Hackers Set Off Dallas' 156 Warning Sirens Dozens Of Times
from the not-everything-should-be-connected-to-the-internet dept
So we’ve talked repeatedly how the shoddy security in most “internet of things” devices has resulted in increasingly-vulnerable home networks, as consumers rush to connect not-so-smart fridges, TVs and tea kettles to the home network. But this failure extends well beyond the home, since these devices have also resulted in historically-large DDoS attacks as this hardware is compromised and integrated into existing botnets (often in just a matter of minutes after being connected to the internet).
Whether it’s the ease in which a decidedly-clumsy ransomware attacker was able to shut down San Francisco’s mass transit system, or the fact that many city-connected devices like speed cameras often feature paper mache security, you can start to see why some security experts are worried that there’s a dumpster fire brewing that will, sooner rather than later, result in core infrastructure being compromised and, potentially, mass fatalities. If you ask security experts like Bruce Schneier, this isn’t a matter of if — it’s a matter of when.
In what should probably be seen as yet another warning shot across the bow: slightly before midnight in Dallas last Friday a hacker compromised the city’s emergency warning systems and managed to set off the city’s 156 warning sirens more than a dozen times. Needlessly to say, the scale of of the warning, and the number of sirens, led many people in Dallas to believe that the city had somehow been physically attacked in the middle of the night:
Dallas officials were forced to shut the system down around 1:20 am on Saturday, and despite informing the public to ignore the false alarms, a city that had already been having 911 issues the last few months found its 911 systems inundated with a massive influx of calls from concerned citizens:
“Even as the city asked residents not to dial 911 to ask about the sirens, more than 4,400 calls were received from 11:30 p.m. to 3 a.m. ? twice the average number made between 11 p.m. and 7 a.m., Syed said. The largest surge came from midnight to 12:15 as about 800 incoming calls caused wait times to jump to six minutes, far above the city’s goal to answer 90 percent of calls within 10 seconds.
The city is, frankly, fortunate that this didn’t result in more problems than it did. City officials say they’ve identified how the attacker compromised the system, but won’t be revealing technical details for obvious reasons (Update: it looks like the attacker used a radio signal attack on city gear to repeatedly set off the sirens). Over at his Facebook page, Dallas Mayor Mike Rawlings was quick to highlight how the attack made it clear the city needs to spend significantly more money on its technology infrastructure:
“This is yet another serious example of the need for us to upgrade and better safeguard our city?s technology infrastructure. It?s a costly proposition, which is why every dollar of taxpayer money must be spent with critical needs such as this in mind. Making the necessary improvements is imperative for the safety of our citizens.”
Of course while older, out-dated systems are certainly a problem, rushing to throw money at companies promising the “connected city of tomorrow in a box” isn’t a panacea, either. While it likely had nothing to do with the recent hack, AT&T has been advertising Dallas as the centerpiece of its “IOT” ambitions for the last few years, just one of countless companies rushing into the space in pursuit of new revenue and quarterly growth. The problem, again, is that many of these smart city solutions are from many of the same vendors for which security and privacy were an afterthought in the residential market.
So yes, most cities are in desperate need of a technology and security upgrade, yet often lack the budgets to do so. You just hope that when these upgrades actually occur, they aren’t sabotaged by the same superficial concern for privacy and security already plaguing the connected home market.
Filed Under: dallas, hacked, internet of things, iot, warning sirens
Comments on “Hackers Set Off Dallas' 156 Warning Sirens Dozens Of Times”
Once again with feeling: keep critical infrastructure disconnected from the internet. If something critical needs to be connected for some reason then make it ignore anything other than approved devices that are very well protected against external files (USB sticks, mail attachments and all).
So you need to run an external file in that machine? Send us a copy to be tested for malicious behavior in an isolated system first.
It doesn’t fully prevent problems, no security system is 100% effective but at the very least you’ll be protected against the average bozo and with luck only state sponsored hackers will manage to do anything more than a scratch.
Re: Re:
I would like to know more about the whole issue before just assuming that they put it on the internet. I have dealt with state and city networks and it is always a pain. Usually it is because they have two physically separated networks. One with internet access and the other that is not. The one that is not is usually is for emergency or confidential data.
