Nuclear plants vulnerable to hack attacks due to employees' use of unencrypted pager messages
Automated alert systems, which are designed to flag issues to staff, heavily rely on pager messages, researchers have found iStock

A fairly large number of critical infrastructure organisations have been found relying on unsecured pagers for communication between employees, which security experts believe could potentially expose them to hack and espionage. According to a study, employees at nuclear plants, chemical and electricity plants, chip makers and others still use unsecured wireless pagers, in part, to communicate about various industrial control systems.

The information that plant employees communicate over pagers include names, contact details of staff, diagnostic details of plants and other such sensitive information, which according to security researchers, can be targeted by malicious hackers.

In their new report, Trend Micro security researchers said: "Our research on unencrypted pager messages led us to discover which sectors are still using pager technologies in this age of smartphones and the internet. We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC."

"These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organisations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages."

Trend Micro collected over 54 million pages, from various critical infrastructure facilities across the US and Canada over a period of four months. "The United States is the only country wherein nuclear plants continue to send paging messages," researchers found. It was also uncovered that automated alert systems, which are designed to flag issues to staff, heavily relied on pager messages.

The researchers said: "During the course of this project, we saw multiple systems utilising pagers for alarm functions. These alarms can leak out information about the buildings' layout, products in use, as well as other company-specific information that should not be seen by anyone outside the company."

A potential information leak could see attackers leveraging intercepted data to break into the facility. The researchers cautioned that malicious actors could potentially monitor a facility's temperature and light settings as well as other sensors and alter them when no one is inside the building, in efforts to gain entry.

"Since pager messages are typically unencrypted, attackers can view pager messages even at a distance — the only thing attackers need is a combination of some know-how on software-defined radio (SDR) and US$20 for a dongle."

The researchers also noted that despite the strict data and confidentiality measure imposed by state and federal governments, the pages were fairly easy to intercept.

"Any motivated attacker can craft extremely effective social engineering attacks using the information. Thus any organisation is at risk of suffering the repercussions of successful targeted attacks, which could mean anything from industrial espionage, loss of customer loyalty and trust to fatal real-world sabotage of public service systems, as in terrorism."