At exactly noon on the first Tuesday after Balint Seeber moved from Silicon Valley to San Francisco in late 2015, the Australian radio hacker and security researcher was surprised to discover a phenomenon already known to practically every other resident of the city: a brief, piercing wail that rose and then fell, followed by a man’s voice: “This is a test. This is a test of the outdoor warning system. This is only a test.”
The next week, at exactly the same time, Seeber heard it again. A few weeks after that, Seeber found himself staring up from his bicycle at a utility pole in the city’s SoMa neighborhood, examining one of the more than 100 sirens that produced that inescapable emergency test message around the city. At the top, he noticed a vertical antenna; it seemed to be receiving signals via radio, not wires. The thought came to him: Could a hacker like him hijack that command system to trigger all the sirens around the whole city at will, or to use them to broadcast even more alarming sounds?
Now, after two-and-a-half years of patiently recording and reverse-engineering those weekly radio communications, Seeber has indeed found that he or anyone with a laptop and a $35 radio could not only trigger those sirens, as unknown hackers did in Dallas last year. They could also make them play any audio they choose: false warnings of incoming tsunamis or missile strikes, dangerous or mass-panic-inducing instructions, 3 am serenades of death metal or Tony Bennett. And he has found the same hackable siren systems not only in San Francisco but in two other cities, as well as hints they may be installed in many more. “If you wanted to send out your own music or your own alert, you could broadcast it across entire cities,” Seeber says. “You could do it with something as cheap and easy as a handheld radio you can buy from Amazon.”
On Tuesday, security firm Bastille, where Seeber works as director of vulnerability research, went public with his discovery that the emergency siren equipment sold by Boston-based ATI Systems in all three cities Bastille tested lacked the basic encryption necessary to prevent any prankster or saboteur from commandeering the system. In San Francisco, Wichita, Kansas, and another city that Bastille declined to name, Seeber was able to read and fully reproduce the transmissions to those siren systems. By bouncing that signal through a repeater near the center of each city’s network, Seeber believes he could have gained control over the citywide collection of 114 sirens, each one capable of pumping out as much as 135 decibels, according to Bastille’s estimates, more than the noise of four jackhammers combined.
Although Bastille hasn’t gone so far as to actually hijack any of those installed systems by radio—and couldn’t easily try Seeber’s technique via radio in a test setting without risking a violation of FCC regulations—the firm has performed a proof of concept in which it wired one of ATI’s radios directly to Seeber’s radio and sent the same commands. In the video above, he demonstrates the results by playing a test message and then a certain well-worn Rick Astley hit song through the siren at reduced volume.
‘If you wanted to send out your own music or your own alert, you could broadcast it across entire cities.’
Hacker Balint Seeber
When WIRED reached out to ATI Systems, the company responded that “the vulnerability is largely theoretical and has not yet been seen in the field.” It also argued that Bastille had broken the law with its research by violating FCC regulations against intercepting and even merely divulging the existence of government radio signals without authorization. But in a statement it sent to Bastille after the researchers warned ATI about its security flaws, ATI wrote that Bastille’s findings are “likely true” and that it’s testing a software update it plans to roll out soon. “Before customers panic too much, please understand that this is not a trivially easy thing that just anyone can do,” that earlier statement notes. “At the same time, a certain level of concern is justified. As technology evolves, the level of threat evolves.”
Seeber warns that the systems can’t be easily upgraded with a remote software update and instead will require a maintenance trip to each siren pole in every city whose system is vulnerable to the spoofed signals. But in a press statement, the executive director of San Francisco’s department of technology, Linda Gerull, confirmed that the city has already implemented a security upgrade across the city. “We worked proactively with our vendor to patch the vulnerability,” Gerull says. “Initial testing shows the firmware upgrade minimized the threat. Nevertheless, we will continue testing.”
Missile Strikes and Nuclear Leaks
Aside from the three cities they tested in, Bastille’s researchers note that ATI’s website references siren systems installed in many other sensitive locations, including 1 World Trade Center in New York, the Indian Point nuclear power plant along the Hudson River, and campuses including UMass Amherst, Long Island University, and West Point. Bastille’s researchers caution that they couldn’t confirm whether those customers had installed the same vulnerable setups. But Bastille CEO Chris Risley nonetheless compares the potential for abuse of the sirens with the temporary mass panic that ensued after officials mistakenly triggered an incoming-missile alert on Hawaiian cell phones, radios, and televisions earlier this year. “If you caused evacuation around Indian Point, imagine all the chaos that warning would cause,” Risley says, referring to the nuclear facility 50 miles north of New York City. “It’s hard to think of infrastructure more critical than warning systems that tell us about tsunamis, air raids, and nuclear leaks.”
Seeber’s attack works by replicating the exact transmissions—at the exact radio frequency—of ATI’s legitimate communications to its sirens. In fact, anyone can generate those commands, Seeber says, with a radio as simple as this $35 one sold by the Chinese company Baofeng, essentially a slightly upgraded walkie-talkie. If he were to send those signals within a range of as much as 2 miles from a powerful repeater near the center of ATI’s siren networks, Seeber says it would be broadcast out to all the sirens in the system.
Seeber posits that ATI’s system security depends on the notion that its radio signals are too obscure for anyone to decode rather than on any actual encryption to protect the signals or authentication that would prevent unauthorized commands from being accepted. But the rise of cheap and accessible software-defined radios that allow any hacker to pick up and or produce radio signals in a broad spectrum of frequencies has made it far easier to eavesdrop and mimic unencrypted communications than in the past. “This looks like it was security through obscurity, and in this day and age that approach is really not valid,” Seeber says.
Still, deciphering those communications out of thin air wasn’t easy. After Seeber became determined to hack the sirens in 2015, he used Ettus Research software-defined radios to scan for their communications every Tuesday just before noon, waiting for the sirens to start. After failing to find any readable radio signals for months, he initially gave up. But after last year’s hacker attack that triggered emergency sirens in Dallas for 90 minutes in the middle of the night, he was inspired to start looking again.
‘It’s hard to think of infrastructure more critical than warning systems that tell us about tsunamis, air raids, and nuclear leaks.’
Chris Risley, Bastille
Finally, watching a public service announcement video about the siren system, Seeber spotted a Yagi antenna that seemed to be part of the system and was able to match it to one in a catalog. Unlike the antennas on top of each siren tower, that Yagi antenna’s size and shape revealed the frequency of the system’s communications. “Once you’ve identified those magic numbers, you can start to turn what you’re hearing into ones and zeroes,” Seeber says. But even then, Seeber spent months more working to understand the digital protocol the siren systems used. Unlike in Dallas, which used a system sold by the company Federal Signal, the San Francisco siren communications couldn’t merely be recorded and replayed. Instead, they changed slightly every week. Only after Seeber had recorded and studied weeks of radio transmission could he find the predictable pattern and reliably spoof the signal.
Since Bastille alerted ATI to the vulnerability it found in January, Seeber says he has observed an increasing amount of encrypted radio traffic from the sirens in San Francisco, a sign their security is indeed getting an upgrade. But to avoid anyone being able to replicate his attack before the systems can be secured elsewhere, Seeber isn’t revealing the details of the radio frequencies or protocol he decoded. And he and Risley warn that even after ATI’s sirens encrypt their radio protocols, they’re likely not the only such siren systems that hackers like Seeber could exploit.
“If you have a siren systems from a different vendor, you should ask if the traffic is encrypted,” Risley warns cities, universities, and other facilities with emergency sirens installed. “I think, very often, you’re going to find it is not.”