Update: Dallas tornado alarm hack was a 'phreak' occurrence

Wed Apr 12 20:43:04 PDT 2017

Phone Phreaks!

>     DTMF replay phreaked out the Dallas tornado alarm, say researchers
>
>     Strap yourself into the DeLorean: researchers from Duo reckon the
>     Dallas tornado alarm incident was a case of old-style DMTF phreaking.
>
>     On Friday night, someone figured out how to activate all 156 of
>     the city's sirens in a stunt hack.
>
>     It turns out the sirens, from Federal Signal, use one of the
>     oldest signalling techniques around: Dual Tone Multiple
>     Frequencies, or DTMF, originating back in the analogue telephony
>     era. The earliest phreaking attacks exploited the tones used to
>     route phone calls to make free long-distance and international calls.
>
>     For those who've never noticed the beeps that happen when you
>     press buttons on a fixed-line phone, DMTF represents its symbols
>     with pairs of beeps in this layout:
>
>     [Image: DMTF tone chart from Wikipedia]
>
>     Telephone network have long been secured against phreaking, but
>     apparently not the Federal Signal sirens in Dallas. It looks like
>     the system was set off by a simple replay attack: record the
>     signal sent during a system test, and play it back.
>
>     Duo's blog post notes that the DMTF signals, carried over 450 MHz
>     radio carriers, aren't encrypted, so an attacker wouldn't even
>     need to try and interpret the symbols.
>
>     The other big compromise, according to Duo, was that someone got
>     access to the computers that control how long the sirens would
>     sound when they were activated. That compromise also made it
>     harder for city officials to shut the system down. ®
>
>     Bootnote: Duo is surprised that the attacker was able to work out
>     the radio frequency in use, which sits oddly with the author's
>     theory that a disgruntled insider is the most likely attacker.
>
>     The Register notes that an insider would probably know what
>     frequency the system used, and 450 MHz is in a band familiar with
>     UHF hobbyists. If the sirens' radio used licenced bands, the FCC
>     has the database online.
>
>     Even for the 700 MHz band, reserved for public safety in the USA,
>     it's easy enough to buy suitable transmitters.

    https://www.theregister.co.uk/2017/04/13/dtmf_replay_phreaked_out_the_dallas_tornado_alarm_say_researchers/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3166 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20170412/f2c1720a/attachment.txt>