Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States

Emergency Alert System Insecure 210

glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."
This discussion has been archived. No new comments can be posted.

Emergency Alert System Insecure

Comments Filter:
  • Dear FCC (Score:5, Funny)

    by mfh ( 56 ) on Friday August 13, 2004 @07:17PM (#9964483) Homepage Journal
    Dear FCC,
    Since you asked, I thought I would weigh in with my comments about The U.S. Emergency Alert System (EAS). I think it's appalling that anyone with a 14.4 could tap into this system and alter it for their own aims. The whole system could be crashed by terrorists during an attack, compounding the devastation of any terrorist attack by cutting off access to the system, or providing false and possibly deadly information. For example, during the 9/11 attacks the EAS could have directed people to return to their desks in the WTC, magnifying the losses suffered that day.

    I suggest you rebuild the EAS and take it offline until such a time that it can be secure.

    >... the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency.

    With the audio capabilities available today, it would be quite possible to dupe the public into thinking they were listening to George Bush, when in fact they were listening to the words of Osama bin Laden. And with the stuff Bush has been saying lately, the public might actually believe it was Bush no matter how insane the babble was!

    Somehow you would want to have a method for ensuring the audio was legit, encrypted and unaltered. I'm sure there are many ways to do this today, so I'm not really sure why you're asking me! Throw up a bunch of secure pipes and give the president access to them. Come up with a way to keep his message secure. Yeah, it's going to be expensive, but not as costly as 80,000 employees of the WTC returning to their offices because the EAS said it was "just a test".

    Kind Regards,
    Scott
    • Re:Dear FCC (Score:3, Interesting)

      by Detritus ( 11846 )
      I suggest you rebuild the EAS and take it offline until such a time that it can be secure.

      That's not a good idea. The system is currently used for many events less catastrophic than World War III, like severe weather warnings.

      • Re:Dear FCC (Score:3, Informative)

        by Egonis ( 155154 )
        Common knowledge in replacing a server is that you build a new one, and switch to it when ready -- thus, not interrupting a critical service.
    • While it is a huge concern, it's neither new nor surprising information.
    • Re:Dear FCC (Score:3, Insightful)

      the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency.
      I doubt that the President would tell anybody about an impeding nuclear war. That would just create panic and hysteria.
    • Re:Dear FCC (Score:3, Informative)

      by MasterSLATE ( 638125 )
      In regards to your mention of Sept. 11....

      As a NYC area citizen who was affected by that tragedy, I would like to point out that at no time during the day did the EAS even get used, at least in my view. I never saw it go off on any of the many channels we were flipping through.
      • I think everyone had figured it out when the only thing on every news^H^H^H^Htelevision station was the crashing planes and collapsing towers
  • tornado sirens too? (Score:5, Interesting)

    by jrockway ( 229604 ) * <jon-nospam@jrock.us> on Friday August 13, 2004 @07:17PM (#9964484) Homepage Journal
    I've always thought things like this were insecure. When I was in
    high school, I wanted to make a device to activate the tornado siren.
    I figured I could just implement a simple replay attack. I never got
    around to researching what frequency the signal was broadcast on, and
    I didn't know how to record the signal once I knew where to get it
    from. But it seems simple:
    record when they do the monthly test, replay whenever. Panic everyone. Good
    fun.

    Apparently if you modify various bits you can make them play different
    sounds and even broadcast voice. Plenty of fun to be had there.

    If anyone has done anything like this, I'd be interested in knowing,
    just so I don't have to get myself hauled off to jail trying to do it
    myself :)

    fp?
    • by JAD lifter ( 778578 ) on Friday August 13, 2004 @07:50PM (#9964670)


      Somewhat maybe related... In high school we had those fire alarms that have the handle that you pull down to trigger the alarm. Well, as one of my unlucky (and stupid) friends found out; when you pulled the alarm a big blast of marking dye shot out covering your hand, arm, torso, face and everything else with a blue/black stain that was almost impossible to wash off. Needless to say he was found and busted within minutes of pulling the alarm.
      • Maybe it's a blessing. Maybe it's just super-staining fire retardant.
        Or.. as it is more likely.. a super-staining mark of a retard.
      • This is why you use a 3 foot stick at a low angle (IE, stand by the alarm, about 3 feet to the side) and when someone you don't like comes walking past, pull and enjoy.
      • I learned that in elementary school from the My Teacher Is An Alien books by Bruce Coville.
      • At my University, it was an invisible substance that shot out -- only visible under a black light. That way the jerk that made the fire alarms go off at 3AM would not even think to scrub their hands and arms.

