Last Friday night, as midnight approached, someone managed to trigger the emergency siren system used by the city of Dallas for tornado warnings and other emergencies. And that someone managed to keep the alarms in action for 95 minutes—even after emergency services workers shut them off. The entire system had to be shut down.
via Pirate radio: Signal spoof set off Dallas emergency sirens, not network hack | Ars Technica
I came across this story and my first thought was that it resembled many security monitoring departments or SOCs that are often inundated with many simultaneous alerts.
Of course, it’s far easier to ignore alarms on a screen than it is to ignore a siren screaming at you at midnight.
It didn’t appear to be a network hack, rather a spoof radio signal triggered the sirens. Which begs the question, where does RF fit into your threat model? And are you even aware of which devices are even susceptible to such attacks?