SirenJack Attack Lets Hackers Take Control Over Emergency Alert Sirens

[Faybert]

Content source

https://www.bleepingcomputer.com/news/security/sirenjack-attack-lets-hackers-take-control-over-emergency-alert-sirens/

Hackers can easily spoof and hijack communications targeting sirens part of emergency alert systems to trigger false alerts and cause panic among a local population.

Attackers can achieve this by exploiting a newly discovered vulnerability in emergency alert systems manufactured by ATI Systems.
Such emergency alert systems are deployed at the One World Trade Center, Indian Point Energy Center nuclear power stations, UMass Amherst, and the West Point Military Academy.

SirenJack flaw impacts sirens' radio protocol

The vulnerability, discovered by Bastille security researcher Balint Seeber and nicknamed SirenJack, resides in the fact that the radio protocol used to control sirens in ATI Systems is not encrypted.

This unencrypted protocol allows a bad actor, which could be an individual, hacktivist, terrorist, or hostile nation-state, to find the radio frequency assigned to an emergency system, craft malicious activation messages, and set off the emergency system.
....
....

Patch available and ready to go
In a statement issued today, ATI says it developed a patch for the issue reported by the Bastille researcher.
"ATI has created a patch which adds additional security features to the command packets sent over the radio. This is currently being tested and will be rolled out shortly," ATI says.

The company added that these emergency alert systems are customized for each client and that each customer will have to reach out to the company for his own custom fix.
....
....