Security researchers have issued a warning about a critical vulnerability in the U.S.’s Emergency Alert System, which is used to break into broadcasts with important public safety information. The company that manufactures the equipment says it has released a patch which should address the problem.
PCWorld’s Jeremy Kirk reported, “Hardware appliances used by broadcasters to transmit emergency communications contained vulnerabilities that could be exploited over the Internet, although patches are now available. The appliances from Digital Alert Systems, which is a division of Monroe Electronics, are a crucial component of the Emergency Alert System, a national program intended to disseminate public safety information over broadcast outlets within about 10 minutes.”
Mashable’s Samantha Murphy added, “According to a new report conducted by security firm IOActive, a hacker who gains control over one or more of the system’s servers could ‘disrupt these stations’ ability to transmit and could disseminate false emergency information over a large geographic area.'”
Wired’s Kim Zetter noted, “Earlier this year hackers used default credentials to break into the Emergency Alert System at local TV station KRTV in Montana to interrupt programming with an alert about a zombie apocalypse…. Similar attacks also reportedly hit stations in Michigan, New Mexico, Utah and California. The hackers targeted local systems, however, not the national EAS network.”
The Register’s John Leyden wrote, “IOActive has also issued its own IOActive Labs advisory outlining the apparently affected products, the impact and how to mitigate the problem. According to the US CERT, a fixed version of the firmware is available that allows users to change their login keys, and should be applied to critical devices.”