Category Archive: NBC

Flaws in web-connected, radiation-monitoring kit? What could go wrong?

Ripe target for ne’er-do-wells.

Black Hat Vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs) present a potential mechanism for triggering false alarms and worse, according to research unveiled at Black Hat on Wednesday.

RDMs are used to monitor radiation in critical infrastructure such as nuclear power plants, seaports, borders, and hospitals. However, like many Internet of Things devices, security shortcomings provide a means to subvert their operation.

An inspection of the technology by Ruben Santamarta, principal security consultant for IOActive, uncovered flaws in RDMs from multiple vendors, including Ludlum and Mirion. Santamarta’s research focused on testing software and hardware, firmware reverse engineering and radio frequency analysis.

The vulnerabilities create a means to meddle with “critical systems used for monitoring radiation levels, for example by falsifying measurement readings to simulate a radiation leak, tricking authorities to give incorrect evacuation directions, or increasing the time an attack against a nuclear facility or an attack involving a radioactive material remains undetected by sending normal readings to deceive operators”.

Inspection of software that ships with the Model 53 Gamma Personnel Portal from Ludlum revealed a backdoor password. “As a result, malicious personnel can bypass the RPM’s authentication and take control of the device, which could be used to disable it, thus preventing the RPM from triggering proper alarms,” Santamarta warned.

Ludlum 53 and software [source: IOActive whitepaper]

Ludlum’s gate monitors – Model 4525 – for vehicle inspection lack any security measure for data communication. Any attacker in the adjacent network can change the device’s network settings, which opens the door to multiple attacks. Worse yet, the device communicates via cleartext, so attackers would be able to falsify readings, disable alarms, or perform any other originally supported operation.

Ludlum’s gate monitors – Model 4525 – for vehicle inspection [source: IOActive]

After studying the hardware and firmware, IOActive also uncovered potential attacks against Mirion WRM2-capable Radiation Monitoring Devices at nuclear power plants. A skilled and sufficiently motivated attacker might be able to forge or sniff “WRM2 transmissions, either by repurposing a Digi S3/S3B XBee Module or by implementing the XSC and WRM2 protocol layers in a SDR device”. Such devices are located at secure facilities, reducing the likelihood of any attack in most scenarios. IOActive is convinced nonetheless that it has identified issues that merit remediation.

“Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research,” said Santamarta. “Being able to properly and accurately detect radiation levels is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders.”

Exposed Digi S3B Module [source: IOActive]

IOActive informed the affected vendors of the findings weeks before Santamarta delivered his talk, Go Nuclear: Breaking Radiation Monitoring Devices, at Black Hat. Despite initial responses indicating the issues would not be addressed, more recent communications from some vendors have indicated work is being done to patch the critical vulnerabilities uncovered.

El Reg contacted Ludlum and Mirion for comment but we’re yet to hear back from either.

A white paper on IOActive’s research includes technical details for the testing conducted and the vulnerabilities identified.

 

via:  theregister


Save pagePDF pageEmail pagePrint page

Nuke Fears: US Government Orders 14 Million Doses of Potassium Iodide

The Department of Health and Human Services has ordered 14 million doses of potassium iodide, the compound that protects the body from radioactive poisoning in the aftermath of severe nuclear accidents, to be delivered before the beginning of February.

According to a solicitation posted on the Federal Business Opportunities website, the DHHS asks contractors to supply, “potassium iodide tablet, 65mg, unit dose package of 20s; 700,000 packages (of 20s),” a total of 14 million tablets. The packages must be delivered on or before February 1, 2014.

Potassium iodide helps block radioactive iodine from being absorbed by the thyroid gland and is used by victims of severe nuclear accidents or emergencies. Under current regulations, states with populations living within 10 miles of a nuclear plant are encouraged, but not required, to maintain a supply of potassium iodide.

A search of the FedBizOpps website returns no other results regarding the purchase of potassium iodide from any government agency, suggesting that the DHHS bulk buy of the tablets is unprecedented in recent times.

The ongoing crisis at the Fukushima nuclear power plant has prompted concerns that the purchase is connected to the threat posed by radioactive debris washing up on the shores of the west coast or the potential for another natural disaster occurring in Japan which could impact the U.S.

“Governments usually respond to disasters very similarly; first move is to avoid panic,” writes The West Wire. “The Japanese didn’t want to panic the world, or tarnish their honor and now, as a consequence of their reluctance, Japanese citizens and international aid personal find themselves in a horrible state of being.”

“Panic is usually avoided by keeping their citizens as blind to the truth as possible, until confrontation with the truth becomes inevitable. The crucial question at this juncture; “would our government be reluctant about warning us of potential disaster, in an attempt to avoid panic?” 14 million doses of Potassium Iodide say that might just be the case.”

