[EAS] Dallas warning sirens hacked - maybe
Sean Donelan
sean at donelan.com
Mon Apr 10 19:04:55 CDT 2017
On Sun, 9 Apr 2017, Adrienne Abbott wrote:
> ...which brings up the question of whether they ever changed the default
> password...
It looks like Adrienne is the closest, the "Read the F-ing Manual" (RTFM)
problem.
The City of Dallas still won't officially say what happened. But Dallas
reporters have done a great job at finding out most of the details.
It was not a computer or software hack. It was a radio repeater hijack,
using simple "tone" control of the outdoor warning sirens. Its not clear
which specific tone control -- i.e. DTMF, single tone, etc? -- was being
used. It also turns out the same issue has happened in other cities. The
system vendor already has a fix ready -- if cities ask.
Dallas has 10-year old siren controllers, which are backward compatible
with simple tone-controlled systems. The siren controllers had better
radio signal security, but not used. The 10-year old installation contract
didn't specify using more advanced (advanced 10-years ago) signalling,
i.e. RTFM.
Anyone can buy used Federal Signal siren controllers and radios on eBay.
Even if cities can't afford newer systems, cities using radio controlled
outdoor warning sirens should RTFM, and use the radio security options
in their existing systems.
Although Dallas didn't implement the radio security options, the person
taking advantage of the configuration vulnerability is still a criminal.
More information about the EAS
mailing list