Exploiting Tornado Sirens

It’s tornado season in the Midwest, but how secure are the sirens?

A recent video has gone viral of tornado sirens playing the SpongeBob theme song. However, after a some research and investigation on this video, it has been deemed to be capped.

The video’s sound has been dubbed over multiple videos of people zooming in on tornado sirens. However, this raised the question, how secure are emergency sirens systems, such as tornado sirens?

Has This Happened Before?

The idea of breaching an emergency system isn’t just theoretical. It happened in 2017 in Dallas, Texas. Threat actors compromised over 150 systems and activated the city’s emergency sirens for 90 minutes straight. In response, city officials and authorities initially kept details of the breach confidential to avoid inspiring copycat attacks targeting other emergency systems.

A similar incident occurred two years later in 2019, affecting the towns of DeSoto and Lancaster, Texas. Around 2:30 AM, over 30 emergency alarm systems triggered false alarms, jolting residents awake.

The situation caused confusion and panic, especially since both towns are located in a region prone to tornadoes. In response, city officials took the alarm systems offline in the following days. This decision, while necessary for investigation and control, temporarily left residents vulnerable during a period of active storm warnings.

Fortunately, the storms did not escalate into tornadoes, and the systems were brought back online shortly after. City officials did not disclose or provide any details about the incident, including its root cause.

Security Remediations

The 2017 breach has been disclosed on how the threat actor(s) weee able to breach the emergency systems. These systems were first installed in 2007 throughout the Dallas area. The systems were made by a company called Federal Signal, a company known to make and produce mass signal systems for emergency events. According to officials, it was discovered that the breach was caused by a radio-replay. Where an adversary mimics the radio frequency that is used for the emergency system, thus creating unauthorized false alarms. As a result of this, the Dallas City invested over $100,000 USD to support security initiatives for emergency sirens.

In 2025, these past incidents will hopefully encourage better security practices for emergency systems such as, but not limited to:

• Physical security around systems

• Encrypted communication

• Password enforcements

• System logging

• Least privilege

In the United States, it is a violation of federal FCC guidelines to tamper with these systems. Please contact local authorities or legal services to provide guidance to any technical observability or research for these systems. Failure to do so can lead to serious punishment for crime.

For other countries, please follow local governing laws and services.

Research References

https://resources.missioncriticalpartners.com/insights/how-to-protect-your-siren-system-from-hackers

https://www.linkedin.com/pulse/fire-department-computer-security-incident-handling-guide-ted-green-bibcc?utm_source=share&utm_medium=member_ios&utm_campaign=share_via

https://en.wikipedia.org/wiki/Civil_defense_siren

https://forum.level1techs.com/t/infosec-dallas-emergency-alert-system-hack/114889

https://thehackernews.com/2017/04/emergency-tornado-siren-hack.html

https://thehackernews.com/2017/04/emergency-tornado-siren-hack.html

https://www.fcc.gov/700-mhz-public-safety-narrowband-spectrum

https://statescoop.com/tornado-sirens-in-dallas-suburbs-deactivated-after-being-hacked-and-set-off/I

https://arstechnica.com/information-technology/2017/04/dallas-siren-hack-used-radio-signals-to-spoof-alarm-says-city-manager/