It's been a year since someone hackeara all the 156 sirens ofemergency tornado of Dallas, shutting them in the middle ofthe night, and the image of emergency systems security ofairports of the cities is increasingly ugly.
From 2015, Balint Seeber-Bastille-security researcher is testingthe emergency system of San Francisco, which displays a testalert ("this is a test. This is a test of the emergency alertsystem. This is only a test ")) every Tuesday at noon. Now, heannounced that he broke.
Seeber used a software defined radio to monitor possiblebroadcasts to the PA speakers. He struggled to identify thecontrol messages and gave up, but after the hack of Dallas,he renewed your interest. A thorough examination of apicture of one of the speakers revealed your yagi antenna,from which he was able to derive the control frequencies;With this information, he was able to reverse engineer theprotocol used to send messages to the PAs to transmission.
The protocols do not contain authentication or encryption,which means that anyone can make any or all of the towerstransmit any audio file in terrifying volumes.
Seeber disclosed the vulnerability to ATI Systems, the Bostoncompany that supplies the PA systems in many cities,including San Francisco, Wichita and a third undisclosed city,which if found to be vulnerable to attack by Seeber.
ATI claims that the research that revealed the flaws in theirproducts is illegal, and that discussing these defects is alsoillegal, but admits that its products are defective, whileminimize the importance, claiming that it would be verydifficult to replicate the attack to Seeber. The attack used aradio device Seeber $ $35 and free software/open source.
Seeber says that these defects cannot be easily corrected,since each speaker needs to be physically updated;However, he says that the speakers of ATI in San Franciscoare using increasingly encrypted messages to communicate,suggesting that ATI is slowly updating its products.
Seeber believes that ATI's products aren't the only defectiveofferings on the market and suggests that cities that buytheir own emergency PA systems must obtain guaranteesfrom suppliers that the system uses encryption andauthentication for check the messages.