October 26, 2016
A surprisingly large number of critical infrastructure participants – including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers – rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage.
Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory control and data acquisition system belonging to one of the world’s biggest chemical companies sent a page containing a complete “stack dump” of one of its devices.
Other unencrypted alerts sent by or to “several nuclear plants scattered among different states” included:
- Reduced pumping flow rate
- Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
- Fire accidents in an unrestricted area and in an administration building
- Loss of redundancy
- People requiring off-site medical attention
- A control rod losing its position indication due to a data fault
- Nuclear contamination without personal damage
In their Tuesday report titled Leaking Beeps: Unencrypted Pager Messages in Industrial Environments, Trend Micro researchers wrote the following:
We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations.