Pwning a nuclear-grade entrance control system easily

submited by
Style Pass
2024-11-22 12:30:09

Like in any field of critical infrastructure or manufacturing, physical protection is crucial in a nuclear facility. In case an adversary can penetrate the site, they may disrupt operations causing vast economic damage, steal radioactive material to be used later in terrorist attacks, or threaten human life in a wide range of ways.

Therefore, especially in the nuclear field, approaches in physical security are really formalized. It is often said that it has three different functions:

We are cyber security experts and we can tell that cyber security also relies on physical protection - it is normally much easier to hack a device when we can get our hands on it, push buttons and see what is on its screen. However, physical security depends on cyber security, too. Each function might use computer-based systems, like digital cameras, monitoring stations or - entrance control systems performing authorization before unlocking doors. Hacking these can be troubling on its own, what's more, it can be a perfect opening of a planned physical attack.

In one project, we examined a complex physical protection system which incorporated access control in a nuclear facility. It had three doors with RFID card readers both from the inside and from the outside. When an employee touched their card to the reader, the system decided if they were authorized to open the respective door and if so, a controller unlocked the door for a few seconds. Although this system operated in a nuclear facility, this was only a test system. The operator had just bought it for training physical protection professionals and the whole thing was brand new. The supplier told us that it was rated grade 3 based on standard EN 50131-1, meaning it was eligible to be installed as a nuclear facility access control system.

Leave a Comment