WE INTERRUPT THE PROGRAM…
Hackers can disrupt legit warnings or issue fake ones of these own.
THE UNITED STATES Department of Homeland Security is warning of vulnerabilities in the nations emergency broadcast network that means it is easy for hackers to issue bogus warnings over radio and TV stations.
We recently became alert to certain vulnerabilities in EAS encoder/decoder devices that, or even updated to many recent software versions, could allow an actor to issue EAS alerts on the host infrastructure (TV, radio, cable network), the DHS’s Federal Emergency Management Agency (FEMA) warned. This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and could be presented as a proof concept at the upcoming DEFCON 2022 conference in NEVADA, August 11-14.
Pyle told reporters at CNN and Bleeping Computer that the vulnerabilities have a home in the Monroe Electronics R189 One-Net DASDEC EAS, a crisis Alert System encoder and decoder. TV and r / c utilize the equipment to transmit emergency alerts. The researcher told Bleeping Computer that multiple vulnerabilities and issues (confirmed by other researchers) haven’t been patched for quite some time and snowballed right into a huge flaw.
When asked what you can do after successful exploitation, Pyle said: I could easily access the credentials, certs, devices, exploit the net server, send fake alerts via crafts message, keep these things valid / pre-empting signals at will. I’m also able to lock legitimate users out when I really do, neutralizing or disabling a reply, Bleeping Computer added.
This isnt the 1st time federal officials have warned of vulnerabilities in the emergency alert system.