Last month it was revealed that 71 U.S. sailors who helped during the initial Fukushima relief efforts are suing the Tokyo Electric Power Co. (TEPCO) after they returned with thyroid cancer, Leukemia, and brain tumors as a result of being exposed to radiation at 300 times the safe level.

TEPCO has repeatedly been caught lying in their efforts to downplay the scale of the disaster. In September it was confirmed that radiation readings around the power plant were 18 times higher than previously reported by TEPCO. After a tank leaked 300 tonnes of toxic water in August, groundwater radiation readings at the plant soared to 400,000 becquerels per litre, the highest reading since the nuclear accident occurred in March 2011.

Top scientists have warned that if another major earthquake hits Fukushima, which is almost inevitable, it would mean “bye bye Japan” and the complete evacuation of the west coast of North America.

Now that radioactive debris is hitting the West Coast of North America, numerous different animals and sea life are suffering from mysterious diseases, including 20 bald eagles that have died in Utah over the last few weeks alone.

 

Watch the video below in which Alex Jones highlights how the Fukushima nuclear crisis will impact Americans.

 


 

UPDATE: Plumes of mysterious steam rise from crippled nuclear reactor at Fukushima

 

 Start now to make sure you are staying prepared.

 

Via: shtfplan


Save pagePDF pageEmail pagePrint page

Brits Lose Control of Nuke Reactors: “Unbelievable… Seriousness of a Major Radioactive Release”

After the world witnessed a widespread radioactive disaster following the Tsunami that took down power systems at the Fukushima nuclear facility in Japan you would think that nuclear regulators and operators would have taken the threat of unforeseen accidents seriously.

Apparently, this is not the case, according to a new report from the United Kingdom.

Nearly the exact same scenario played out in the Devonport Dockyard last summer, when the primary and secondary power sources for nuclear cooling fuel became inexplicably inoperable.

It was a situation kept secret because the implications were so serious that the entire country of Britain could have been turned to a radioactive wasteland overnight.

A major nuclear incident was narrowly averted at the heart of Britain’s Royal Navy submarine fleet, The Independent on Sunday can reveal. The failure of both the primary and secondary power sources of coolant for nuclear reactors at the Devonport dockyard in Plymouth on 29 July last year followed warnings in previous years of just such a situation.

Experts yesterday compared the crisis at the naval base, operated by the Ministry of Defence and government engineering contractors Babcock Marine, with the Fukushima Daiichi power-station meltdown in Japan in 2011.


But last July a series of what were described as “unidentified defects” triggered the failures which meant that for more than 90 minutes, submarines were left without their main sources of coolant.


John Large, an independent nuclear adviser who led the team that conducted radiation analysis on the Russian Kursk submarine which sank in the Barents Sea in 2000, said:

“It is unbelievable that this happened. It could have been very serious. Things like this shouldn’t happen. It is a fundamental that these fail-safe requirements work. It had all the seriousness of a major meltdown – a major radioactive release.”


Among a number of “areas of concern” uncovered by the Babcock investigation was what was described as an “inability to learn from previous incidents and to implement the recommendations from previous event reports”.

A subsequent review from the Base Nuclear Safety Organisation revealed the “unsuccessful connection of diesel generators” and questioned the “effectiveness of the maintenance methodology and its management”, while advising Babcock to “address the shortfalls in their current maintenance regime”.


Its own “stress test” on Devonport safety, launched after the Fukushima disaster, said that in the event of the failure of both power supplies, heat levels in reactors could be controlled by emergency portable water pumps, and added that such a failure had occurred a “number of times” previously.

If you think nuclear facilities in the United States and other Western nations are any safer than Fukushima or Devonport, you’d be mistaken.

Because these facilities often operate under the cloak of secrecy, it is impossible for us to know how many times such incidents have occurred in the United States. What we do know is that on March 28, 1979 the 3-Mile Island nuclear facility in Pennsylvania experienced the worst nuclear power plant accident in American history when a meltdown occurred in one of the facility’s two reactors. Thus, accidents at these facilities are not unprecedented.

There are currently 65 commercially operating nuclear power plants with 104 nuclear reactors in 31 states around the country.


What Chernobyl, Fukushima, 3-Mile Island and Devonport show is that we are not immune from the real possibility of a massive nuclear disaster.

Given the sheer concentration of these facilities around major population centers, especially in the eastern United States, one can’t ignore the potential for an emergency on U.S. soil that irradiates a huge portion of our population and forces region-wide evacuations.

Consider a situation where the United States comes under attack by a Super-EMP (electro magnetic pulse) weapon or a powerful solar flare that takes down the power grid. In such a scenario, a collapse of our banks, stock markets, economy, and systems of commerce would be the least of our worries.

We already know that the processes and procedures in place to test and maintain back-up power generators is lacking, as evidenced by the failure of similar generators at medical facilities following Hurricane Sandy in 2012. Couple those system failures with an EMP or solar flare that renders the system completely inoperable, and people living within a 100-mile radius of a nuclear reactor would have about 90 minutes to evacuate before radiation spews all over them.

While a nuclear disaster of this magnitude is an outlier, it is not out of the question. We’ve experienced one in the last few years, and it’s still not under control and continues to contaminate ocean water, as well as the residents of Japan (and perhaps even the United States).

The threat of a nuclear meltdown if you live within several hundred miles of a nuclear facility is one worthy of consideration, planning and preparation. You’ll need to have a bug out plan in place and be ready to put it into action in seconds – not minutes.

You’ll have to move fast – very fast – at the first sign that a nuclear event is imminent. Tens of thousands of scared and panicked people will be trying to figure out what to do, how to get out of town, and where they will go. If you have a plan in place ahead of time you’ll at least be able to move a few minutes sooner than the rest of the golden horde. And when we’re talking 90 minutes until meltdown, even 5 minutes could be a life saver.

Nuclear disasters can happen. We’ve seen it with our own eyes. It will happen again. That is just about guaranteed.

Be prepared to act when it does.

 

Start now to make sure you are staying prepared.

 

Via: shtfplan


Save pagePDF pageEmail pagePrint page

Environmental Sensor That Plugs Into Your Phone & Tracks Radiation Exposure

There’s a thriving cottage industry of smartphone extension hardware that plugs into the headphone jack on your phone and extends its capabilities in one way or another — feeding whatever special data it grabs back to an app where you get to parse, poke and prod it. It’s hard to keep track of the cool stuff people are coming up with to augment phones — whether its wind meters or light meters or even borescopes. Well, here’s an even more off-the-wall extension: meet DO-RA — a personal dosimeter-radiometer for measuring background radiation.

Granted, this is not something the average person might feel they need. And yet factor in the quantified self/health tracking trend and there is likely a potential market in piquing the interest of quantified selfers curious about how much background radiation they are exposed to every day. Plus there are of course obvious use-cases in specific regions that have suffered major nuclear incidents, like Fukushima or Chernobyl, or for people who work in the nuclear industry. DO-RA’s creators say Japan is going to be a key target market when they go into production. Other targets are the U.S. and Europe. It reckons it will initially be able to ship 1 million DO-RA devices per year into these three markets. The device is due to go into commercial production this autumn.

The Russian startup behind DO-RA, Intersoft Eurasia, claims to have garnered 1,300 pre-orders for the device over the last few months, without doing any dedicated advertising — the majority of pre-orderers are apparently (and incidentally) male iPhone and iPad owners. So it sounds like it’s ticking a fair few folks’ ‘cool gadget’ box already.

The DO-RA device will retail for around $150 — which Intersoft says is its primary disruption, being considerably lower than rival portable dosimeters, typically costing $250-$400. It names its main competitors as devices made by U.S. company Scosche, and Japanese carrier NTT DoCoMo. Last year Japan’s Softbank also announced a smartphone with an integrated radiation dosimeter, with the phone made by Sharp. This year, a San Francisco-based startup has also entered the space, with a personal environmental monitoring device, called Lapka (also costing circa $250), so interest in environmental-monitoring devices certainly appears to be on the rise.

DO-RA — which is short for dosimeter-radiometer — was conceived by its Russian creator, Vladimir Elin, after reading articles on the Fukushima Daiichi nuclear disaster in Japan, and stumbling across the idea of a portable dosimeter. A bit more research followed, patents were filed and an international patent was granted on the DO-RA concept in Ukraine, in November last year. Intersoft has made several prototypes since 2011 — and produced multiple apps, for pretty much every mobile and desktop platform going —  but is only now gearing up to get the hardware product into market. (Its existing apps are currently running in a dummy simulation mode.)

So what exactly does DO-RA do? The universal design version of the gadget will plug into the audio jack on a smartphone, tablet or laptop and, when used in conjunction with the DO-RA app, will be able to record radiation measurements — using a silicon-based ionizing radiation sensor — to build up a picture of radiation exposure for the mobile owner or at a particular location (if you’re using it with a less portable desktop device).

The system can continuously monitor background radiation levels, when the app is used in radiometer mode (which is presumably going to be the more battery-draining option — albeit the device contains its own battery), taking measurements every four seconds. There’s also a dosimeter mode, where the app measures “an equivalent exposure over the monitoring period” and then forecasts annual exposure based on that snapshot.

The company lists the main functions of the DO-RA mobile device plus app as:

– Measuring the hourly/daily/weekly/monthly/annual equivalent radiation dose received by an owner of a mobile/smart phone;

– Warning on allowable, maximum and unallowable equivalent radiation dose by audible alarms/messages of a mobile/smart phone:”Normal Dose”, “Maximum Dose”, “Unallowable Dose”.

– Development of trends of condition of organs and systems of an owner of a mobile phone subject to received radiation dose;

– Advising an owner of a mobile/smart phone on prevention measures subject to received radiation dose;

– Receiving data (maps of land, water and other objects) on radiation pollution from radiation monitoring centres collected from DO-RA devices;

– Transferring collected data through wireless connection (Bluetooth 4.0) to any electronic devices within 10 meters.

Why does it need to transfer collected data? Because the startup has big data plans: it’s hoping to be able to generate real-time maps showing global background radiation levels based on the data its network of DO-RA users will ultimately be generating. To get the kind of volumes of data required to create serious value they’re also looking to shrink their hardware right down — and stick it inside the phone. On a chip, no less.

The DO-RA.micro design, which aims to integrate the detector into the smartphone’s battery, is apparently “under development” at present. The final step in the startup’s incredible shrinking roadmap is DO-RA.pro in which the radiation-sensing hardware is integrated directly into the SoC. “This advanced design is under negotiations now”, it says.

It will doubtless be an expensive trick to pull off, but if DO-RA’s makers are able to drive their technology inside millions of phones as an embedded sensor that ends up being included as standard they could be sitting atop a gigantic environmental radiation-monitoring data mountain. Still, they are a long way off that ultimate goal. In the meantime they are banking on building out their network via a universal plug-in version of DO-RA, which smartphone owners can use to give their current phone the ability to sniff out radiation.

In addition to the basic universal plug-in, they have created an apple-shaped version, called Yablo-Chups (pictured left), presumably aimed at appealing to the Japanese market (judging by the kawaii design). They are also eyeing the smartwatch space (but then who isn’t?), producing a concept design for an electromagnetic field monitoring watch that warns its owner of “unhealthy frequencies.” It remains to be seen whether that device will ever be more than vaporware.

All these plans are certainly ambitious, so what about funding? Elin founded Intersoft Eurasia in 2011 and has managed to raise around $500,000 to-date, including a $35,000 grant from Russia’s Skolkovo Foundation, which backs technology R&D projects to support the homegrown Tech City/startup hub. In September 2013 Intersoft says it’s expecting to get a more substantial grant from the Foundation — of up to $ 1 million — to supplement its funding as it kicks off commercial production of DO-RA. It also apparently has private investors (whose identity it’s not disclosing at this time) willing to invest a further $250,000.

Even so, DO-RA’s creators say they are still on the look out for additional investment — either “in the nuclear sphere” or a “big net partner to promote DO-RA” in their main target markets. Additional investment is likely required to achieve what Intersoft describes as its “main goal”: producing a microchip with an embedded radiation sensor. That goal suggests that the current craze for hardware plug-ins to extend phone functionality may be somewhat transitionary — if at least some of these additional sensors can (ultimately) be shrunk down and squeezed into the main device, making mobiles smarter than ever right out of the box.

Start now to make sure you are staying prepared.

Via: techcrunch


Save pagePDF pageEmail pagePrint page

Radiation Detection App for iPhone / iPad

While I am not normally a great fan of stuffing my phone full of apps that are entertaining but useless at best, here is one that I came across that can actually prove very useful for those that have the older Civil Defense survey meters that have and audio output that lets you hear the clicks as the Geiger tube is detecting hits. This will work with any meter that gives audible clicks for activity that is being detected by the Geiger tube, the app needs the external input through the microphone on the iPad / iPhone or a patch cable made to utilize direct input.

What’s more important about this app is the accuracy that can be attained with it. The CDV-700 that was used to test this was calibrated by a lab in the late 90’s so I have a fairly high confidence that its meter is reading correctly, all the readings that were taken with the application using the audio from the survey meter matched what it was showing on the analog meter.

             iPhone version

The application is called Geiger Bot, and it is available on iTunes for free. Yes, you heard me right, free. Now if this app on an iPhone were to be coupled up with the compact Geiger Counter that is offered by GQ Electronics LLC for $95.00 you have a good handheld radiation detector that will even alert you if the background radiation rises above safe levels.

I will not detail out all of the functionality of the application, the author of it has already done a great job on his web site (http://sites.google.com/site/geigerbot/).

So for those that have an old CDV-700 meter and an iPhone or iPad, here is a way to bring it forward into the digital age for a minimum cost.


              iPad Version

Via: tpass


Save pagePDF pageEmail pagePrint page