Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Government

+ - Widespread Vulnerability In EAS System Used To Broadcast Zombie Warning?->

Submitted by
chicksdaddy
chicksdaddy writes "OK – the good news is that the dead aren’t rising from their graves and the Zombie Apocalypse hasn’t begun (yet).The bad news: a phony EAS (Emergency Alerting System) warning about just such a cataclysm earlier this week may have been the result of a hack of what one security researcher says are known vulnerabilities in the hardware and software that is used to distribute emergency broadcasts to the public in the U.S.

The warning from Mike Davis, a Principal Research Scientist at the firm IOActive, comes just days after unknown hackers compromised EAS systems at television stations in the U.S. and broadcast a bogus emergency alert claiming that the “dead were rising from their graves” and attacking people. Published reports say that at least four television stations were the victims of the hoax: WBKP and WNMU in Marquette, Michigan; KNME/KNDM in Albuquerque, New Mexico; and KRTV in Great Falls, Montana.

Davis says that he discovered and reported a number of critical vulnerabilities in a key component of the EAS system: multi-function hardware known as a CAP EAS or ENDEC device.Davis said he and a colleague downloaded and analyzed firmware for the dominant manufacturer of so-called CAP-EAS devices and found that the software was rife with critical, easily exploitable security vulnerabilities, including embedded passwords and remotely exploitable software vulnerabilities. Davis declined to name the vendor whose software he analyzed, but said he reported the issues to the Department of Homeland Security’s ICS-CERT. The hack of the devices used to broadcast the zombie warning sounds similar to the kinds of holes he just reported, he said."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Widespread Vulnerability In EAS System Used To Broadcast Zombie Warning?

Comments Filter:

You knew the job was dangerous when you took it, Fred. -- Superchicken

Working...