santiago silver - Fotolia
Researchers at cybersecurity startup Bastille Networks Inc. found a vulnerability in emergency warning systems and developed a proof-of-concept attack called SirenJack. What is the vulnerability, and how does SirenJack exploit it?
Bastille researchers developed the SirenJack proof-of-concept attack to determine how a vulnerability that uses insecure radio protocol controls could exploit San Francisco's wireless emergency warning system, which was made by ATI. The commands that were sent to ATI system users for monthly transmission activation tests were observed in plain view; however, users weren't required to be authenticated, and all the unencrypted commands have been accepted since ATI was installed in San Francisco 14 years ago.
In order to conduct penetration testing of the emergency warning system, researchers used a software-defined radio and implemented the protocol via software on a personal laptop, as it is more flexible than implementing radio communication systems on hardware. Changes in software don't require updates or changes to hardware components.
To understand how signals were sent and received, the researchers wrote scripts, and then the radio activation transmissions were recorded and analyzed. This resulted in the researchers taking control of the siren and sending an audio message. The software the researchers used is unknown.
One concern is that hackers could write a script and send messages to trigger emergency alarms, thus falsely warning of pending disasters and dangers. As Bastille researchers note on the SirenJack research website, such false alarms can create both "widespread concern and increasing distrust in these systems."
The researchers also noted that all threat actors need to conduct this attack is "a $30 handheld radio and a computer." Many sources are available that can help threat actors build a kit of siren penetration and attack scripts. Bliley Technologies has a list of the 12 most popular software-defined radios, while Amazon and other retailers offer inexpensive products for radio amateurs.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Data security strategies and governance
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading