Tagged: pager

Art Installation Eavesdrops on Hospital Pagers with a HackRF

HolyPager Art Installation. HackRF One, Antenna and Raspberry Pi seen under the shelf.
HolyPager Art Installation. HackRF One, Antenna and Raspberry Pi seen under the shelf.

For a long time now it has been known that pager data is sent in the clear and in plain text over a strong and easily received RF signal. The signal can easily be intercepted with a standard scanner radio or more recently with an SDR such as the RTL-SDR. Software such as PDW can then be used to decode the signal into plain text. We have a tutorial on this available here.

In these more modern days of cell phones and secure text messaging very few people still use pagers. But one heavy user of pagers is the medical community who still prefer them as they are already widely implemented in hospitals and are very reliable. The lower frequencies and high transmission powers used by pager systems allows for better reception especially in areas prone to poor cellphone reception such as in big buildings like hospitals with many walls underground areas. They are also very reliable as they receive messages instantly, whereas text messages can be delayed in times of high network traffic which is obviously a problem when a doctor is needed urgently. Finally, another advantage is that most pagers only receive, so there are no local transmissions that could interfere with sensitive medical machines. A major downside however is that pager use means that a lot of very private patient data can be easily intercepted by anyone anywhere in the same city as the hospital.

Back in October artist and programmer Brannon Dorsey displayed an art installation at the Radical Networks conference in Brooklyn which he calls Holypager. The idea is to bring attention to the breach of privacy. The installation simply prints out the pager messages as they are sent in real time, accumulating patient data that any visitor can pick up and read. He doesn't mention it on his page, but in one of the photos we see a HackRF One, antenna and Raspberry Pi hiding underneath the installation which is how the pager messages are received. A simple RTL-SDR could also be used as the receiver. Brannon writes:

Holypager is an art installation that intercepts all POCSAG pager messages in the city it resides and forwards them to one (holy) pager. The installation anonymizes all messages and forwards them randomly to one of three pagers on display. Each message is also printed on a contiguous role of receipt paper amassing a large pile of captured pages for gallery goers to peruse.

Pagers use an outdated protocol that requires all messages to be broadcast unencrypted to each pager in the area. It is the role of the individual pager to filter and display only the messages intended for its specific address. The pagers below have been reprogrammed to ignore this filter and receive every message in the city in real time. Today, these devices are primarily used in hospitals to communicate highly sensitive information between doctors and hospital staff.

Given the severity of the HIPPA Privacy Act, one would assume that appropriate measures would be taken to prevent this information from being publicly accessible to the general public. This project serves as a reminder that as the complexity and proliferation of digital systems increase the cultural and technological literacy needed to understand the safe and appropriate use of these systems often do not.

[Also seen on Hackaday and Motherboard]

PagerMon: A browser based app for displaying pager messages from multimon-ng

Thank you to Dave for submitting information about his new pager message display software called PagerMon. PagerMon is a web browser based tool for displaying POCSAG pager messages decoded by multimon-ng. It is based around nodejs and uses a sqlite database for storing the messages. Multimon-ng is an RTL-SDR compatible digital mode decoder which can decode multiple protocols including POCSAG pagers.

PagerMon and the features and future features are listed below:

PagerMon is an API driven client/server framework for parsing and displaying pager messages from multimon-ng.

It is built around POCSAG messages, but should easily support other message types as required.

The UI is built around a Node/Express/Angular/Bootstrap stack, while the client scripts are Node scripts that receive piped input.

Features

  • Capcode aliasing with colors and FontAwesome icons
  • API driven extensible architecture
  • Single user, multiple API keys
  • SQLite database backing
  • Configurable via UI
  • Pagination and searching
  • Filtering by capcode or agency
  • Duplicate message filtering
  • Keyword highlighting
  • WebSockets support – messages are delivered to clients in near realtime
  • Pretty HTML5
  • May or may not contain cute puppies

Planned Features

  • Multi-user support
  • Other database support (MongoDB and DynamoDB planned)
  • Horizontal scaling
  • Enhanced message filtering
  • Bootstrap 4 + Angular 2 support
  • Enhanced alias control
  • Graphing
  • Push notifications
  • Non-sucky documentation

The GitHub readme has a getting started section which shows how to set up the server and get it running on your local machine.

PagerMon displaying POCSAG messages
PagerMon displaying POCSAG messages

RTL-SDR Tutorial: POCSAG Pager Decoding

The RTL-SDR software defined radio combined with SDRSharp, and a POCSAG/Flex capable decoding application can be used to decode pager messages. With this setup you can receive pager messages from all pager users on the system. If you don’t know what a pager is, since they are now uncommon, here is a brief explanation from Wikipedia:

A pager is a wireless telecommunications device that receives and displays numeric or text messages, or receives and announces voice messages.

Not many people use pagers these days with mobile phone text messaging being used more, but pagers are still popular with doctors, some fire and ambulance agencies and various service companies, as they tend to be more reliable and have greater coverage. In most countries it is perfectly legal to receive these messages, as they are plain text unencrypted, but it is illegal to act on the information received. Please respect your local laws.

Examples

Here YouTube user Superphish shows 5 minutes of pager decoding using HDSDR, PDW and an RTL-SDR.

Continue reading