How does SirenJack put emergency warning systems at risk?


Problem solve
Get help with specific problems with your technologies, process and projects.

Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco’s emergency warning system at risk. Judith Myerson explains how it works.

Researchers at cybersecurity startup Bastille Networks Inc. found a vulnerability in emergency warning systems…


* remove unnecessary class from ul
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

* Replace “errorMessageInput” class with “sign-up-error-msg” class
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {

* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
return validateReturn;

* DoC pop-up window js – included in moScripts.js which is not included in responsive page
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {, “Consent”, “width=500,height=600,scrollbars=1”);

and developed a proof-of-concept attack called SirenJack. What is the vulnerability, and how does SirenJack exploit it?

Bastille researchers developed the SirenJack proof-of-concept attack to determine how a vulnerability that uses insecure radio protocol controls could exploit San Francisco’s wireless emergency warning system, which was made by ATI. The commands that were sent to ATI system users for monthly transmission activation tests were observed in plain view; however, users weren’t required to be authenticated, and all the unencrypted commands have been accepted since ATI was installed in San Francisco 14 years ago.

In order to conduct penetration testing of the emergency warning system, researchers used a software-defined radio and implemented the protocol via software on a personal laptop, as it is more flexible than implementing radio communication systems on hardware. Changes in software don’t require updates or changes to hardware components.

To understand how signals were sent and received, the researchers wrote scripts, and then the radio activation transmissions were recorded and analyzed. This resulted in the researchers taking control of the siren and sending an audio message. The software the researchers used is unknown.

One concern is that hackers could write a script and send messages to trigger emergency alarms, thus falsely warning of pending disasters and dangers. As Bastille researchers note on the SirenJack research website, such false alarms can create both “widespread concern and increasing distrust in these systems.”

The researchers also noted that all threat actors need to conduct this attack is “a $30 handheld radio and a computer.” Many sources are available that can help threat actors build a kit of siren penetration and attack scripts. Bliley Technologies has a list of the 12 most popular software-defined radios, while Amazon and other retailers offer inexpensive products for radio amateurs.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Dig Deeper on Data security strategies and governance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Source link


About the author


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Gadget Greed