    • Panic everyone. Good fun.

      You certainly have a strange definition of fun...
    • If they were smart, they'd link Doppler radar with the siren system. The moment rotation would be detected within a thunderstorm, the system would activate the sirens.
  • Okay... (Score:5, Funny)

    by Anonymous Coward on Friday August 13, 2004 @07:18PM (#9964491)

    10 bucks for whoever can get all of Nevada to evacuate due to imminent flooding.

  • by account_deleted ( 4530225 ) on Friday August 13, 2004 @07:18PM (#9964494)
    Comment removed based on user account deletion
  • by homeobocks ( 744469 ) on Friday August 13, 2004 @07:19PM (#9964496)
    to give you this emergency message: ``Are your mortgage rates skyrocketing? Are your sexual organs too small? Do you have more money than brains? You can solve all of these problems by purchasing SUPER-VIAGRA! . . . and something about a tornado.''
  • by Billobob ( 532161 ) <billobob@gmail. c o m> on Friday August 13, 2004 @07:20PM (#9964507) Homepage Journal
    Conan + EAS + Bush picture + manlips = endless possibilities...
  • So... (Score:5, Funny)

    by sockonafish ( 228678 ) on Friday August 13, 2004 @07:21PM (#9964509)
    ...how long until primetime television is interrupted so that we may be informed that 'all your base are belong to us'?
    • ...how long until primetime television is interrupted so that we may be informed that 'all your base are belong to us'?

      20 to Life... That's how long.
    • Re:So... (Score:2, Informative)

      by w9wi ( 162482 )
      - The data rate and modem tones used are non-standard. (though public knowledge) One could build one's own encoder, but you won't do it easily with off-the-shelf parts.

      - Stations are only required to forward EAN ("we're about to be nuked"), EAT ("OK, I guess we *aren't* going to get nuked"), and RMT. (monthly test) Many stations don't relay any other alert. (then again, many do)

      - Stations are not required to automatically forward *anything*. They may hold even EAN/EAT/RMT for a few minutes, long eno
      • Re:So... (Score:3, Insightful)

        by M-G ( 44998 )
        Stations are required to monitor at least two sources of EAS data. To spoof a manned station, you'd need at least two transmitters.

        Good info up until that statement. The reason you're required to monitor at least two stations is for redundancy, not confirmation.

        With EBS, you only monitored one upstream station, creating a weak link. EAS requires multiple sources to prevent this problem, but doesn't cross-check the other sources.

        Think of a weather warning, where the local NWS office issues an EAS alert
  • by Flexagon ( 740643 ) on Friday August 13, 2004 @07:22PM (#9964517)

    This is yet another example why keeping infrastructure details secret is a bad idea. It's security through obscurity in the real world, and removes any incentive to actually fix these things. Now that there is a public report about it, there's at least a chance that pressure can be brought to bear, and get it fixed.

  • good fun (Score:3, Funny)

    by Frostalicious ( 657235 ) on Friday August 13, 2004 @07:24PM (#9964527) Journal

    Use this to replay a nation wide brown note [metaltabs.com]. Also good fun. Buy stock in American Standard.
  • by Stephen Samuel ( 106962 ) <samuel AT bcgreen DOT com> on Friday August 13, 2004 @07:24PM (#9964530) Homepage Journal
    I mean it's not like anybody would actually.....

    Oh my god! The russians are attacking!!!!!

  • by Ralconte ( 599174 ) on Friday August 13, 2004 @07:26PM (#9964544)
    During the 9-11 attacks, did that beep come on the TV and radio? Some commedians have joked that it didn't so I don't know. I got my news from the web -- bbc.co.uk was fairly, and the local radio announcers gave the info as they saw it. Did the gov't even try to use the Emergency Alert System? Seriously, I thought the alert was just for a nuclear attack by the USSR, never ment to be anything more than that -- a useless anachronism since the 1970's. Sounds like another group of buearucrats who want some of the Patriot Act resources to pad a sagging budget.
    • I believe it's also used for more localized alerts like "Tornadoes are coming" and "Whoops, the chemical plant up the street just started leaking toxic gas."
    • No. It was not activated. Check the 9/11 commission report. It isn't just for a nuclear attack by the soviets anymove. Check it out here [fcc.gov].
    • It did not go off at our radio stations during 9/11 .. but then we are nowhere near any of the places that were attacked. However, it is used. We have had it go off for weather emergencies, and for Amber Alerts to find potentially kidnapped children. (In both cases locally, the children were found within an hour of the alert being broadcast.) So, not quite useless... but could be used better than it is. Oh, and we had to pay for all the equipment, and the changeover in equip from the EBS to the EAS. So no f
    • No, the alert wasn't just for nuclear attack. I've heard the alert go off several times whilst I lived in Houston - mainly for tornado alerts, severe weather and flash floods. You can tell when it's coming because you hear bursts of "modem noise" on the radio just before the emergency alert message starts playing.
  • Old news... (Score:5, Informative)

    by ktakki ( 64573 ) on Friday August 13, 2004 @07:30PM (#9964569) Homepage Journal
    Almost two years old, in fact:

    http://www.securityfocus.com/news/613 [securityfocus.com]

    I'm sure one could find even earlier discussions of this vulnerability.

    k.
    • Did you RTFA? We know it's old news --- the article mentions this itself, providing the same link you give.

      The news here is that, on Thursday,

      ...the FCC responded by opening a formal review of the EAS, beginning a public comment period on how the network might be improved. One of the issues the FCC is probing is the security of the system.
  • Old news. (Score:3, Informative)

    by dj245 ( 732906 ) on Friday August 13, 2004 @07:32PM (#9964580)
    It was reported two years ago. [landfield.com] We'll probably hear about it in 2006 too, unless someone takes advantage of it.
  • by js7a ( 579872 ) <james @ b o v i k .org> on Friday August 13, 2004 @07:32PM (#9964581) Homepage Journal
    the EAS digital signal is the same signal that the National Weather Service (NWS) uses on the National Oceanic and Atmospheric Administration's Weather Radio (NWR).

    NWR Specific Area Message Encoding (SAME) [noaa.gov]

    Full spec (pdf) [noaa.gov]

  • by mabu ( 178417 ) * on Friday August 13, 2004 @07:39PM (#9964622)
    I'm sure it's nothing Halliburton or Diebold can't fix for $400 Million via a no-bid contract.

    If they went public with this, I'd bet good money it's a precursor to an already set up proposal from a well-connected contractor who wants to ride the wave of public fear all the way to ten times the cost of fixing it.
  • If it ain't broke... (Score:4, Interesting)

    by Cranx ( 456394 ) on Friday August 13, 2004 @07:42PM (#9964629)
    ...don't fix it.

    Seriously. We don't have to coat everything in 50 feet of kevlar, spaced 100 feet apart and communicating with 1GB encryption keys.

    Unencrypted broadcasting modem: scales well and very cost-effective.
  • Well, Yeah. (Score:5, Interesting)

    by c0dedude ( 587568 ) on Friday August 13, 2004 @07:44PM (#9964648)

    When it was made, that wouldn't have been a problem. It was put in to repeat a message sent in the event of soviet nuclear attack. Each node would relay to all the other nodes. Of course, modem technology was rather scarce at the time, so security wasn't the top concern. This thing was never designed for security.

    This is one of the few times where I can see hacking as terrorism. If you hack this, you are, in my eyes and in those of the law, a terrorist. Leave this one be.

  • I had this idea. I so had this idea. It was going to be great. I was going America my naked ass on national TV live at 7:00 PM next month. I'd already worked out my monologue and everything.

    Bastards.
    • Well, nice try at humor, but EAS is text (which is converted to audio) and audio only.

      Yeah, you can send out a civil emergency EAS from Bush saying "I broke into the Emergency Alert System, and I'm BUTT NAKED!", but they won't see your naked ass, and, with the way most TV stations (at least in my area) are, EAS messages aren't broadcast - they read it, and then have their meterologist set up an alert (rarely are there non-weather EAS messages in my area, and Amber Alerts they just put a ticker on with thei
  • by syrinje ( 781614 ) on Friday August 13, 2004 @07:49PM (#9964667)
    First of all, a small clarification - I agree that critical, life-saving infrastructure must be secure. That unauthorized access to these systems must be prevented. That public confidence in the sources of information is key to saving lives in the event of a disaster - and hence must be guaranteed to be genuine. A 100% of the time.

    That said - don't y'all sprain yer hamstrings to jump up and point fingers at the "government" or twist this into an open-source vs. closed source issue.

    Every system is designed in relation to its operating environment. The EBS was originally designed for a far more benign environment than exists today. I bet the primary goal of the designers was to come up with a system that was simple and effective and would work even if large parts of the power grid and the telephone network collapsed. It is inconceivable that they did not ask themselves if they needed bullet-proof authentication mechanisms - it is equally probable that they discarded that requirement as being potentially failure-prone. Given the fairly benign security environment that they designed for, and given the technology available and the overarching goal of simplicity - they cam up with what is really quite functional.

    And then the world changed (surprise, surprise). the environment that surrounded the EMS changed, rapidly and unpredictably. Where previously it was safe to assume that natural disasters would bring people in the community together to work in co-operation to face the threat, we now wonder which sleeper cells activate in these situations. The comfortable security blanket of yore that RipVanVinkle aka RVV dozed is suddenly yanked off - exposing us to the elements.

    Its like waking up one day in the shadow of a dam and suddenly seeing a thousand leaks in it. The small leaks have always been there - all dams leak and sweat a little. But now we know that there are people out there that seek to widen the cracks and stuff them with C4 and stick some fulminate in them (amazing how much chemistry you can pick up from the newspapers isnt it?). So RVV franctically tries to seal the leaks in the dam. Paranoia? Perhaps.

    The real tragedy is that the time that should be spent tending to his crops, playing with his children, making hot, sweaty love to his wife and dreaming big dreams in his afternoon nap is now spent in searching and classifying and closing the leaks in the dam.

    Will RipVanVinkle make his dam perfect? Can any dam be made perfectly leak free? Go figure.

  • by Animats ( 122034 ) on Friday August 13, 2004 @07:52PM (#9964680) Homepage
    The previous system, the Emergency Broadcast System, was based on two components - teletype messages to broadcast stations, and secondary broadcast stations monitoring "primary" broadcast stations for an alert tone.

    On February 21, 1971, an alert message announcing a nuclear war was sent over the teletype network by accident. Somebody at NORAD loaded the wrong paper tape. Almost no stations broadcast the message. One station in Florida actually did. After that, NORAD lost their authority to send emergency action messages on their own.

    The current system has more input sources than the old one did. There are weather alerts, and now even child abduction alerts. If there's ever a phony message, it will probably come from some "authorized" input source.

    A detailed history is here. [partnershi...arning.org]

    • Right. And the primary stations had a sealed envelope (I believe sent out monthly) with authenticator words for each date to validate the TTY messages. My recollection on specifics is fuzzy beyond that. I remember later when I worked at a secondary station our EBS box had a hair trigger - sometimes kicking on and putting Pittsburgh Pirates baseball broadcasts from KDKA, a primary in our area, onto our airwaves (until we quickly reset it).
    • This brings up a good point. At the two stations (one FM and one TV) that I support the only alert that get automatically inserted are tornado warnings for our county - incase the operators had to run for cover. Everything else is interpreted by a live operator and the appropriate information is included in our broadcast.
    • Why wouldn't the stations broadcast the message? If the message was authentic it probably should have been distributed. Sure, it was extrordinary news, but is the correct solution for the radio stations to broadcast absolutely nothing while all the switchboards at NORAD are tied up confirming an attack which will kill anybody not underground in 15 minutes?
    • by fwc ( 168330 ) on Friday August 13, 2004 @09:39PM (#9965151)
      In a "previous life" I did some work for a radio station, including some stuff in relation to the old EBS system.

      The previous poster is correct. There were actually two tones (853 and 960 Hz) which were broadcast at the same time for 22.5 seconds. By using two tones it prevented false detection. Usually. I built more than one EBS detector during that period with a couple of Tone detectors (NE567 if I remember correctly) and an and gate and a 555 timer to not alert unless the tone was on for more than 10 seconds or so. This was primarily used in later years for local emergencies such as tornadoes. However, for nationwide emergencies another system was used.

      Each station had a "big red envelope". The station I worked for had it at the operator position in the main control room. Digging around the internet I found this site [akdart.com] which has a picture of an envelope from 73. I remember the newer ones (about 1991) being better printed, but about the same. The envelopes were sealed and were not to be opened unless the station received an EBS message via teletype which needed to be authenticated. This envelope was replaced on a regular basis.

      At some point during the period I was around the station I asked the owner about the envelope, and he related the story about the February 1971 activation. Evidentally he was on duty when the message came in. (Looks like there's a copy of the message up on this site [beradio.com]). He opened the envelope and checked the authenticators. Now you have to realize that everyone pretty much knew that the only likely reason for the nationwide system to be activated was nuclear war. Saying that he was rather worried by this message is an understatement. I can't remember if he complied with the warning or if it was called off fast enough that he didn't have to, but I do remember he was either ready to shut down or did.

      If you google for "1971 EBS Activation" [google.com], You will find some other stories about this event.

  • ...of the Emergency Broadcast System. Had this been an actual emergency, you would all be dead now. This concludes this test of the Emergency Broadcast System
  • by Kiryat Malachi ( 177258 ) on Friday August 13, 2004 @08:04PM (#9964739) Journal
    Yes, its based on low-speed modem transmissions over public airwaves. What wasn't mentioned is:

    The low-speed transmissions are done by 'primary' stations, who have big transmitters. 'Secondary' stations choose primary stations to monitor, and retransmit the alerts the primary stations transmit.

    The low-speed transmissions are done on their broadcast frequency.

    So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal, or a group of transmitters big enough to override the monitored signal at each of the monitoring antennas.

    Nationally, you would need to do this for EVERY primary station.

    It isn't perfect, but its actually pretty reasonable security. A far bigger threat would be someone who could inject a believable warning into the primary systems, and even there, I'm not so certain its really a worry (see: 1970s NORAD mistake that no one broadcast).
    • So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal, or a group of transmitters big enough to override the monitored signal at each of the monitoring antennas.

      It's quite a bit simpler than that. Let's assume I want to get a message out to a large (local) audience via EAS. In most areas, the cable TV system will broadcase EAS alerts on all channels (or at least sound an alert tone and
      • a) The cable provider is probably a primary and not a secondary. Primaries are chosen based on two things: audience and transmitter power. Obviously, transmitter power only applies to broadcast stations. Cable systems are probably (not having worked in TV, I wouldn't know) primaries, based on their viewer numbers and the fact that it'd be easy to use them as a good distribution to a large geographic area with more regularity than a broadcast primary. Thus, you'd need to inject the message into the mess
    • So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal

      Which isn't difficult at all...

      Once you're a few miles away from the multi-megawatt signal, a transmitter of a few watts can over-power the signal locally.
  • by jeephistorian ( 746362 ) on Friday August 13, 2004 @08:12PM (#9964766) Homepage
    Its just a phase. I was insecure too when I was tht young.

    ________________________
  • Everyone knows that the secret EMS pass code is 00000000! What posers!
  • by Etcetera ( 14711 ) * on Friday August 13, 2004 @08:22PM (#9964819) Homepage

    It truly was designed for a different era, but has its uses even today. Virtually all weather emergency bulletins are sent out via the EAS protocols today, which doesn't normally affect people in, say, Silicon Valley, but makes a big difference in Tornado Alley and in Florida right now.

    A few miles from here there was a fire at a chemical factory in La Mesa, CA... I was sitting there watching something on a high-cable channel when I hear a tone and see scrolling text at the top of the screen advising me to evacuate the area. Thank you EAS, and thank you Cox Cable.

    When San Diego had its Cedar Fire in 2003 (largest fire in the history of CA, which altered everyone here's life [sciencemeetsart.com]) the EAS was used by the NWS, FD, and PD to provide information on evacuation across all channels on the cable systems (not sure about the radio, they might have been covering that themselves).

    The California Office of Emergency Services has a Emerg. Digital Info Service [ca.gov] that uses some of the same technology and protocols as well (includes the much-reknowned AMBER alerts).

    Don't think that this is some relic, this is used and tested on at least a weekly basis nationwide (SD Info [sandiegophotos.org]).

    That being said, efforts to modernize and update things are great. I'd like to see some sort of emergency protocol for data packets, similar to the emergency phone service that allows infrastructure workers' phone calls to have priority in the midst of an emergency. There should be a EAS sitatuion website that is update out-of-bounds and is replicated (through some fancy AS routing) to servers all across the country, so it's always accessible. Think of a FEMA-run Akamai.

    The company I work for was even considering some way to allow people to have EDIS/EAS alerts pop up (via Messenger service or some other client) whenever they were released for the area they're in (won't work because of all the RFC1918 space they use :\).

    Emergency Alert Systems, and Civil Defense systems in general ARE still around, and ARE working within their original intent, but more public attention needs to be brought to them, so that all know about them. It's not so much security, but having more eyes on them will undoubtedly help suggest further improvements.

    And I agree with the earlier poster... ANYONE who hacks a system like this deserves the 20 years of time they'll get. That's just dumb. It's on a par with DOSing a 911 call center. Don't do it. You WILL cause loss of life and NO ONE will have any sympathy when you go to prison for a very, very long time. In fact, I'd love to help catch you.

  • by t_allardyce ( 48447 ) on Friday August 13, 2004 @08:28PM (#9964843) Journal
    Nice to know terrorism is really being taken care of seriously, so between this, voting and letting anything onto a plane that the tabaco companies deem ok, what else isnt working? the next terrorism incident will strike terror into everyone not because of fire and death but because they will suddenly realise their worst fear - that the people incharge are all idiots!
  • I don't.

    A) I live in California, they don't pre-announce earthquakes.

    B) for a few years, I lived in Nebraska, where they did broadcast, with some regularity, warnings of tornados and flooding. Flooding NEVER applied to ME (since I didn't buy a house in a low area), and after a while, I began to treat tornado warnings as special invitations to go outside and see the cool angry-green lightning. My house was well built and held up well to 100 mph+ winds. No trailer for me.

    C) Al Quesodilla just nuked LA.

  • by cpu_fusion ( 705735 ) on Friday August 13, 2004 @08:53PM (#9964953)
    Not that I'd be surprised about the emergency broadcast system having security problems, but consider one way the government could make this work to their advantage.

    They could have already set up monitors that could very quickly traingulate the source of an interference, while in parallel secretly laying down a secure system. Then by encouraging press coverage of the security holes, they would raise the possibility of a terrorist trying to use said security holes, and in doing so, give up their location.

    /shrug

    Puting on my meta-tin-foil-hat.

  • What does it take to hijack a cable TV head-end or an STL? (studio transmitter link) If your TV tells you to "put your head between your legs and ...." wouldn't it be prudent to verify the information? While most pranksters would rather play an "XXX" film or get some political message accross a more devious action is certainly more thinkable than the unthinkable.

