santiago silver - Fotolia
Researchers at cybersecurity startup Bastille Networks Inc. found a vulnerability in emergency warning systems and developed a proof-of-concept attack called SirenJack. What is the vulnerability, and how does SirenJack exploit it?
Bastille researchers developed the SirenJack proof-of-concept attack to determine how a vulnerability that uses insecure radio protocol controls could exploit San Francisco's wireless emergency warning system, which was made by ATI. The commands that were sent to ATI system users for monthly transmission activation tests were observed in plain view; however, users weren't required to be authenticated, and all the unencrypted commands have been accepted since ATI was installed in San Francisco 14 years ago.
In order to conduct penetration testing of the emergency warning system, researchers used a software-defined radio and implemented the protocol via software on a personal laptop, as it is more flexible than implementing radio communication systems on hardware. Changes in software don't require updates or changes to hardware components.
To understand how signals were sent and received, the researchers wrote scripts, and then the radio activation transmissions were recorded and analyzed. This resulted in the researchers taking control of the siren and sending an audio message. The software the researchers used is unknown.
One concern is that hackers could write a script and send messages to trigger emergency alarms, thus falsely warning of pending disasters and dangers. As Bastille researchers note on the SirenJack research website, such false alarms can create both "widespread concern and increasing distrust in these systems."
The researchers also noted that all threat actors need to conduct this attack is "a $30 handheld radio and a computer." Many sources are available that can help threat actors build a kit of siren penetration and attack scripts. Bliley Technologies has a list of the 12 most popular software-defined radios, while Amazon and other retailers offer inexpensive products for radio amateurs.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Data security strategies and governance
Related Q&A from Judith Myerson
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.