Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Alert Systems Used Across the US Can Be Easily Hijacked (helpnetsecurity.com)

Posted by msmash on from the things-falling-apart dept.

A vulnerability affecting emergency alert systems supplied by ATI Systems, one of the leading suppliers of warning sirens in the USA, could be exploited remotely via radio frequencies to activate all the sirens and trigger false alarms. From a report: "We first found the vulnerability in San Francisco, and confirmed it in two other US locations including Sedgwick County, Wichita, Kansas," Balint Seeber, Director of Threat Research at Bastille, told Help Net Security. "Although we have not visited other locations to confirm the presence of the vulnerability, ATI Systems has customers in the US and overseas from the military, local government, educational and energy sectors.

"ATI features customers on its website around the US including One World Trade Center, WestPoint Military Academy and Entergy Nuclear Indian Point which are all in New York State, UMASS Amherst in Massachusetts, Eastern Arizona College, University of South Carolina and Eglin Air Force Base in Florida, amongst others." The vulnerability stems from the fact that the radio protocol used to control the sirens is not secure: activation commands are sent "in the clear," i.e. no encryption is used.

5 of 44 comments (clear)

  1. Not news. They were meant to be easy to activate. by Narcocide · · Score: 3, Informative

    Nobody expected a proliferation of asshats would cause to be called into question the priorities of making emergency alert systems easily accessible.

  2. Cant be any worse by nimbius · · Score: 2

    than the 4:15 AM informal alarm clock I get from every random kid that goes missing for more than 10 minutes in a wal-mart parking lot. Seriously. I'm a sysadmin, not Harvey Dent. The only time I see the Batman is when I summon him with the Netflix logo.

    --
    Good people go to bed earlier.
    1. Re:Cant be any worse by SeaFox · · Score: 4, Informative

      Double-check the settings on your phone's alert app. I actually found a place to customize (and disable) those Amber alerts.

    2. Re:Cant be any worse by apoc.famine · · Score: 3, Insightful

      Why on earth do you have amber alerts enabled on your phone then? Turn them off!

      I don't understand why anyone volunteers to be interrupted at random times for something that doesn't impact them and which they can't do anything about. Other than text and email notifications, all notifications on my phone are off. Audio and visual. If I want to check something, I check it. If I don't want to check it, it is not allowed to badger me and try to steal my attention from what I'm doing. And that especially applies to sleeping.

      --
      Velociraptor = Distiraptor / Timeraptor
  3. Re:Not news. They were meant to be easy to activat by adolf · · Score: 2

    I've worked with these types of systems.

    Authentication isn't really a thing for them, generally: They follow the same KISS ideas as things like SMTP.

    The simplest of these systems (outdoor warning sirens) work with simple tone sequences or, if really fancy, DTMF... all in the clear with normal frequency modulation on a published radio frequency.

    --
    Kid-proof tablet..