A vulnerability affecting emergency alert systems throughout the United States, supplied by ATI Systems, could be exploited remotely via radio frequencies to activate emergency sirens and trigger false alarms.
According to security company Bastille, Emergency alert system sirens throughout the country are vulnerable to attack by hackers.
Bastille, said Tuesday that it had found a vulnerability in San Francisco’s emergency alert system that allows hackers to trigger the city’s sirens or even play malicious messages.
Balint Seeber, director of vulnerability research at Bastille said a hacker could easily broadcast his or her own voice as a public address through the alert system.
“We first found the vulnerability in San Francisco, and confirmed it in two other US locations including Sedgwick County, Wichita, Kansas.” Balint Seeber, Director of Threat Research at Bastille.
The Boston manufacturer, ATI Systems, said it had developed a patch that will be rolled out shortly and noted that such a hack “is not a trivially easy thing that just anyone can do.”
ATI’s siren systems are installed at military bases, nuclear and petroleum plants, universities and urban centers across the country. ATI’s website references siren systems installed in many other sensitive locations, including 1 World Trade Center in New York, the Indian Point nuclear power plant along the Hudson River, and campuses including UMass Amherst, Long Island University, and West Point.
“Although we have not visited other locations to confirm the presence of the vulnerability, ATI Systems has customers in the US and overseas from the military, local government, educational and energy sectors. ATI features customers on its website around the US including One World Trade Center, WestPoint Military Academy and Entergy Nuclear Indian Point which are all in New York State, UMASS Amherst in Massachusetts, Eastern Arizona College, University of South Carolina and Eglin Air Force Base in Florida, amongst others,” Balint Seeber, Director of Threat Research at Bastille.
In April 2017, hackers took over all 156 emergency alert sirens in Dallas, Texas and triggered them to go off multiple times over a weekend. Dallas Mayor Mike Rawlings described the incident as “an attack on our emergency notification system.”