‘Major flaw’ threatens US emergency alert system, DHS researcher warns
The US Department of Homeland Security is warning of vulnerabilities in the nation’s emergency broadcast network that could allow hackers to issue bogus warnings over radio and television stations.
“We recently became aware of certain vulnerabilities in EAS encoders/decrypters that, if not updated to the latest software versions, could allow an agent to issue an alert. EAS over server infrastructure (TV, radio, cable network)”, DHS’s Federal Emergency Management Agency (FEMA) warning. “This exploit has been successfully proven by Ken Pyle, a security researcher at CYBIR.com, and could be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, Nov. until August 14″.
Pyle told reporters at CNN and Computer Bleeping that the vulnerabilities lie in Monroe Electronics R189 One-Net DASDEC EAS, an Emergency Alert System encoder and decoder. Television and radio stations use this device to transmit emergency alerts. The researcher told Bleeping Computer that “many of the vulnerabilities and issues (confirmed by other researchers) have not been patched for several years and have become a major vulnerability.”
“When asked what can be done after successful exploit, Pyle said: ‘I can easily access credentials, certificates, devices, exploit web servers, send fake alerts via private message. manual message, with valid signals/precautions at will. . I can also lock out legitimate users when I do, disabling or disabling the ‘ response,” added Bleeping Computer.
This is not the first time federal officials have warning about vulnerabilities in the emergency alert system.