Hackers can disrupt legit warnings or issue fake ones of their own.
The US Department of Homeland Security is warning of vulnerabilities in the nation’s emergency broadcast network that makes it possible for hackers to issue bogus warnings over radio and TV stations.
“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to the most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network),” the DHS’s Federal Emergency Management Agency (FEMA) warned. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”
Pyle told reporters at CNN and Bleeping Computer that the vulnerabilities reside in the Monroe Electronics R189 One-Net DASDEC EAS, an emergency alert system encoder and decoder. TV and radio stations use the equipment to transmit emergency alerts. The researcher told Bleeping Computer that “multiple vulnerabilities and issues (confirmed by other researchers) haven’t been patched for several years and snowballed into a huge flaw.”
“When asked what can be done after successful exploitation, Pyle said: ‘I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alerts via crafts message, have them valid / pre-empting signals at will. I can also lock legitimate users out when I do, neutralizing or disabling a response,’” Bleeping Computer added.
This isn’t the first time federal officials have warned of vulnerabilities in the emergency alert system.
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Online disclosure of 5+ million Twitter users’ stolen information - 30 November 2022
- U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer - 29 November 2022
- Researchers Quietly Cracked Zeppelin Ransomware Keys - 23 November 2022