Leaking Beeps, a series of studies by Trend Micro, noted that the critical infrastructure sector in the US and Canada, including semiconductor and commercial manufacturers, and heating, ventilation and air conditioning (HVAC) companies, are at risk from unencrypted pager traffic. Since pager messages are typically wide open, attackers can view pager messages even at a distance.
“Unfortunately, we discovered that communication through pagers is not secure at all,” the firm noted. “The only thing attackers need is a combination of some know-how on software-defined radio (SDR) and $20 for a dongle.”
Threat actors might use information from leaked pages for passive intelligence, i.e., the discovery of information unintentionally leaked by networked or connected organizations.
“We found that a disturbing amount of information that enterprises typically consider confidential can easily be obtained through unencrypted pager messages,” Trend Micro reported.
That includes plant/operations-related information such as: Alarm/event notifications (on leaks, mechanical failures, deviations, etc.); diagnostics information (revealing sensor values, settings, etc.); facility-related status updates (can be used to identify what ICS or SCADA devices are used); email addresses; officer names; phone numbers; and project codes.
“Any motivated attacker can craft extremely effective social engineering attacks using these types of information,” the firm said. “Thus, any organization is at risk of suffering the repercussions of successful targeted attacks, which could include industrial espionage, loss of customer loyalty and trust, and more extreme scenarios such as a fatal sabotage of public service systems in a terrorist attack.”
Organizations that are still using pagers are advised to switch to an encrypted paging system with asymmetric keys. They should also have a process in place to authenticate any received paging messages. Finally, when using an email-to-pager gateway, organizations must audit possible leakage.