The Latest

THE LATEST

THE LATEST THINKING

THE LATEST THINKING

The opinions of THE LATEST’s guest contributors are their own.

"White Hat" Hacker Balint Seeber Strikes Again

Jeff Hall

Posted on April 11, 2018 10:05

2 users

Director of Vulnerability Research at Bastille Networks figures out how our emergency sirens can be hacked with a laptop and a $30 radio.

You might recall that, back in April of 2017, emergency sirens all across Dallas started going off. 

Shortly after the Dallas incident, Balint Seeber of Bastille Networks, a "white hat" hacking outfit, explained to THE LATEST how such a thing could happen. 

That story, "The Emergency Siren Hack in Dallas: Get Ready for More", appeared here at TheLatest.com back in April of 2017.

In January of 2018, big speakers across Oahu announced an impending air raid, with the frightening message, "this is not a drill."

This turned out to be human error, and not the result of a hack.  But we saw how quickly chaos could spread when the sirens go off.

Balint Seeber of Bastille Networks is a "white hat hacker." 

White hat hackers are the good guys, looking for ways to identify vulnerabilities – and then working with organizations to fix the issue. 

Balint Seeber of Bastille Networks -- a white hat hacker.

Radio signals offer a prime target for bad guys. We live in a wireless world, with signals "in the air" -- everywhere.

Seeber has been studying siren systems for two years now, trying to figure out how they could be hacked. 

His goal is to inform those in charge that they have an issue that needs to be addressed. 

In the case of sirens, malicious hackers could, according to Seeber, commandeer the sirens from miles away, using a laptop and a $30 radio. 

The wrong message coming from the bad guys could touch off a panic.

Bastille always gives vendors whose vulnerabilities have been identified 90 days to come up with a patch before Bastille makes any public announcements. 

Bastille works with the Department of Homeland Security and large companies in an effort to protect data, an obviously sensitive topic these days.

The City of San Francisco, and its siren system supplier, ATI, have worked to patch the vulnerability that was identified by Bastille. 

Seeber said he hasn't heard back directly, but added he is "optimistic" the City of San Francisco and ATI are upgrading their siren systems.

Other cities could be facing the same issue, noted Seeber.

Bastille's announcement of its discovery received considerable press attention yesterday.  Wired, ZDNet and CBS carried the story.

In 2016, Bastille garnered similar attention for revealing the possibility of "mouse jacking," in which a bad buy with very basic equipment could tap into the wireless connection between your laptop and your wireless mouse.

Bastille is calling its new discovery SirenJack."

 

 

So if you know someone who works with radio-enabled products – especially common in IoT (“The Internet of Things”), be sure to forward this article to that person.

And if you are the IT person receiving this article, please note: If Balint Seeber reaches out to you, we suggest you get back to him. 

Not only is the 90-day clock ticking; your fellow citizens are depending on you to get cracking so we can avoid preventable nasty situations.

 

Jeff Hall

Posted on April 11, 2018 10:05

Comments

comments powered by Disqus
Source: Latest news
1

San Francisco -- and other cities and campuses -- had hackable radio-controlled sirens.

THE LATEST THINKING

Video Site Tour

The Latest
The Latest

Subscribe to THE LATEST Newsletter.

The Latest
The Latest

Share this TLT through...

The Latest