Across the U.S., there are currently 99 operating commercial nuclear reactors at 61 nuclear power plants. And it turns out that these powerful sites are not as secure as one would think.
The culprit? Pagers.
According to a report by computer security company Trend Micro, workers at nuclear plants across the nation have to follow government regulations and use pagers as their main form of communication. Problem is, this outdated form of technology puts the security of these plants at risk.
Used by workers to send messages and alerts about power plant functions, these little pieces of technology have absolutely zero security features. Hackers are able to easily access the data that is sent, putting the entire nuclear plant and its critical infrastructure at risk.
While earlier pagers would only send the user an alert that someone had called them, later models were able to display SMS text messages. It is this model that the workers are mandated to use, even though no one knows why.
The researchers at Trend Micro collected over 55 million pager messages within four months from plants across the nation. They found that the confidential information sent was not secure at all.
So what is at risk? Researchers told Science Alert that these pagers release passive intelligence. Basically, they give out confidential information to anyone that manages to listen in.
“Pages, it turns out, are considered a source of high quality passive intelligence,” researchers explain in the report. “During four months of observation, we saw messages containing information on contact persons, locations inside manufacturers and electricity plants, [and] thresholds set in industrial control systems.” There was also identifying details on multiple critical operations.
This information comes on the heels of a discovery that a German nuclear plant was infected with dozens of computer viruses back in April. Add that to the fact that just two months ago security researchers announced that they had found an advanced form of malware that targeted the government, military sites, and business corporations across the nation.
The malware was in use for over five years before it was discovered.