Cities' emergency sirens will play anything you send them over an unencrypted radio protocol


#1

Originally published at: https://boingboing.net/2018/04/11/defective-products-vs-secrecy.html


#2

#3

Attention all Planets of the Solar Federation.
Attention all Planets of the Solar Federation.
We have assumed control.
We have assumed control.
We have assumed control.


#4

Bad security can give old memes new life. Shame is a great motivator.


#5

I support laws classifying counterfactual legal intimidation as assault.


#6

#7

ATI claims that the research that revealed the defects in their products is illegal, and that discussing these defects is also illegal, but admits that its products are defective, though they downplayed the significance, claiming it would be very hard to replicate Seeber’s attack

“You’re fly’s open.”
“How DARE you look at my junk, perv!”


#8

#9

This would be Wichita’s greatest public hack since the time someone put laundry soap in the fountain in front of Century II.


#10

I’m torn between Nasenbluten and Speed Freak for if I had control.

Hopefully there’d be time for both before they managed to find the off switch.


#11

#12

Seeber used a software-defined radio to monitor possible transmissions to the PA speakers.

The obvious response is to make SDR illegal.


#13

Plain old hardware-defined radio may also be used to do this work. So let’s make that illegal too.


#14

This episode reminds me of the mid eighties, when anyone’s cellphone conversation could be monitored on an older TV set tuned to one of the higher UHF channels 70-83. What was the FCC’s response? Why, they made it illegal to listen to a phone call on your TV set.


#15

That is “Doctorin’ the Tardis” by the Timelords, one of the noms de guerre of the KLF.


#16

What scares me is that people might think that you’re being sarcastic.


#17

I think I would hearken back to my slightly more juvenile self and play the occasional quick little fart noise.

Think of all the wondering of who let one rip it would cause…


#18

#19

#20

It actually hasn’t served the security community very well.