View Leaking Beeps: Unencrypted Pager Messages in Industrial Environments
“Leaking Beeps” is a series of studies by Trend Micro that aims to highlight a weakness in pager technology and how it can put critical activities of affected companies at risk. The research takes a look at different industries that are still using pagers for everyday operations. The series started with pager use in healthcare facilities in Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry, but the healthcare industry is not the last bastion of pager use.
Our analysis of unencrypted pager messages in countries like the US and Canada revealed that critical infrastructure sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, and other industrial environments like semiconductor and commercial manufacturers, and heating, ventilation and air conditioning (HVAC) companies are still using pagers to this day.
Unfortunately, we discovered that communication through pagers is not secure at all. Since pager messages are typically unencrypted, attackers can view pager messages even at a distance—the only thing attackers need is a combination of some know-how on software-defined radio (SDR) and US$20 for a dongle.
This research looks into the ways threat actors might use information from leaked pages for passive intelligence. Passive intelligence pertains to the discovery of information unintentionally leaked by networked or connected organizations. We found that a disturbing amount of information that enterprises typically consider confidential can easily be obtained through unencrypted pager messages. Among others, we were able to see the following plant/operations-related information:
Alarm/event notifications (on leaks, mechanical failures, deviations, etc.)
Diagnostics information (revealing sensor values, settings, etc.)
Facility-related status updates (can be used to identify what ICS or SCADA devices are used)
Any motivated attacker can craft extremely effective social engineering attacks using these types of information. Thus, any organization is at risk of suffering the repercussions of successful targeted attacks, which could include industrial espionage, loss of customer loyalty and trust, and more extreme scenarios such as a fatal sabotage of public service systems in a terrorist attack.