SirenJack Attack Lets Hackers Take Control Over Emergency Alert Sirens

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/sirenjack-attack-lets-hackers-take-control-over-emergency-alert-sirens/
Hackers can easily spoof and hijack communications targeting sirens part of emergency alert systems to trigger false alerts and cause panic among a local population.

Attackers can achieve this by exploiting a newly discovered vulnerability in emergency alert systems manufactured by ATI Systems.
Such emergency alert systems are deployed at the One World Trade Center, Indian Point Energy Center nuclear power stations, UMass Amherst, and the West Point Military Academy.

SirenJack flaw impacts sirens' radio protocol

The vulnerability, discovered by Bastille security researcher Balint Seeber and nicknamed SirenJack, resides in the fact that the radio protocol used to control sirens in ATI Systems is not encrypted.

This unencrypted protocol allows a bad actor, which could be an individual, hacktivist, terrorist, or hostile nation-state, to find the radio frequency assigned to an emergency system, craft malicious activation messages, and set off the emergency system.
....
....
Click to expand...
Patch available and ready to go
In a statement issued today, ATI says it developed a patch for the issue reported by the Bastille researcher.
"ATI has created a patch which adds additional security features to the command packets sent over the radio. This is currently being tested and will be rolled out shortly," ATI says.

The company added that these emergency alert systems are customized for each client and that each customer will have to reach out to the company for his own custom fix.
....
....
Click to expand...
 
  • Like
Reactions: upnorth, frogboy, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

lokamoka820
    • +Reputation
    • Like
Security News Google Chrome Hit by Yet Another Zero-Day Exploit, Update Now
Replies
7
Views
3,140
Security News
Divine_Barakah
Divine_Barakah
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows driver zero-day exploited by Lazarus hackers to install rootkit (patched August 2024)
Replies
0
Views
1,584
Security News
Gandalf_The_Grey
Gandalf_The_Grey
lokamoka820
    • Like
    • +Reputation
Security News Microsoft Office Apps Provide a New Path for Hackers
Replies
0
Views
2,137
Security News
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top