2600 Magazine_ The Hacker Quarterly - Digital Edition - Summer 2011 - 2600 Magazine [30]
A word about tuning and configuration if using software and a sound card as the data slicer: Software data slicers are very temperamental and require some trial and error to get the right combination and consistent results. Start by opening the squelch completely so the signal (and noise) are received by the application. Volume should be set high or full on the radio and on the input for the sound card. This gives the application a loud and (hopefully) clear signal to interpret. Most software applications used for decoding transmissions have a signal meter of some sort. Use it! You are going to need at least 60-80 percent to get discernible and usable data.
All right, enough already with the "what" and "why." Let's get to the money shot! So what type of data can be collected? With the above defined equipment and configuration, collecting entire transmissions is pretty easy. Most of the software decoding applications parse the data in a fairly clean and straightforward manner.
Address: Channel Access Protocol (CAP) code. Used to uniquely identify each receiving device.
Time/Date: Yup, you guessed it - time and date of the received transmission.
Mode: Protocol version used in the transmission (POCSAG, FLEX, etc.)
Transmission Type: Alphanumeric, numeric, or tone only.
Bitrate: Baud rate of the transmission.
Data: This is where the actual number or message is contained. Message lengths can vary depending on the receiver and the service provided.
In the below examples, I have blurred out the sections of the material to protect the privacy of the individuals, IP addresses, and company names. Even so, it is clear that a person can extrapolate all sorts of personal and sensitive information from the intercepted transmissions.
In the top two examples, we see the type and details of medical information transmitted by hospitals about their patients. The first details an unfortunate lady going through chemotherapy and having a hard time with it. Not only are we given her name, date of birth, and ailment, but enough detail that a crafty social engineer could wreak all sorts of havoc at the hospital or with her personal life.
In the third example we see the personal details of a young woman who suffered heart problems.
In another example, we see an alert message containing an internal IP address, domain name, and email address information for an Oracle server that apparently is running out of space.
In the last three examples, we see a collage of personally identifiable information (PII) and company information that could be used for identity theft, credit fraud, or as the basis of a social engineering or system compromise attack.
The above examples are just a taste of the type of data that is constantly being broadcast across the airwaves with no encryption or security of any kind. While the messages are encoded by the senders for brevity purposes, it's very easy for anyone to decipher the data and fields in the messages. It should be mentioned that a person can very easily discover the frequencies being used by their local stores, companies, and hospitals. These details can be found by Googling information discovered in the captured pager transmissions or by searching a particular organization’s site, or, if you are really adventurous, by looking on the back of any of the pagers that you are interested in capturing data from.
Despite the fact that pagers have gone out of vogue as a mainstream communication tool, it's very clear that niche industries are still using them very heavily. And since the technology is not as widely used, it's not getting the attention that it should.
In Conclusion