A vulnerability affecting emergency alert techniques provided through ATI Systems, one in all the main providers of caution sirens in the USA, might be exploited remotely via radio frequencies to activate all the sirens and trigger false alarms. From a record: “We first found the vulnerability in San Francisco, and confirmed it in two other US locations including Sedgwick County, Wichita, Kansas,” Balint Seeber, Director of Threat Research at Bastille, instructed Help Net Security. “Although we now have now not visited different places to substantiate the presence of the vulnerability, ATI Systems has shoppers in the US and in a foreign country from the army, native govt, instructional and effort sectors.
“ATI options shoppers on its website online round the US together with One World Trade Center, WestPoint Military Academy and Entergy Nuclear Indian Point which can be all in New York State, UMASS Amherst in Massachusetts, Eastern Arizona College, University of South Carolina and Eglin Air Force Base in Florida, among others.” The vulnerability stems from the fact that the radio protocol used to control the sirens is not secure: activation commands are sent “in the transparent,” i.e. no encryption is used.