“SirenJack is a vulnerability found in ATI Systems’ emergency alert systems that can be exploited via radio frequencies (RF) to activate sirens and trigger false alarms.”
Security experts at Bastille have devised a new technique, dubbed SirenJack to remotely hack emergency warning systems.
Emergency warning systems are used worldwide to alert the public of emergency situations like natural disasters and strikes.
“False alarms cause widespread concern and increasing distrust in these systems, particularly as seen in 2017 after the Dallas Siren incident that set off over 150 tornado warning sirens citywide for more than 90 minutes.” reads the website published by experts.
“SirenJack is a vulnerability found in ATI Systems’ emergency alert systems that can be exploited via radio frequencies (RF) to activate sirens and trigger false alarms. The radio protocol used to control the sirens is not secure (activation commands are sent ‘in the clear’ – no encryption is used).” continues the Bastille.
Ill-intentioned could trigger false alarms to cause panic and chaos among the population.
Researchers say they have discovered a new attack method that allows hackers to remotely trigger sirens. The SirenJack method leverages a vulnerability that resides in emergency alert systems made by ATI Systems.
These systems are widely adopted, it is quite easy to find them in military facilities and industrial plants.
The issue is related to the implementation of unsecured radio protocol controls.
The researcher Balint Seeber started its analysis back in 2016, he focused its researcher on San Francisco’s outdoor public warning systems.
The warning systems had been using RF communications, the experts discovered that was possible to issue commands without encryption, allowing a man-in-the-middle attacker to forge them.
It was a joke for attackers to identify the radio frequency used by the targeted siren and send issue a specially crafted message that triggers an alarm.
“A single warning siren false alarm has the potential to cause widespread panic and endanger lives,” explained Chris Risley, CEO of Bastille Networks. “Bastille informed ATI and San Francisco of the vulnerability 90 days ago, to give them time to put a patch in place. We’re now disclosing SirenJack publicly to allow ATI Systems’ users to determine if their system has the SirenJack vulnerability. We also hope that other siren vendors investigate their own systems to patch and fix this type of vulnerability.”
ATI Systems has been made aware of the vulnerability and it has created a patch that adds an additional layer of security to the packets sent over the radio. The company says the patch is being tested and will be made available shortly, but noted that installing it is not an easy task considering that many of its products are designed for each customer’s specific needs.
ATI Systems tried to downplay the severity of the discovery, the company explained that it is necessary a lot of time in order to be able to replicate the attack devised by the researchers.
Even if the modern warning systems use a new protocol, ATI Systems admitted that the attack could work against system still in use in cities like San Francisco.
The experts set up a dedicated website that also includes a video PoC of the attack.
Bastille researchers already devised other attack techniques in the past, they demonstrated how to remotely target, wireless keyboards with the KeySniffer technique, Wireless mouse/keyboard dongles with MouseJack attacks and home networks with the CableTap technique.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.