A hacker managed to gain control of the city’s Outdoor Warning Siren System and triggered it causing all 156 sirens across the city to suddenly sound the alarm, leading to widespread panic and confusion.
First Published 13th April 2017
"Now hear this!"
4 min read | Reflare Research Team
The city of Dallas (TX) possesses a city-wide Outdoor Warning Siren System. Such systems are used by local governments to immediately inform citizens of impending dangers. In Dallas’ case, the sirens seem to be most commonly used to alert people of incoming tornadoes.
Late last Friday night local time, all sirens across the city suddenly sounded the alarm, leading to widespread panic and confusion. However no emergency was at hand. Instead, someone had hijacked the warning system and set it off as what can only be described as a prank.
Attack analysis
The city of Dallas has made little information available regarding the technical specifications of its alarm system or the attack. What is known is that a total of 156 sirens were installed in 2007 by a company called Federal Signal Corp and appear to be controlled via a radio signal rather than a wired connection.
Radio signals in this case mean any form of electromagnetic wave modulation including classic AM/FM radio, flight control radio, ham radio, and the myriad of signals sent by remote garage door openers, RC car controllers, remote factory sensors and countless others. While individual implementations differ, information is transmitted via radio waves using a small number of methods; most commonly frequency modulation, amplitude modulation and on-off-keying.
While newer systems have started to use encryption to protect against unauthorized transmissions, most older systems relied on the belief that attackers don’t have access to sophisticated signal generating and sending equipment for security. In other words, most systems that are 10 or more years old simply send a set sequence of bits encoded with one of the major encoding schemes on a set frequency to trigger a reaction such as starting the warning siren.
“Software Defined Radio” equipment nowadays allows anyone to listen to and send arbitrary radio signals for less than $400, rendering these forms of protection-by-inaccessibility critically obsolete.
The city of Dallas has stated that the system was shut down following the attack and restarted “with encryption”. This implies that the system consisted of some sort of computer performing the actual decoding of the radio signal in software. Systems built entirely in hardware would require a much longer timeframe to upgrade in this manner.
A search of the FCC filing database lists a number of systems developed by Federal Signal Corporation that may match such parameters. All of the filings are heavily classified however, making it impossible for an outside party to accurately assess which system was affected and how the problem was fixed.
Outlook
While the Dallas Outdoor Warning Siren System attack was an extreme case, insecure radio control systems are incredibly common. Most automatic garage doors, older remote car keys, remote sensors, RC equipment - for hobby and factory use - and radio-based warning systems don’t present any strong deterrent to a reasonably skilled attacker. It is more likely than unlikely that similar attacks against public warning infrastructure would succeed anywhere they are tried.
We currently do not see any indicator of an impending wave of similar attacks. The possibility for performing such attacks on a small budget has existed for at least half a decade. Nonetheless, we advise organizations to review the radio signal-based systems utilized in offices and factories to ensure that they do not allow attackers unnecessarily easy access.