Before cell phones, pagers were the way to communicate on the go. At first, they were almost a status symbol. Eventually, they became the mark of someone who couldn’t or wouldn’t carry a cell phone. However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals. In an art project called HolyPager, [Brannon Dorsey] intercepted all the pager messages in a city and printed them on a few old-style roll printers. The results were a little surprising. You can check out the video below.
Almost all the pages were medical and many of them had sensitive information. From a technical standpoint, [Brannon’s] page doesn’t shed much light, but an article about the project says that it and other art projects that show the hidden world or radio waves are using our old friend the RTL-SDR dongle.
Pagers use a protocol — POCSAG — that predates our modern (and well-founded) obsession with privacy and security. That isn’t surprising although the idea that private medical data is flying through the air like this is. Decoding POCSAG isn’t hard. GNU Radio, for example, can easily handle the task.
We’ve looked at pager hacking in the past. You can even run your own pager network, but don’t blame us if you get fined.
32 thoughts on “Art Eavesdrops On Life And Pagers”
“However, apparently, there are still some users that clutch their pagers with a death grip, including medical professionals.”
Is there less chance of the dreaded, “the movie patrons are jamming my cellphone”?
I’m not sure about intentional interference, but supposedly pager frequencies have better penetration underground/inside buildings with bad cellphone reception.
The reason pagers generally work so well is because they are very narrow channels ( <15khz) allowing for higher sensitivity and the transmitters output lots of power. Makes for a very good signal budget.
Hmm get roll of toilet paper and let 2 year old unroll onto floor there’s an idea for an art installation ….
Privacy issues associated with pages come down to the users not the provider. The data sent should contain nothing more than either a number for the holder of the pager to ring or a room number to attend.
And privacy – wtf is that – in a world where the likes of Snowden and that Wikileaks fellow are publishing what ever they feel.
Pagers still are used in a medical setting because the information can get through with no reliance on the “cloud” or any external telecommunications infrastructure.
Really, no reliance on any external communications infrastructure? I don’t think it’s point to point. Telco!
It would appear to me that you are ignorant of the fact that many hospitals (and other private companies) operate their own internal telephone and radio paging and communications systems. They have no reliance on the public telco infrastructure.
Pagers are now Encrpted and HIPAA Secure.
No they aren’t. Unless you’re using some sort of app-based “messaging” solution (eg Zipit), if you’re still using the Local Pager Company(tm), you’re probably using FLEX or POCSAG in the clear, and we can decode it.
This is exactly correct. If you think pagers are HIPAA compliant then you are dead wrong.
This is true of certain products, like the Spok T5, of which I have no affiliation.
WOW, just WOW, you actually blame Snowden for ‘violating privacy’……
Bloody hell, that’s quite an accomplishment.
Pagers are amazing tech if you can get a good inexpensive service deal or you have an amateur radio license, a VHF transmitter, a re-crystalled pager, and a computer sound card or an arduino to encode the alpha or numeric text.
One way receiving devices they do not blow your privacy out the airlock to be in a functional communication mode.
I wish there was a great smartphone running a Gnu Linux FOSS OS and it had the carrier wireless service chip/module powered down but with the POCSAG listening. A person could be available seconds form realtime to callback incoming calls, when they choose to be trackable, otherwise your location privacy is your own.
Hacking your own: http://www.qsl.net/kb9mwr/projects/pager/plan.html
Many hospital’s policies banning cell phone use in patient care areas were based on a report of a respiratory therapist talking on a cell phone near a ventilator. The energy/frequency from the cell phone supposedly (according to the therapist involved in the report) changed the ventilator settings and thereby compromised the patient’s care.
Seriously. (Inverse square much?)
The pager industry owed it’s continued existence to that story coming out.
…and drug dealers
RMS though it might be private/self respecting enough for him to finally get/use/carry a mobile phone, so him and his cult(I am a degenerate one) too.
Well… there are two ways the hospitals can handle this.
1. Updating their pager use policies or ditching the pagers altogether for something secure.
2. Lobbying the government to ban the use of SDR receivers capable of eavesdropping on their communications.
Now, we know which of the two is the right way (and I for one, would applaud not getting my ears belted via my headset by a pager splattering the 2m band!) … but what’s the bet that they’ll try on the other?
exactly. this “vulnerability” has been around for literally decades. i’m fairly certain that what he did in this project is still completely illegal in the usa. so not only will he probably have some issues but if some politico decides to make it a cause things could get ugly. good job mr. hipster!
if the data is transmitted in the clear, which seems to be the case. Then its not considered wire tapping. All hes decoding is the communications protocol, and removing the address filters.
While law enforcement might screw with him still due to alot of ignorance and the desire to bully people when there is a lack of understanding(at times). He should be relatively safe.
“if the data is transmitted in the clear, which seems to be the case. Then its not considered wire tapping.”
You’re wrong. It’s illegal due to the Communications Act of 1934, whether it’s sent in the clear or not.
You “youngin’s” should Google Bill Cheek (and the hornet’s nest he stirred up). This was ‘back-in-the-day’ of un-encrypted LE MDT terminals running DMV, NCIC, checks.
The “hack” here is nothing new. It was being done decades ago.
