santiago silver - Fotolia

How does SirenJack put emergency warning systems at risk?

Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works.

Researchers at cybersecurity startup Bastille Networks Inc. found a vulnerability in emergency warning systems and developed a proof-of-concept attack called SirenJack. What is the vulnerability, and how does SirenJack exploit it?

Bastille researchers developed the SirenJack proof-of-concept attack to determine how a vulnerability that uses insecure radio protocol controls could exploit San Francisco's wireless emergency warning system, which was made by ATI. The commands that were sent to ATI system users for monthly transmission activation tests were observed in plain view; however, users weren't required to be authenticated, and all the unencrypted commands have been accepted since ATI was installed in San Francisco 14 years ago.

In order to conduct penetration testing of the emergency warning system, researchers used a software-defined radio and implemented the protocol via software on a personal laptop, as it is more flexible than implementing radio communication systems on hardware. Changes in software don't require updates or changes to hardware components.

To understand how signals were sent and received, the researchers wrote scripts, and then the radio activation transmissions were recorded and analyzed. This resulted in the researchers taking control of the siren and sending an audio message. The software the researchers used is unknown.

One concern is that hackers could write a script and send messages to trigger emergency alarms, thus falsely warning of pending disasters and dangers. As Bastille researchers note on the SirenJack research website, such false alarms can create both "widespread concern and increasing distrust in these systems."

The researchers also noted that all threat actors need to conduct this attack is "a $30 handheld radio and a computer." Many sources are available that can help threat actors build a kit of siren penetration and attack scripts. Bliley Technologies has a list of the 12 most popular software-defined radios, while Amazon and other retailers offer inexpensive products for radio amateurs.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in July 2018

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing