Want to terrify a city with an emergency broadcast? All you need is a laptop and $30
Bug allows hijack of city, army and nuclear warning systems
Researchers have uncovered a remote hijacking vulnerability present in the systems many cities and organizations are using to manage emergency sirens and alerts.
Dubbed SirenJack, the vulnerability would allow an attacker to remotely activate emergency alert systems manufactured by a company called ATI Systems. Bastille said it privately contacted ATI about the flaw and allowed the company a 90-day period to patch the flaw before disclosing.
ATI did not have a statement on the matter at the time of publication. The company has said it is working on a patch for the flaw and has said it is on standby to help cities concerned over the vulnerability.
Radio hackers set off Dallas emergency sirens at midnight as a prankREAD MORE
Bastille says the SirenJack flaw was actually an exploit of the way ATI transmits signals from its control stations to the sirens themselves. A Bastille researcher who was in San Francisco back in 2016 noticed that the city's emergency sirens, tested every Tuesday at noon, did not have wired connections to a data feed.
After some digging, Bastille's director of security research Balint Seeber found that not only do the sirens get their orders via radio transmissions, but the signals were also being sent over an unencrypted channel.
From there, Bastille researchers were able to devise a way to intercept those signals and replicate the emergency alert signal, effectively letting them activate the alarm sirens whenever they want. Bastille estimates that, in the wild, a hacker would be able to set off the alarms with little more than a PC and about $30 worth of handheld radio equipment.
In addition to San Francisco, ATI's hardware is believed to be used by authorities at One World Trade Center, Indian Point nuclear power station in NY, and West Point Military Academy.
"During emergencies, cell tower-based public alert systems have been shown to fail. Many citizens have ‘cut the cord’ and cannot be contacted via a reverse 911-phone system. Consequently, warning sirens play a crucial role as they are the only truly reliable method to alert a population en-mass of a public safety event," Seeber says of the flaw.
"The SirenJack vulnerability underscores the need to make emergency alert systems stronger than ever, as hackers are constantly probing critical infrastructure, especially those using insecure RF-based protocols, to infiltrate and carry out potential attacks." ®