Hackers Take Control Over Emergency Alert Sirens by using SirenJack Vulnerability

Security researchers recently discovered alarm systems used by many cities or special organizations in the world. There is a remote vulnerability named “SirenJack.” The vulnerability, discovered by Bastille security researcher Balint Seeber. Hackers can remotely infiltrate the alert system produced by ATI. The researchers have reported the vulnerability to the company, but it takes 90 days to release the system update patch. At present, ATI has not issued any statement but said that it will fix the flaws in the alarm system as soon as possible.

By Federal Communications Commission (FCC EAS 2007 TV Handbook) [Public domain or Public domain], via Wikimedia Commons

The SirenJack flaw is the use of wireless control signals from ATI’s alarm control equipment. In 2016, the company discovered that Los Angeles’ alarm system would test every Tuesday afternoon and capture wireless control signals during the test. Researcher Balint Seeber discovered that these wireless signals are not only sent through the local wireless base station, but they are not encrypted! Therefore, it is easy to intercept and copy signals on the way, and then you can control the alarm system of the entire city as you like. If hackers really want to do this, they only need a laptop and a handheld wireless device.

In addition to the Los Angeles City Alarm System, ATI’s alarm system is also used in the World Trade Center, New York’s nuclear power plants, and West Point Military Academy. These sites and agencies all need to install an alarm system. In the event of large-scale public safety incidents, problems arise in the alarm system, which will bring even greater harm.

Source: eweek