Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Paging 1994: Crap encryption still rife in devices

Switch to asymmetric keys, stat!

Pager communications in industrial environments often run over unencrypted channels, creating a hacker risk in the process.

Industries such as energy, manufacturing, and transportation still make extensive use of pager technologies that have been superseded in other sectors of the economy. Researchers at Trend Micro warn that criminals might easily monitor the unencrypted pager data being sent by companies using a only a $20 dongle and some software defined radio know-how, as a blog post by Trend Micro explains.

Our analysis of unencrypted pager messages in countries like the US and Canada revealed that critical infrastructure sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, and other industrial environments like semiconductor and commercial manufacturers, and heating, ventilation and air conditioning (HVAC) companies are still using pagers to this day.

Unfortunately, we discovered that communication through pagers is not secure at all. Since pager messages are typically unencrypted, attackers can view pager messages even at a distance—the only thing attackers need is a combination of some know-how on software-defined radio (SDR) and US$20 for a dongle.

Data gathered can include email addresses, project codes, and employee names, excellent fodder for subsequent (highly targeted) social engineering attacks. Alarm/event notifications (on leaks, mechanical failures, deviations, etc.), diagnostic information and information on ICS or SCADA devices and network configurations are also leaked through the insecure channel.

Organisations that are still using pagers are advised to switch to an encrypted paging system with asymmetric keys, Trend Micro recommends. More details can be found in a white paper entitled Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry by Trend Micro here (pdf).

Previous research by Trend Micro addressed the related problems posed by unencrypted pager comms in healthcare. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like