Legacy tech is still used in security-critical areas; but is this a step back for security where it’s needed most?
A report from Trend Micro ‘Leaking Beeps – Unencrypted Pager Messages in Industrial Environments’ reveals that pagers are also still used in Critical Infrastructure environments, including nuclear power plants. The communications data they transport is not encrypted though, and researchers could easily listen in. Such eavesdropping could be implemented as part of a passive intelligence gathering phase of an advanced attack. The Trend Micro researchers were able to glean diagnostics data revealing sensor values and facility related status updates revealing the SCADA devices in use for example.
Tony Rowan, solution architect director at SentinelOne points out that we need to understand that pager transmissions by their very nature “cannot be hidden and in fact should be regarded as public broadcasts.” As soon as you consider these types of communication public, its obvious that encryption is required to provide a level of privacy and a period of protection. “Looking at the pager issue in the wider context” Rowan continues “it does draw attention to the basic fact that the threat actor will search for weak and undefended pathways that will lead to their objective.”