When outdoor warning sirens in Dallas cried wolf last Friday, Twitter sleuths concluded that a hacker hijacked the alarms through a vulnerable computer network. As it turns out, the sirens aren’t computerized at all — they’re controlled through a decade-old radio system, one the city just voted to spend $100,000 to upgrade.
This week, Dallas city officials revealed a few details about last Friday’s chaos. “It’s a radio system, not a computer issue,” Dallas City Manager T.C. Broadnax explained. The city’s outdoor warning system, first installed in 2007, is powered by 156 sirens made by a company called Federal Signal Corp. City officials declined to provide details on how the emergency system works, noting only that “it’s a tonal-type system,” which suggests it could be compromised by outside radio equipment replicating the tonal code required to trigger the alarms. The whole thing sounds kind of like massive-scale phone phreaking, which is cool but probably more scary than cool given how many similarly unsecured systems likely exist in major U.S. cities.
After it was triggered late Friday, the radio-based system was disabled so the city could take some basic precautions. When the system went back up over the weekend, it went live with encryption to protect its language of tones, a measure that could have prevented the whole ordeal.
For anyone who still thinks hacking always looks like a scene from Mr. Robot, the Dallas incident is just one more cautionary tale. People are jumpy about public infrastructure security these days with good reason: As the federal government struggles to protect nationwide critical infrastructure, heterogenous city and state-level technology provide a sprawling attack surface. With that in mind, it’s worth remembering that not all security incidents involve Matrix-style lines of code scrolling down a computer screen. Apparently, a good old-fashioned radio hack can still wreak havoc too.