April 12, 2018

Flaw in Emergency Alert Systems Could Allow Hackers to Trigger

To perform the SirenJack attack, a hacker needs to be in the radio range and identify the radio frequency used by the targeted siren in order to send a specially crafted message.
"Once the frequency was found, analysis of the radio protocol quickly showed that commands were not encrypted and therefore vulnerable to forgery, rendering the system susceptible to malicious activations," Seeber explains.
Researcher finds that Outdoor Public Warning System implemented within the City of San Francisco, designed to alert residents and visitors of about possible danger, has more than 100 warning sirens that malicious hackers can exploit to cause widespread panic and annoyance across the city.
Seeber responsibly disclosed this issue to ATI Systems 90 days ago (on January 8). ATI Systems says the patch is being tested and will shortly be made
available to fix its systems implemented in the City of San Francisco.
However, ATI Systems noted that installing the patch is not easy since many of its products are designed depending upon specific needs of each of its customers.

Therefore, customers are advised to contact ATI Systems to determine if they have a vulnerable configuration and/or flawed version of the system, and then take the appropriate steps suggested to remediate the issue.
Bastille researchers also encourage other siren manufacturers to "investigate their own systems to patch and fix this type of vulnerability," in case they find it.
Share This
Previous Post
Next Post

This Post was publish by the above Author