Code BROWN in the Air: A systemic update of sensitive information that you sniff from pagers

Presented at 33C3 (2016), Dec. 28, 2016, 11 p.m. (60 minutes)

The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device. <p> Pager was once very popular in the 90's. It did not disappear from the world as cellular technology phased in, but found a niche market in hospitals, industry control systems, public services and defense industries where low transmitting power or uni-directional transmission are mandatory. Just like other old technologies, systematic risk can emerge as new technology, for example SDR, becomes affordable. <p> It is well known that one can decode POCSAG and FLEX messages with SDR as early as in 2013. After four months of observation, prudent metadata collection and data analysis, however, the researchers believe that the extensive use of email-to-pager and SMS-to-pager gateways, along with the unencrypted nature of paging system, makes it a huge security impact to the users and companies. Workflow software integrated with pagers can cause a huge leak of personal information. We can fix it only after people are fully aware of the status quo. <p> The talk is a summary of data analysis and a demonstration of how far passive intelligence using pagers can go, scenarios including, <ul> <li>Workflow systems in hospitals <li>Patient tracking <li>Pharmacy and prescription <li>Nuclear plants <li>Power stations <li>ICS and HVAC in chemical and semiconductor companies <li>Automation and intelligence in defense sector <li>SNMP and system monitoring <li>Interpersonal relationship </ul> If time permits, the researchers will also update the status of paging system used in several European countries.

Presenters:

• miaoski
  Philippe Lin works for Trend Micro as a threat researcher, who is mainly interested in open source software, open hardware, Arduino, and a new comer to the world of SDR.

Links:

• https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8042.html

Similar Presentations:

• Black Hat USA 2019 / Behind the Scenes of Intel Security and Manageability Engine
• 31C3 (2014) / Beyond PNR: Exploring airline systems
• Still Hacking Anyway (SHA2017) / Tor & Configuration Management