Dallas Tornado Emergency System Not Encrypted



On a late Friday night, at 11:42 p.m. the tornado sirens in Dallas Texas went off. Normally, such a warning would bring instant response from citizens and authorities alike. Yet, this was no ordinary alert because all of the 156 warning sirens started blaring and there was no tornado, no bad weather, and no threat.

At first, city officials believed the sirens were set off by some flaw in the system because they could not turn them off. They thought that a "system malfunction" had triggered the sirens. After nearly 90 minutes of frantic effort, the city officials gave in and had the air horns disengaged manually, totally shutting down the system, leaving the city vulnerable if severe weather did strike.

It wasn't until the next day that the whole horror of what happened began to sink in. The system had been hacked. The emergency system was down for about a day before being reactivated late Saturday evening.

It would take an additional 48 hours before the city could begin to understand what had happened to the critical emergency warning system. On Monday, Dallas City Manager T.C. Broadnax told reporters that the hacker set the warning sirens off using commands sent by radio frequencies, and not remotely through computer software.

Emergency warning systems such as the tornado alert sirens in Dallas use wireless radios to communicate instead of hard lines linking them to a control center. This is done intentionally since wires can be cut or a central hub can be knocked out during severe storms. In order for a hacker to attack the system, they had to know the activation codes and the radio frequencies used to turn on the sirens.

Usually, emergency system codes are 5 to 10 digit command tones that are transmitted to a receiver hooked up to the siren system. If the tones match the proper sequence, the system is activated. In many cases, these systems are not exactly new, with some dating back over a decade with little if any security provisions in place.

Yet, there are ways to protect such a system from being activated accidently or even maliciously but Dallas officials acknowledge they did not install them. City spokesperson Sana Syed confirmed that city personnel had not set the system to use an encrypted signal before the sirens were activated for nearly 90 minutes.

The system could have used an encrypted protocol - similar to secure internet of things wireless devices. Encrypted activation coded transmissions would be much harder to crack for hackers. The command signals could be sent wirelessly and scrambled using a code key. The encryption mechanisms can be fairly simple or very complex depending on the vendor. Systems such as those seen recently deployed by the CIA in the Wikileaks Vault7 exploits use both a transmission key and a data key for verification, preventing interception of the coded data and spoofing the receiver into activation.

However, in Dallas there was no security and the tones were broadcast directly - in the open. All the information necessary to perform the hack was most likely available either by using a radio to monitor city wide tests and recording the tone sequences used by officials and/or by using freely available documentation on the command codes. In fact, the detailed documentation on how to activate and operate the system could have been provided by the tornado siren vendor.

I have previously noted that similar system vendors often make operations manuals available as marketing materials placed on their websites. One such vendor that manufactures wireless control devices for water and sewage services marketed to cities and counties across the U.S. makes the full specifications, electronic schematics, command codes and even software source code available on its marketing website. It would not be very difficult for an amateur hacker, using a laptop and a radio, to take over a water or sewage system, and disable or even destroy parts of it, using the freely provided marketing materials.

In Dallas, the hackers clearly had access to more than just monitored activation information because city officials could not issue the radio command codes to turn off the sirens and instead had to disengage them manually. The hackers most likely obtained the command code to clear or reset all system commands, issuing it after setting off the sirens and locking the city officials out of the emergency network.

City officials have confirmed that Dallas Police and the FBI are now involved in the investigation.

Dallas Mayor Mike Rawlings promised that “we will work to identify and prosecute those responsible.”

Sorry to disappoint you Mayor Rawlings, but the odds of finding "those responsible" are pretty low because of the poorly secured system put in place. Unless someone actually saw the hackers, a most unlikely event, or one of the hackers brags about it, the episode seems to be nearly the perfect crime.

The hackers used radio commands so all they would have to do was get close to a command node of the siren system, either on foot or in a moving car, and issue the sequences to set off the system. All this could be accomplished in a matter of seconds within a short range of a siren site.

There were also unintended consequences of the attack. The largest impact came because the security breach slammed the city’s 911 call system, which was flooded with a tidal wave of upset citizens. Once city officials knew it was a false alarm they were able to issue a notice for residents not to call 911 with questions about the sirens. Yet, the city emergency 911 network was overwhelmed and began to drop calls due to the massive traffic. Dallas 911 responders received more than 4,000 calls that night between 11:30 p.m. and 3:00 a.m.

Still, there is hope after all. The realization of what happened and what to do to correct it is not often shared by most politicians or bureaucrats. Dallas officials seem to be taking a somewhat different tack than blame someone and cover it up.

“We need to improve but someone intruded in our system," stated Dallas City Manager T.C. Broadnax. "So had they not done something that is illegal, then in fact the notification and the issues wouldn’t have occurred. We’ll own what we need to own and that is we’ll work to improve our system.”



if you want to see inner cryptographic design - RAVEN has got it


Contact Us: