Security experts at Bastille have devised a new technique, dubbed SirenJack to remotely hack emergency warning systems.
Emergency warning systems are used worldwide to alert the public of emergency situations like natural disasters and strikes.
“False alarms cause widespread concern and increasing distrust in these systems, particularly as seen in 2017 after the Dallas Siren incident that set off over 150 tornado warning sirens citywide for more than 90 minutes.” reads the website published by experts.
“SirenJack is a vulnerability found in ATI Systems’ emergency alert systems that can be exploited via radio frequencies (RF) to activate sirens and trigger false alarms. The radio protocol used to control the sirens is not secure (activation commands are sent ‘in the clear’ – no encryption is used).” continues the Bastille.
Ill-intentioned could trigger false alarms to cause panic and chaos among the population.
Researchers say they have discovered a new attack method that allows hackers to remotely trigger sirens. The SirenJack method leverages a vulnerability that resides in emergency alert systems made by ATI Systems.
These systems are widely adopted, it is quite easy to find them in military facilities and industrial plants.
The issue is related to the implementation of unsecured radio protocol controls.
The researcher Balint Seeber started its analysis back in 2016, he focused its researcher on San Francisco’s outdoor public warning systems.
The warning systems had been using RF communications, the experts discovered that was possible to issue commands without encryption, allowing a man-in-the-middle attacker to forge them.
It was a joke for attackers to identify the radio frequency used by the targeted siren and send issue a specially crafted message that triggers an alarm.
“A single warning siren false alarm has the potential to cause widespread panic and endanger lives,” explained Chris Risley, CEO of Bastille Networks. “Bastille informed ATI and San Francisco of the vulnerability 90 days ago, to give them time to put a patch in place. We’re now disclosing SirenJack publicly to allow ATI Systems’ users to determine if their system has the SirenJack vulnerability. We also hope that other siren vendors investigate their own systems to patch and fix this type of vulnerability.”
ATI Systems has been made aware of the vulnerability and it has created a patch that adds an additional layer of security to the packets sent over the radio. The company says the patch is being tested and will be made available shortly, but noted that installing it is not an easy task considering that many of its products are designed for each customer’s specific needs.
ATI Systems tried to downplay the severity of the discovery, the company explained that it is necessary a lot of time in order to be able to replicate the attack devised by the researchers.
Even if the modern warning systems use a new protocol, ATI Systems admitted that the attack could work against system still in use in cities like San Francisco.
The experts set up a dedicated website that also includes a video PoC of the attack.
Bastille researchers already devised other attack techniques in the past, they demonstrated how to remotely target, wireless keyboards with the KeySniffer technique, Wireless mouse/keyboard dongles with MouseJack attacks and home networks with the CableTap technique.
(Security Affairs – SirenJack, hacking)