FYI, IMTS telco service pre-dated AMPS analog cellular. IMTS used duplex repeaters/transceivers (ie. a Motorola Pulsar II handset in the vehicle). There were no “cells”, just one optimally placed tower serving a geographic region.
And this doesn’t even address amateur (2 meter FM), “autopatches”.
There is one privacy feature that pagers have that mobile phones do not, the phone company has no idea where the pager is at any time, it is a broadcast (inefficient) one way system, there is no feedback from the pager that the page was actually received (so the page needs to be broadcast multiple times in every zone in the city and/or country). So the phone company had no idea where the person receiving the page actually was or is, unlike the modern mobile phone system where the nearest cell is always tracked by the phone and all surrounding cell towers. And that can, with further effort, be narrowed down to a very tiny area along hyperbolic curves using Multilateration within that cell. But mobile phones because their location is known at all times, make multiple orders more efficient use of the limited RF spectrum.
I should probably add that 5G by design uses Multilateration to locate all phone handsets in the system to within a couple of feet/meter to make far more efficient use of the RF spectrum so that it can use the same frequency at the exact same time from the same cell tower by using phased arrays for beamforming (AKA spatial filtering) to communicate with multiple handsets and this is in addition to the typical CDMA (Code-division multiple access) via gold codes to squeeze more data onto a RF channel.
pagers were perfectly safe, until someone made an artproject from it. and decided to printout every thing thta’s transmitted (in the area). Form that point on it became insecure. Until he shouted and started publicly displayiong the messages send there was no problem. So it’s not the doctors that are putting the patients at risk. The creator of the holypager project is. If he shown the messages on a display, slowly fading out he could have reached the same goal, but printing it on paper, putting it on the ground for everyone to grab is not really secure or giving the impression that he cares about security. But perhaps I see this wrong.
Though I highly doubt if there is any security of patients at risk here. These days everybody is screaming about security here and there and in the mean while they are broadcasting everything about themselves (and others) out into the open. Using sewers like facebook, twitter (and what ever is popular these days) lot’s of nonsense is released onto the world. And this guy is worrying about pagers?! He should worry more about the technology itself fading out. It’s not more or less to fail then other methods of communication when it works. But it’s age makes it vulnerable (devices breaking down, support becoming less and less).
With the amount of paper being spoiled by this project I recon that the environment (wasted paper) is more in danger then the messages about patients he pretends to care about.
Other then that, the project itself is a nice display of hacking (perfect for this website). And that is the part of the project that is very well done.
As opposed to Blackhat Eve who listens in while taking measures to go undetected? I guess ignorance is bliss…
My $0.05 (us northern hose-heads ditched the penny years ago):
* Hack – I discovered the clear text “feature” of pagers many years while trying to listen into air traffic control. A friend explained to me that if I took an analog FM receiver, tuned the dial down to the bottom and then stretched the wax covered coils of copper wire inside I could retune the receiver to a higher band – just keep opening the coils until I heard a station at the top end of the FM band. Now sweep the tuner up the dial until you pick up ATC. Worked like a charm! And tucked up there around/in between various airport frequencies were at least a couple pager frequencies. Most were digital, but some where voice. In clear text. Felt fascinatingly creepy listening in on people’s voice pages.
* Pager vs cell phone – I’m in IT now and part of an on call rotation. The old guard likes the “reliability” of getting a page. I think they are mis-guided. My understanding is that, yes, the page will reach you further/deeper than some cell phones (cottage country, etc), but that it is asynchronous, fire-and-forget. If you are out of range/dead battery when the volley comes through, you’ve missed it. Whereas cell text’s are synchronous (to a point), in that they queue up at the telco until you are back in range/powered up – and then they all come flooding in. Either way – if you really need the person being paged/texted to respond, you need an escalation process that retires on a regular interval until acknowledged by the person. Our pager was connected to an escalation service on our mainframe, and our text based system was not – which continued to feed the “pager is better” story arc.
I did a teardown of my old pagers which miraculously still work. In my video you will hear a super-happy operator taking my call and sending me a test page.
Get with the time…. Pagers are NOW Encrypted and HIPAA Compliant. I would be happy to give you more information, I sell them.
Wrong. Can you state your source that says they are encryped? This I would live to see.
Google the Spok T5 pager then.
I miss pagers. The late 90s were awesome!
Here’s the thing.. “youngsters” think ubiquitous cellphones mean that everyone should be available to talk, text or post about every inane thing 100% of the time. Oldsters go too far the other way and pine for the days when if you aren’t home you are completely disconnected from everything.
With a pager someone could always get ahold of you in an emergency. Also, if you were out but not doing anything important or exciting and a friend wanted to hang out doing something more fun they could reach you. Likewise of course you could always try paging them.
But… if it wasn’t a good time or you weren’t in a social mood you could always ignore it. All you had to do is call them back later on YOUR terms. Just claim you were out and not near a phone and nobody’s feelings needed to be hurt. It was a nice happy medium.
If only they made a pager that could surf the net. It would have been perfect!
Pager are actually way more private than cellphones, because you simply send messages that the receiver knows what they mean and the receiver is NOT constantly broadcasting an ID and location and in too many cases audio (and more) of his/her activities.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)