Re: Re: Re:
Well I’m not really sure what to think there. You saying don’t be too quick to judge but I am left with…
A) They majorly failed by actually hooking this system to the internet an hoping no one would play with it.
B) They didn’t hook it to the internet yet majorly failed at physical security.
I’m not really sure what one of those two is worse. Either way you should make darn sure your big red panic button is well protected.
Re: Re: Re: Re:
Short of hiring 156 armed guards, someone is going to get access to a siren. How old are these? Public key cryptography was unknown until 1976, and using a separate symmetric key for each might have been difficult in the days when you couldn’t just program a PC to encrypt and transmit 156 messages.
Re: Re: Re:2 Re:
And could make it harder to use the system in an actual emergency, which is why US nukes used 00000000 as a launch code.
Re: Re: Re:3 Re:
The funny thing is, that’s actually a hard launch code to get right the first time; 12345678 would have been much better, as you are less likely to lose track of how many digits you’ve entered.
Re: Re: Re:2 Re:
In this case, they didn’t get access to a siren; they got access to the central command that triggers all the sirens, and were able to set them all off at once.
Protecting sirens should be extremely low priority — protecting the button that triggers all of them, city-wide, at once, should be higher priority.
Of course, most traffic cams and intersection cams (not to mention a growing number of traffic light grids) are networked with no encryption whatsoever, such that you just need to find a local pole and plug in to the entire network, with no authentication.
Some grids also have wireless receivers hooked up, and a few, for convenience, are also connected to the Internet.
At least the Internet-connected grids usually have some sort of a firewall, and some level of software security at the C&C center — but a lot of the stuff hanging off the network is ancient and not only doesn’t know about encryption, also doesn’t know about safe failure, cooperative networking, or anything else beyond “when this line goes high, I turn on until this other line goes high”.
So again, it’s not really about securing the hardware, it’s about placing minimal security on the network and a whole lot of logical and physical security at the operations center.
Re: Re: Re:2 Re:
This is one situation where the same key can be used for all sirens, as the requirement is to (try) and ensure the messages come from a valid source.
Re: Re: Re:3 Re:
Replay attacks would be a concern. A quick web search shows these sirens were legitimately activated several times this millenium, and someone could have saved a message. We’d probably want them transmitted every few minutes, so the sirens can’t get stuck in the "on" state for long.
The message could include a timestamp to prevent it. But clocks would drift a lot over the decades. They’d need some kind of regular time adjustment message, or maybe they could pull time from GPS or CDMA (did either exist when they were installed?). A counter might work if there were a way to store the largest-known value for a long period of time.
The one key would be a single point of failure, and would need to be well protected.
Re: Re: Re:2 Re:
That brings in the question of how these are setup. Access to one siren shouldn’t give you free run of the entire system. These also should be in public areas where it isn’t easy to mess with them.
Kind of like traffic lights. The control box is right there, no guard needed because you kind of stand out breaking into the box on the street corner.
We have built systems like this for a long time. Think about the phone system. Central office can ring your house phone, but you at home with your phone can’t easily ring every phone on the network.
Re: Re: Re:3 Re:
You could easily mess with streetlights. Do it overnight (like this attack), or just put on a reflective traffic vest and hardhat. Unless you’re attacking it with a crowbar nobody’s going to question someone in a traffic vest.
A central-office type thing might work for sirens.–ie. run a separate wire from police HQ to each siren, and they can only activate from there. but the lack of redundancy could be a problem in bad weather, especially the kind that knocks out phone lines regularly.
We don’t yet know whether the siren attack was easy.
Re: Re:
Reports are that it was a local attack, not remote. You can’t build a 100% secure system so there will always can be unauthorized access by motivated parties.
Re: Re:
There’s no indication these were on the internet, but this system would be pointless if not remotely operable in some way. It may have a telephone connection or something RF-based. Many systems like this predate strong encryption.
If a hacker reported this problem through proper channels, it would probably be disregarded as "purely hypothetical", requiring a very determined attacker, etc. They didn’t have to activate all the sirens multiple times, but this was never going to be fixed without activating one.
Re: Re: Re:
From the source:
“Officials don’t know who was responsible for the hacking, but Vaz said “with a good deal of confidence that this was someone outside our system” and in the Dallas area.”
Sure it may be old and stuff but the fact it hasn’t been updated with more robust security is a problem in itself.
