, replacing ageing pager systems – which haven't been used in the consumer space for decades now – shouldn't be beyond the means of major facilities (hopefully).

The older tech may offer some ongoing conveniences, but in light of what we now know about how thoroughly insecure it is, there's really no other option.

"Part of the appeal is the ability of pagers to communicate in areas where cellular frequencies are weak or nonexistent, often with extremely low power requirements," explains Dan Goodin at Ars Technica.

"Another reason, no doubt, is the tendency in certain industries to use dangerously antiquated equipment. If these companies can't curb these practices on their own, regulators should do it for them."

More From ScienceAlert