santiago silver - Fotolia
Researchers at cybersecurity startup Bastille Networks Inc. found a vulnerability in emergency warning systems and developed a proof-of-concept attack called SirenJack. What is the vulnerability, and how does SirenJack exploit it?
Bastille researchers developed the SirenJack proof-of-concept attack to determine how a vulnerability that uses insecure radio protocol controls could exploit San Francisco's wireless emergency warning system, which was made by ATI. The commands that were sent to ATI system users for monthly transmission activation tests were observed in plain view; however, users weren't required to be authenticated, and all the unencrypted commands have been accepted since ATI was installed in San Francisco 14 years ago.
In order to conduct penetration testing of the emergency warning system, researchers used a software-defined radio and implemented the protocol via software on a personal laptop, as it is more flexible than implementing radio communication systems on hardware. Changes in software don't require updates or changes to hardware components.
To understand how signals were sent and received, the researchers wrote scripts, and then the radio activation transmissions were recorded and analyzed. This resulted in the researchers taking control of the siren and sending an audio message. The software the researchers used is unknown.
One concern is that hackers could write a script and send messages to trigger emergency alarms, thus falsely warning of pending disasters and dangers. As Bastille researchers note on the SirenJack research website, such false alarms can create both "widespread concern and increasing distrust in these systems."
The researchers also noted that all threat actors need to conduct this attack is "a $30 handheld radio and a computer." Many sources are available that can help threat actors build a kit of siren penetration and attack scripts. Bliley Technologies has a list of the 12 most popular software-defined radios, while Amazon and other retailers offer inexpensive products for radio amateurs.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Data security strategies and governance
Related Q&A from Judith Myerson
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works ... Continue Reading
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it ... Continue Reading
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.