SirenJack

Bastille security researcher Balint Seeber recently discovered that the radio protocol used to control sirens in emergency alert systems (EASs) manufactured by ATI Systems is not encrypted. This exposure could create the opportunity for a malicious actor to locate the radio frequency associated with an ATI Systems EAS, and then direct malicious messages to the EAS that could result in generating fraudulent alerts and creating false public alarm. These emergency alert systems are used in universities, industrial sites, military installations, and in cities all around the world. ATI is currently testing a patch for these systems that will include additional security features to the radio protocols used. As these patches are customized for each client, EAS administrators need to contact ATI Systems to receive their specialized patch. The NJCCIC recommends all administrators of ATI Systems emergency alert systems review the SirenJack report and to contact their ATI Systems representative for information on receiving the patch.