USA, 1979: The Three Mile Island Nuclear Generating Station suffered a core meltdown. Operators were unable to cope with the ambiguous signals the plant's HMI was sending, leading to one of the most serious nuclear accidents on US soil. Spain, 2007: Bypassing security checks, someone stole approximately 70 fuel pellets of uranium oxide from a nuclear fuel facility. They were later found abandoned nearby. How this material ended up there is still a mystery. Are these scenarios possible now? Critical infrastructure such as nuclear power plants, seaports, borders, and even hospitals are equipped with radiation monitoring devices. This equipment detects and prevents threats ranging from nuclear material smuggling to radiation contamination.
The purpose of this talk is to provide a comprehensive description of the technical details and approach used to discover multiple vulnerabilities that affect widely deployed radiation monitoring devices, involving software and firmware reverse engineering, RF analysis, and hardware hacking.