Fwd: Re: Update: Dallas tornado alarm hack was a 'phreak' occurrence
Razer
g2s at riseup.net
Thu Apr 13 07:10:13 PDT 2017
On 04/13/2017 06:44 AM, lrk wrote:
>> ----- Forwarded message from Razer <g2s at riseup.net> -----
>>
>> To: cypherpunks at lists.cpunks.org
>> From: Razer <g2s at riseup.net>
>> Subject: Update: Dallas tornado alarm hack was a 'phreak' occurrence
>> Date: Wed, 12 Apr 2017 20:43:04 -0700
>>
>> Phone Phreaks!
>>
>>
>>> DTMF replay phreaked out the Dallas tornado alarm, say researchers
>>>
>>> Strap yourself into the DeLorean: researchers from Duo reckon the
>>> Dallas tornado alarm incident was a case of old-style DMTF phreaking.
>>>
>>> On Friday night, someone figured out how to activate all 156 of
>>> the city's sirens in a stunt hack.
>>>
>>> It turns out the sirens, from Federal Signal, use one of the
>>> oldest signalling techniques around: Dual Tone Multiple
>>> Frequencies, or DTMF, originating back in the analogue telephony
>>> era. The earliest phreaking attacks exploited the tones used to
>>> route phone calls to make free long-distance and international calls.
>>>
>>> For those who've never noticed the beeps that happen when you
>>> press buttons on a fixed-line phone, DMTF represents its symbols
>>> with pairs of beeps in this layout:
>>>
>>> [Image: DMTF tone chart from Wikipedia]
>>>
>>> Telephone network have long been secured against phreaking, but
>>> apparently not the Federal Signal sirens in Dallas. It looks like
>>> the system was set off by a simple replay attack: record the
>>> signal sent during a system test, and play it back.
>>>
>>> Duo's blog post notes that the DMTF signals, carried over 450 MHz
>>> radio carriers, aren't encrypted, so an attacker wouldn't even
>>> need to try and interpret the symbols.
>>>
>>> The other big compromise, according to Duo, was that someone got
>>> access to the computers that control how long the sirens would
>>> sound when they were activated. That compromise also made it
>>> harder for city officials to shut the system down. ??
>>>
>>> Bootnote: Duo is surprised that the attacker was able to work out
>>> the radio frequency in use, which sits oddly with the author's
>>> theory that a disgruntled insider is the most likely attacker.
>>>
>>> The Register notes that an insider would probably know what
>>> frequency the system used, and 450 MHz is in a band familiar with
>>> UHF hobbyists. If the sirens' radio used licenced bands, the FCC
>>> has the database online.
>>>
>>> Even for the 700 MHz band, reserved for public safety in the USA,
>>> it's easy enough to buy suitable transmitters.
> FYI, tone systems like touch-tone don't work over digital voice. Those
> synthesizer systems will not recreate the tones accurately. Trunked systems
> have other engineering problems which make them the wrong tool for public
> safety but the only thing that counts is that Motorola got the taxpayer's
> money.
>
>
And the sound of a snare drum, high hat, cymbals, oboe, etc, has never
been the same since 'music went square wave' either. Odd that digitized
DTMF tones shouldn't work. No frequency component to any of them so high
that is should matter. What I find strange is there's a set of 'outband'
tones, not normally used for civilian communication that police and fire
departments have used historically to prevent intruders into their
communications systems. Dallas must have cheaped the contractor
installing the system.
Rr
More information about the cypherpunks
mailing list