I will admit that I laughed my ass off about this while it was happening. I just kept picturing Captain Crunch blowing a whistle into an old rotary AT&T phone in my head. Which reminds me, I need to dig out my old C-64 and do some phreaking and war-dialing.
Well at least they didn’t get into the Emergency Broadcast System with “Purge now in effect till daylight, 6AM”.
Are they sure it was hacked?
The state of Texas is inching closer to making unlicensed masturbation illegal, and this may have been part of a test to enforce the new regulations. Given the time and large geographic area it is plausible that the authorities were making sure they were prepared for the eventual implementation of the new law.
Re: Are they sure it was hacked?
It won’t pass. The legislature fears it would outlaw mental masturbation, and that would put them out of business. Not to mention the cerebral blue balls that would result.
Always remember that...
The S in IOT stands for security.
Who's fault you say?
Hackers gonna hack. The fault lies squarely with the IT security administrators (if there actually are any) who failed to do their job by failing to lock down this system properly.
Re: Who's fault you say?
aaaaaaand what if IT Sec put in requests for silly things like better firewalls, IPS, DLP, etc?
This system could be very secure from hacking. It doesn’t require a newly invented solution. The general problem of one-way authentication has been solved already. However, it is unclear if the Federal Signal Corporation (the supplier for Dallas) has provided such security in its controllers for the siren systems. It is also unclear if either Dallas, or the contractor hired to maintain and repair the system have configured the controllers to have their highest security. It seems all this is likely to remain unclear because city authorities buy into “security through obscurity”. Another issue is that officials want multiple, maybe non-technical folk, to be able to activate the sirens.
Security may be compromised in the interest of simplicity.
Here is what we know. The hacker used a radio signal from within signal reach of a base controller. The hacker knew the codes to trigger every siren in the system which is achieved through radio relays. Each siren can be triggered individually or as part of a group. In this case the code for “all sirens” was used. The hacker continually sent signals to activate the sirens, thus overiding the officials who sent signals to turn the sirens off. The officials eventually changed something in authentication so the hacker could no longer activate the sirens.
I am guessing how authentication works here. It may be possible that it was turned off entirely in Dallas. The simplest, and maybe only method, is to use a programmed fixed sequence of digits that represents an authentication code. I do know that Federal Signal controllers have that capability at least. However, the hacker in this case can use a replay attack. Herein, the hacker listens and records the signals used during a periodic system test. He, or she, simply plays back the same signal.
The solution is to change the authentication code for every activation. Such a rolling-code system is used in many areas such as for unlocking cars and opening garage doors. Unfortunately, the companies that design such systems try to maintain secrecy and the cryptography doesn’t get well vetted. I think all these systems had to be corrected once the system was already in the field. There are algorithms for rolling-code systems that don’t suffer from known vulnerabilities. The user may have to configure that level of security to make sure they are protected.
Re: Re:
Unclear? If they’re buying into this, you have your answer.
Leaving stuff unsecured is nothing new. Back in the 80s it got around (I forget how I heard about it) that one of the programmable signs on the highway was connected to a phone line and could be accessed via modem. There was no security on it and anyone who knew the proper commands to use could change the message. I didn’t go by the sign often enough to ever see any strange messages, but apparently it was changed a couple times. For myself, I called it once, but was too afraid to try doing anything with it. Plus, I had no idea what to do at the command prompt, since it didn’t provide any kind of a menu.
Siren Secured
http://odditymall.com/includes/content/air-raid-warning-hand-crank-siren-0.jpg
Worlds Smallest Guard Dog Hornet Keychain Stun Gun
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the <a href="https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/“>world’s smallest hornet keychain stun gun</a>. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
Worlds Smallest Guard Dog Hornet Keychain Stun Gun
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the world’s smallest <a href="https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/“>hornet keychain stun gun</a>. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
A small but powerful stun gun and flashlight in a size that fits in the palm of the hand. Stay protected without drawing too much attention to yourself by toting around the world’s smallest hornet keychain stun gun. Although it’s small enough to fit in the palm of your hand, this tiny little guy packs a powerful 6,000,000 volt punch that’ll stop anyone on their tracks.
https://idiotbuy.com/worlds-smallest-guard-dog-hornet-keychain-stun-gun/