City emergency sirens can be hacked to sound rogue messages

April 10, 2018

A security researcher has shown that San Francisco’s warning system can be used to play any message he wants.

The news: Balint Seeber, from security firm Bastille, spent the last two years decoding the radio signals that switch on the weekly test of San Francisco’s emergency warning system. Now, reports Wired, he’s worked out how to control the system himself, and he could inject any audio he wants to be played throughout the city.

Why it matters: Imagine the panic caused by a city warning system falsely announcing, say, a nuclear strike (something that, unfortunately, isn’t much of a stretch). Plus, the hack can be performed using a laptop and $35 worth of radio equipment, and Seeber says he knows two other cities (and potentially many more) that could have their speakers, made by a firm called ATI Systems, similarly compromised.

This story is only available to subscribers.

Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.

Already a subscriber?

You’ve read all your free stories.

MIT Technology Review provides an intelligent and independent filter for the flood of information about technology.

Already a subscriber?

Dumb smart cities: The attack is possible because, while individual data packets used to control the ATI warning systems may be encrypted, Seeber was still able to work out how to reproduce the overall control signals. As we’ve pointed out before, cybersecurity concerns often go neglected in the development of connected systems inside cities—and the upshot is that attacks like this are possible.

This story was updated on April 11 to explain that individual data packets in the warning system are encrypted.

This is your last free story.

Our most popular stories