[BreachExchange] Lack of Encryption Causes Dallas Emergency Siren Hack

[Inga Goddijn]

http://www.campussafetymagazine.com/article/lack_of_encryption_causes_dallas_emergency_siren_hack

Dallas city officials confirmed on Monday that a lack of encryption of the
signal transmitted to 156 warning sirens led to the hack that kept Dallas
residents awake late Friday and early Saturday.

City spokesperson Sana Syed told ABC affiliate WFAA-TV
<http://www.wfaa.com/news/local/dallas-county/city-manager-dallas-siren-hack-a-radio-issue/430175138>
that city personnel had not set the system to use an encrypted signal
before the sirens were activated. The sirens triggered intermittent false
alarms for about an hour and a half until officials deactivated the system
early Saturday morning.

All of the 156 sirens Dallas uses to alert residents to take shelter from
inclement weather went off starting at 11:42 p.m. Friday. City officials
first attributed the incident a “system malfunction.”

The sirens went through about 15 cycles of a 90-second siren activation,
Rocky Vaz, who heads the city’s Office of Emergency Management, said at a
news conference.

“We shut it down as quickly as we could, taking into consideration all of
the precautions and protocols we had to take to make sure that we were not
compromising our 156-siren system,” he said.

Dallas City Manager T.C. Broadnax told reporters Monday the hack was
accessed through the use of radio frequencies, and not remotely through
computer software.

“The issue was with how we transmitted our information, and we’ve worked to
close those gaps,” Broadnax said. “The issue was with how we transmitted
our information and we’ve worked to close those gaps.”

On Monday, the Dallas office of emergency management said in a YouTube
<https://youtu.be/3tdHKqcYzD0> video that the system was fully operational.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170413/6736ac4f/attachment.html>