Posts
eHam.net News – The San Francisco Department of Technology announced Thursday that it has patched a vulnerability to the city-county’s public siren system that would have allowed a malicious actor to take control of the system and potentially cause citywide panic. The city first learned of the vulnerability in February after being notified by researchers from San Francisco-based security firm Bastille. A subsequent disagreement between the local government and the firm regarding how to handle the vulnerability’s remediation resulted in the two parting ways to release separate public notices of what was uncovered. San Francisco’s public warning system, which includes sirens, voice and visual components, has never been used in an emergency since being installed in 1942 in preparation of air raids during World War II. The system : known locally as the Tuesday noon siren, because it is tested every Tuesday at noon : was repaired, upgraded and expanded in 2005 with federal funding. San Francisco’s executive director in the Department of Technology, Linda Gerull, says her department and the Department of Emergency Management worked with ATI Systems to patch its system and are continuing testing. According to a draft public advisory obtained by StateScoop, the vulnerability found has never been seen before. DoT Spokesperson Lauren Jones told StateScoop that a firmware update provided by ATI Systems adds 128-bit encryption to the system’s messaging, adding that before the patch, the system had weak encryption. “Could it stop (a sophisticated actor)? I don’t know, but I think it would stop most hobbyists, pirate radio fanatics, ham radio enthusiasts,” Jones said about the new encryption. The city’s notice states that “this encryption is designed to make each transmission unique and avoid logically detectable patterns in the messages. This communication structure will disguise the command format.”
from topfeedremix https://ift.tt/2JnqPdp
via IFTTT
No comments:
Post a Comment