Pagers don’t get much attention in this era of smartphones and tablets. They are, however, still widely used in industrial control systems (ICS). Pagers are also good backup for everyday communication since they are functional in areas that have poor cellphone signals.

Pagers Keep on Beeping

Pagers came onto the scene during a time when security threats were not as broadly defined as they are today. Back then, security meant simply locking the gate around the facility, not securing radio transmissions.

For this reason, there is simply no such thing as pager security. Messages they receive are rarely encrypted, for example. That means any cybercriminal with a bit of technical knowledge can intercept messages sent to a pager.

That’s just what Trend Micro did. The security firm obtained more than 54 million pages over a four-month span using inexpensive hardware.

No Such Thing as Pager Security

The researchers found messages from nuclear plants, power substations, chemical companies and defense contractors. Semiconductor producers, commercial printing facilities and HVAC companies also leaked what could be sensitive data through pagers, according to the report.

Some messages were indications of malfunctioning critical systems. For example, the researchers intercepted overflow information an HVAC company sent to a hospital on an unencrypted pager.

Passive Intelligence

This type of data collection is known as passive intelligence (PI). PI is information gathering as opposed to active intelligence. PI-rich situations would not require an attacker to make contact with the target’s network to get useful information. Attackers using PI would rather wait and listen to the target, gleaning whatever information they can and then analyzing it before an active penetration test or attack can occur.

Some PI information Trend Micro found included alarm or event notifications, diagnostics information, status updates for a facility, employee names and email addresses, phone numbers and even some IP addresses.

This kind of information is invaluable to a social engineering scammer. SecurityWeek noted that an attacker might use it to move laterally inside a compromised network.

Spoofing Messages

Ars Technica reported that the researchers also found it “trivial to inject counterfeit messages into the paging systems” they had monitored. These fake messages were accepted by systems using both the Post Office Code Standardization Advisory Group protocol and another protocol known as FLEX.

All this goes to show that security leaders of industrial organizations should rethink their assumptions about what actually constitutes security, especially with regard to ICS. Opening up a critical infrastructure system to either PI or spoofing doesn’t seem like the safest approach.

More from

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…