Security researchers noted that sirens are vulnerable to be easily jacked by third parties

Sirens are widely used throughout the world to make emergency such as terrorism and direct evacuation route as well as natural disasters such as earthquakes and floods. However, if a false report or the like occurs, there is a possibility of causing a panic or leading to an increase in damage. According to security researchers, some sirens have vulnerabilities that allow hackers to operate easily remotely.

This Radio Hacker Could Hijack Emergency Sirens to Play Any Sound | WIRED
https://www.wired.com/story/this-radio-hacker-could-hijack-emergency-sirens-to-play-any-sound/

SirenJack: Hackers Can Remotely Trigger Warning Sirens | SecurityWeek.Com
https://www.securityweek.com/sirenjack-hackers-can-remotely-trigger-warning-sirens?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

I am conducting security research on software radioBastille NetworksAccording to Mr. Balinto Saver, this vulnerability isATI SystemsIt seems that it exists in a siren made by.

Mr. Seever, one day outdoor siren,high frequencyI noticed that it was working using radio waves, and analyzed radio waves. Then, the radio waves transmitted to siren are not subjected to any encryption, etc., and it seems that they were able to read the information of the command to issue an alarm, too. In other words, if an attacker knows only the radio frequency used by the siren and the command to generate the alarm, it is possible for the attacker to freely broadcast any broadcast using the siren.


Bastille Networks reported to vulnerability in January 2018 to San Francisco, which has introduced a number of sirens manufactured by ATI Systems and its company. After that, ATI Systems creates firmware that encrypts packets transmitted wirelessly as a vulnerability countermeasure. This firmware is in the testing stage at the time of writing the article and it is scheduled to be released shortly. In addition, San Francisco has already applied the same firmware before it is released, and we are testing it throughout the city.

According to ATI Systems, many of the systems are customized for each customer, and it seems that introducing firmware is not easy. However, it is explaining that sirens that are still in operation as of 2018 are being monitored by security companies, and even if they are abused, they can immediately block broadcasting.

ByMichael Pereckas

Also, the current product is encryptedprotocolIt is said that this problem does not occur because it is implemented. The alarm system of San Francisco reported vulnerability was introduced in 2004, and at the time it was clear that the introduction of a safe system assuming the use at a military base was difficult in terms of cost It is getting.

Chris Risley, CEO of Bstille Networks, says, "There is no guarantee of safety, because you are introducing an alarm system other than ATI Systems, you need to make sure that the communication is actually encrypted," I talk about it, because it is made by other companies, we abandon the idea of ​​safety and insist that we should investigate once.