Forgot your password?
typodupeerror
Security

+ - Flaws in Emergency Alert System Hardware Allow Remote Login, Zombie Alerts->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There are a set of easily exploited vulnerabilities in the appliances used in the emergency alert system (EAS) that could be used by attackers to log in to these boxes remotely and send fake emergency alerts like the one that interrupted a TV broadcast in Montana on Monday. The vulnerabilities include authentication bypasses and other bugs that a researcher says can be used to compromise the ENDEC machines that are responsible for sending out alerts over the EAS on TV and radio.

On Monday, attackers were able to get access to an ENDEC machine at a TV station in Great Falls, Mont., and send out a fake emergency alert that warned of an ongoing zombie apocalypse. Reports suggest that attackers also went after ENDECs at other TV stations, as well. It's not clear what bugs the attackers were exploiting in those machines, but Mike Davis, principal research scientist at security firm IOActive, said that he found some vulnerabilities in ENDECs made by popular manufacturers that could enable an attacker to do exactly what the Montana hackers did.

The problems lie in the firmware loaded on the ENDECs. These machines are designed to receive encoded messages from the EAS, decode and authenticate them and then broadcast them over the air. The system is designed to be automated and it has to sit on a network, rather than as a standalone box in a station. Many of these boxes are discoverable on the Internet, Davis said, which makes them available to attackers. Davis said that he spent a few hours one day looking at the firmware on these devices, as a sideline from another research project, and found a number of vulnerabilities, the most serious of which allowed him to log in remotely to an ENDEC and insert a message that would be broadcast over the EAS."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaws in Emergency Alert System Hardware Allow Remote Login, Zombie Alerts

Comments Filter:

God is real, unless declared integer.

Working...