Skip to main content

Posts

A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors

A year ago, shortly after presenting the Chernobyl research , I was kind of surprised to find out that a plethora of brand-new Teleperm XS (2nd generation) components were available on eBay.   Framatome’s Teleperm XS  (TXS) is a digital Instrumentation & Control platform designed specifically for use in safety systems in Nuclear power plants, as a replacement for, or upgrades to their analog counterparts. It is one of the most widely used digital safety I&C platforms, sustaining the main defense line (Reactor Protection System, Engineered Safety Features Actuation System) in dozens of nuclear reactors globally, including Europe, USA, Russia, and China. Obviously, that was a good opportunity to dig deeper into the, usually, closed world of nuclear digital safety I&C systems, so I bought some of the most important TXS modules.  That was the starting point for the research I'm releasing today: " A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors &
Recent posts

Ukraine's nuclear regulator confirms Chernobyl's post-invasion radiation spikes had an 'abnormal origin'.

First off I would like to provide some context for those readers who are not familiar with this topic. In 2023 I presented at BlackHat USA ' Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication '. Kim Zetter also wrote an investigative  piece . The research materials are publicly available. As I casually discovered a few days ago, around the date I received  the acceptance notification from BlackHat, the paper ' Preliminary assessment of the radiological consequences of the hostile military occupation of the Chornobyl Exclusion Zone ' was submitted to the 'Journal of Radiological Protection'. This paper would be eventually approved and then published in September. So it seems that both investigations were being performed in parallel, but unfortunately we never crossed our paths. There is also a significant detail: this investigation doesn't come from a random guy like me, but

Finding vulnerabilities in Swiss Post's e-voting system: part 3

Exactly two years ago I brought my blog back to life, after many years of hiatus, with " Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 ". That was the first of a series of blog posts covering that system. During these two years I've been periodically assessing the security posture of this e-voting solution, as part of their Bug Bounty program , which I personally recommend.   Since the first time I reviewed their codebase a lot of things have changed, for good, as many areas have been dramatically improved. To be honest, from a security perspective the codebase back then was kind of a mess.   When the first Swiss Post e-voting platform was published, back in 2019, it faced some public scrutiny, mostly from the academic community.  As a result, some significant issues were uncovered , so eventually Swiss Post decided to suspend the deployment of the system. That first version had been developed by Scytl , Spanish company specialized in electroni