back to article Paging 1994: Crap encryption still rife in devices

Pager communications in industrial environments often run over unencrypted channels, creating a hacker risk in the process. Industries such as energy, manufacturing, and transportation still make extensive use of pager technologies that have been superseded in other sectors of the economy. Researchers at Trend Micro warn that …

  1. Anonymous Coward
    Anonymous Coward

    SMS?

    Is SMS any better on cell phones?

    Honest question, not rethorical.

    1. Dr. Mouse

      Re: SMS?

      I believe that (almost) all data between a mobile and the base station is encrypted, including SMS, so yes, it's better.

      I'm happy to be corrected if I am wrong.

      1. Adam 1

        Re: SMS?

        > I believe that (almost) all data between a mobile and the base station is encrypted, including SMS, so yes, it's better.

        Better != Good enough

        I guess as long as talktalk et al don't have any of their keys compromised, it's all good.

    2. Anonymous Coward
      Anonymous Coward

      Re: SMS?

      It's reasonably well-encrypted, but clone the SIM card and you're halfway there...

    3. Captain Scarlet

      Re: SMS?

      I didn't think they could fit much text on them and normally the messages are "Call the office".

      Would anyone really put anything confidential on them?

      1. John H Woods Silver badge

        Re: SMS?

        Even if the content is effectively information free (and you might be surprised how much can be deduced by pattern analysis) you have the problem, without decent encryption, that you cannot be sure of the source of a message or that it is untampered.

        If you want to attack a critical worker (or get to them by attacking their family) you could do worse than sending a bleary-eyed recipient a message demanding they attend location X immediately.

      2. Adam 1

        Re: SMS?

        > Would anyone really put anything confidential on them?

        Like the call-in number and conference key for whatever teleconference service they are using for that "call in" message

  2. adam 40 Silver badge

    Same as the Internet then

    You don't need to change the technology. Just encrypt the data sent over it.

    Cloning a SIM doesn't really work that well, let's assume you did so and registered on the mobile network, the SMSC would deliver to your MS and not to the target's one, the message would get deleted off the system. (SMS being a point-to-point protocol.)

    You would also have to NACK the SMS and then drop off the network sharpish, and not re-register until it had gone through to the real MS.

  3. Anonymous Coward
    Mushroom

    Listening in…

    Industries such as energy, manufacturing, and transportation still make extensive use of pager technologies that have been superseded in other sectors of the economy. Researchers at Trend Micro warn that criminals might easily monitor the unencrypted pager data being sent by companies using a only a $20 dongle and some software defined radio know-how, as a blog post by Trend Micro explains.

    It doesn't help that the operators are lax in their transmitter filtering so their transmitters spaff their shite over the 144-148MHz band making every nearby 2m amateur radio receiver (except the indestructable Icom IC-22A) squawk in sympathy!

  4. Christian Berger

    There are other security concerns

    Confidentiality or integrity of the message isn't much of a problem for many areas. However mobile phones have other security problems. The most obvious is that the mobile telephone network has to know where the receiver is. That's a really bad idea in some areas as carrying around a tracking beacon has heavy privacy implications.

    Plus there are the obvious practical problems of the pager network having _much_ better coverage than mobile telephony.

  5. Alan Edwards

    No need for SDR

    Back in the day I did it with the earphone output of my Pro-26 and a laptop running some software, POCSAG I think it was.

    It was like the days of loading games off cassette, twiddle the volume on the scanner and the gain on the laptop audio input and see if the next message was less garbled.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon