Code BROWN in the Air
Pager was once very popular in the 90's. It did not disappear from the world as cellular technology phased in, but found a niche market in hospitals, industry control systems, public services and defense industries where low transmitting power or uni-directional transmission are mandatory. Just like other old technologies, systematic risk can emerge as new technology, for example SDR, becomes affordable. It is well known that one can decode POCSAG and FLEX messages with SDR as early as in 2013. After four months of observation, prudent metadata collection and data analysis, however, the researchers believe that the extensive use of email-to-pager and SMS-to-pager gateways, along with the unencrypted nature of paging system, makes it a huge security impact to the users and companies. Workflow software integrated with pagers can cause a huge leak of personal information. We can fix it only after people are fully aware of the status quo. The talk is a summary of data analysis and a demonstration of how far passive intelligence using pagers can go, scenarios including, Workflow systems in hospitals Patient tracking Pharmacy and prescription Nuclear plants Power stations ICS and HVAC in chemical and semiconductor companies Automation and intelligence in defense sector SNMP and system monitoring Interpersonal relationship If time permits, the researchers will also update the status of paging system used in several European countries.