security week: In a paper delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities. By Kevin Townsend
'Patching will be difficult since these are design flaws rather than software bugs; and the vendors' early response to IOActive's discoveries was, in each case, to decline to work on patches. Since then, Digi has told IOActive that it is collaborating with Mirion to patch the critical vulnerabilities.
'Nevertheless, IOActive concludes, "we should acknowledge these issues are not currently patched, so increasing awareness of the possibility of such attacks will help to mitigate the risks." It is likely that the same flaws will be present in other vendors' radiation monitoring devices.'
"Go Nuclear: Breaking Radiation Monitoring Devices" by Ruben Santamarta (PDF) here