Researchers have uncovered a remote hijacking vulnerability present in the systems many cities and organizations are using to manage emergency sirens and alerts.
Dubbed SirenJack, the vulnerability would allow an attacker to remotely activate emergency alert systems manufactured by a company called ATI Systems. Bastille said it privately contacted ATI about the flaw and allowed the company a 90-day period to patch the flaw before disclosing.
ATI did not have a statement on the matter at the time of publication. The company has said it is working on a patch for the flaw and has said it is on standby to help cities concerned over the vulnerability. Bastille says the SirenJack flaw was actually an exploit of the way ATI transmits signals from its control stations to the sirens themselves. A Bastille researcher who was in San Francisco back in 2016 noticed that the city's emergency sirens, tested every Tuesday at noon, did not have wired connections to a data feed.