[EAS] Dallas warning sirens hacked - maybe

[Sean Donelan]

On Tue, 11 Apr 2017, Alan Alsobrook wrote:
> On 4/11/2017 12:00 AM, Botterell, Arthur at CalOES wrote:
>> I'd love to know how they added "encryption" to all 150+ sirens overnight.
>
> They likely pulled cache radios on their encrypted radio system to use as the 
> site receivers.
> Of course the only problem with that is P25 Digital radio's have a hard time 
> sending a clean tone. So any audio signaling may not be reliable or work.

I found a copy of the 2007 proposal to update the Dallas outdoor warning 
system on the Internet Wayback Machine site. The equipment included 
security options in the 2007 proposal; but the statement of work required 
backwards compability with the previous siren system. I'm guessing for
backwards compatible, they (installer, city, ???) didn't enable the 
"advanced" security options.

Some theories why Dallas was able to fix it so quickly?

As part of the 2007 upgrade, Dallas may have already installed trunked 
radios which could do "encryption." It could change the talk groups for 
the trunking configuration on the existing radios without needing to visit 
each siren site.

Also as part of the 2007 upgrade, a feature of the siren controller hub is 
pushing configuration updates to all the remote units. The central hub 
could have pushed a configuration to enable "encryption" on all 156 siren 
RTUs, again without needing to visit each siren site.

Or a third option, the reporters and officials are confused by the 
technical language, e.g. encryption vs. PL tone/DPL code on the repeater. 
Its as if vendors deliberately create confusing names for features.
Dallas may have done something completely different.

Until Dallas OEM publically says what they found and fixed, its just 
speculation. Other cities may have the same vulnerabilities, but 
don't know for certain, until Dallas shares their findings.