Presented at 33C3 (2016)
Dec. 28, 2016, 11 p.m.
The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device.
Pager was once very popular in the 90's. It did not disappear from the world as cellular technology
phased in, but found a niche market in hospitals, industry control systems, public services and
defense industries where low transmitting power or uni-directional transmission are mandatory. Just like
other old technologies, systematic risk can emerge as new technology, for example SDR, becomes affordable.
It is well known that one can decode POCSAG and FLEX messages with SDR as early as in 2013. After four
months of observation, prudent metadata collection and data analysis, however, the researchers believe that
the extensive use of email-to-pager and SMS-to-pager gateways, along with the unencrypted nature of paging
system, makes it a huge security impact to the users and companies. Workflow software integrated with pagers
can cause a huge leak of personal information. We can fix it only after people are fully aware of the status quo.
The talk is a summary of data analysis and a demonstration of how far passive intelligence using pagers can go,
<li>Workflow systems in hospitals
<li>Pharmacy and prescription
<li>ICS and HVAC in chemical and semiconductor companies
<li>Automation and intelligence in defense sector
<li>SNMP and system monitoring
If time permits, the researchers will also update the status of paging system used in several European countries.
Philippe Lin works for Trend Micro as a threat researcher, who is mainly interested in open source software, open hardware, Arduino, and a new comer to the world of SDR.