Pager explosions: Scenarios of “controversial” cyber intrusion
Shafaq News / Thousands of wireless paging devices (pagers) exploded simultaneously across Lebanon and Syria on Tuesday, September 17, in “a highly controversial” incident.
The incident resulted in 11 deaths, including Hezbollah members and a 10-year-old daughter of a group member, and injured approximately 4,000 others. The Lebanese party has held Israel fully responsible for the incident.
While a Hezbollah official described the assault as a "major security breach," reports suggesting it could be the result of an Israeli cyber attack have raised numerous questions about the vulnerabilities that allowed the breach and the methods used to execute it.
Pager Vulnerabilities
Pagers are vulnerable to several security flaws that make them easy targets for cyber attacks, especially since these devices rely on outdated technology lacking modern security features.
Lack of Encryption
Most paging devices do not use message encryption, which allows attackers to intercept and read messages using inexpensive tools such as software-defined radios (SDRs), which cost as little as $20, or readily available USB devices.
Sensitive Data Leakage
Due to the lack of encryption, sensitive information, including personal and medical data, can be leaked through these devices, posing a significant risk to institutions that rely on them, such as hospitals and emergency services.
Message Tampering
Attackers can send fake messages to pagers, potentially disrupting operations or issuing incorrect commands. This represents a significant threat in sensitive environments, such as hospitals, and for security personnel who rely on pagers as secure communication tools.
Use of Outdated Technology
Pager systems rely on outdated technology that lacks advanced security features, making them more susceptible to exploitation by cybercriminals.
Intercepting Pager Messages
Attackers can intercept pager messages by exploiting network vulnerabilities, notably outdated protocols like SS7, which have security flaws that allow them to access messages without the user's knowledge.
Additionally, attackers might install malicious software to redirect or intercept messages without the user's knowledge, and deploy codes that allow remote control of the devices.
Pagers broadcast messages to all devices within a certain range instead of targeting specific ones, making it easier for attackers to intercept the messages.