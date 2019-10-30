An amateur radio rig exposed to the internet and discovered by a security researcher was collecting real-time of medical data and health information broadcast by hospitals and ambulances across U.K. towns and cities.

The rig, operated out of a house in North London, was picking up radio waves from over the air and translating them into readable text. The hobbyist's computer display was filling up with messages about real-time medical emergencies from across the region. For some reason, the hobbyist had set up an internet-connected webcam pointed at the display. But because there was no password on the webcam, anyone who knew where to look could also see what was on the rig's computer display.

Daley Borda, a security researcher and bug bounty hunter, was at home in Florida when he stumbled upon the exposed webcam. The live stream was grainy, and the quality of the images so poor that it was just possible to make out the text on the display.

"You can see details of calls coming in — their name, address, and injury," he told TechCrunch.

TechCrunch verified his findings. Messages spilling across the screen appeared to direct nearby ambulances where to go following calls to the 999 emergency services.

One message said a 98-year-old man had fallen at his home address. A few moments later, another message said 49-year-old male was complaining of chest pains at a nearby residence. One after the other, messages were flooding in, describing accidents, incidents, medical emergencies, often including their home addresses.

Several screenshots of the amateur radio decoding software, revealing unencrypted pager messages from nearby NHS trusts. (Image: TechCrunch)

Borda spends much of his time scouring the internet for things that shouldn't be online. He looks for exposed databases and devices and, like most other security researchers, privately reports them to their owners. If he's lucky, the owner takes action. Better yet, they pay out a bug bounty for his efforts.

But he could not figure out who the rig belonged to. TechCrunch contacted the hobbyist's internet provider to warn of the data exposure.

"Last night we contacted the customer to make them aware that there was a live webcam broadcasting on the open web from their household," said a spokesperson from the internet provider. "The customer was unaware of the nature of the information being shown so has said that they will stop the feed on that particular camera."

The hobbyist was picking up and decoding pager communications from a nearby regional National Health Service trust.

"With some cheap, relatively basic, software it is possible for hobbyists to access these frequencies and decode the information being sent, which appears is what has occurred here," the spokesperson said.

Old but reliable

Pagers — or beepers — may be a relic of the past, but remain a fixture in U.K. hospitals.

These traditionally one-way communication devices allow anyone to send messages to one or many pagers at once by calling a dedicated phone number, often manned by an operator, which are then broadcast as radio waves over the pager network. But pagers still offer benefits where newer technologies, like cell phones, fall down. Because they work a low frequency, pager radio waves are able to travel further and deeper inside large buildings — particularly hospitals — which have thickened walls to protect others from X-rays and other radiation. Pagers also work across long distances, including in cell service dead-spots.

But few were thinking about message security when pager use was at its peak.

"They aren't secure," Andy Keck, an electronics and amateur radio hobbyist, told TechCrunch. Keck said messages sent over the pager network are encoded when they are converted into a burst of radio waves and broadcast over the air.