    If you are not directly in an emergency, atleast take an effort to verify it. On 11 september 2001 my inital reaction was that it may be a 'super
  • About 13 years ago, St-Pierre (et Miquelon) was warned of an impending tsunami from some official New York source.

    At least it looked official... and it could be a huge disaster for the whole island and its 6,000 or so inhabitants. Local learneds debated about it on radio and TV.

    No confirmation with said authorities could be obtained, and Canadian media weren't reporting the story either. What to do? There had been a devastating tsunami in Newfoundland in 1929 [lostatsea.ca]. Heck, a third of the old women in St-Pierre w
  • by Almost-Retired ( 637760 ) on Friday August 13, 2004 @09:48PM (#9965192) Homepage
    As a broadcast engineer, this system was IMO, broken from the gitgo.

    However, let me also point out that the huge majority of the system, if it all worked, which is rare, is secure in that the average stations gear can only accept input from the designated primary station in the area, and the NWS services which are also a part of the "network".

    The rest of the secondary sites in a given area are proscribed from the generation of any spurious information by the FCC, with the penalties being both uncontestable, and damned expensive for the offender who originated the false message.

    The rest of the problem is its dependability. The local system here has to jump the NRAO Quiet Zone, and is I believe now a satellite link, itself a huge problem in the event of an emp from an atomic device on the same side of the planet, or solar flares also can potentially render the link useless.

    Once you get the alert up here from star city, then you have the problem of poorly designed gear foisted off on us broadcasters by the relatively short timetable mandated by the last methodology change about 15 years ago. That gear is now failing, and the maker, who was probably incorporated just to peddle the things, has since found it impossible to survive on the expendables the system requires, like its printers unique thermal paper etc. No schematics were furnished without a lot of yelling and screaming on our part, and sending it back for expert service? Fugetaboudit. Expert service does not exist in many cases.

    And then the commission wants to fine us 27,000 per malfunction to boot. Most of the failures are beyond our control as the testing frequency is not sufficient to locate a malfunction before its a real malfunction.

    Yes, its broken, hopelessly so. It needs to be replaced with something that actually works AND is secure from outside attacks.

    And it needs to be stated up front that anyone with an idea of sueing the users for using an unknown submarine patent they ran to the patent office and got a patent on after the system was developed, will do jail time until such time as the system is declared unusable as this one s/b now. We went thru that already with this system, some jerk, smelling an easy dollar, ran and got a patent on it from our slumbering USTPO and sent all of us letters demanding $1500 a year for a license to use the system that was developed and mandated by the government. I think all of us were in close harmony during the chorus that told the commission and the equipment makers to pay it, we weren't about to pay annually for something that was mandated by them once we had purchased the original gear and installed it.

    They faded away into the slime from whence they came eventually, and the patent was eventually set aside, or so we are being told.

    Yah, we need a new system, one considerably more well thought out than this one ever was.

    --
    Cheers, Gene
  • "... this was a test of the Emergency Broadcast System. Had this been a real emergency, the tone you just heard would have been followed by panicked shouting and terrified screams. This concludes our test of The Emergency Broadcast System."
  • When I worked at a radio station, I was responsible for scheduling and issuing the required weekly and monthly tests of the EAS.

    I always thought that the system wasn't exactly that secure, as it was a relayed system and if a primary station issued a false EAS message, it would be relayed to all of those stations designated to listen to the primary...

    One time when configuring a new EAS machine, I was tempted to issue a Tsunami warning (for the Chicagoland area), but decided I'd rather not go to jail or pay
  • Secure? (Score:2, Insightful)

    by Cow007 ( 735705 )
    Let us remember there is no such thing as "secure" there is only more secure. Don't rate this "100% funny" its not funny at all.
  • Anyone remember Terminator 3 where Skynet had created a virus that scrambled global communication? I would think that a virus could be used to broadcast bogus or misleading signals. And it could spread quickly enough, especially over cable to have a major impact.
  • by LostCluster ( 625375 ) * on Saturday August 14, 2004 @07:55AM (#9966680)
    EAS is trigged by unencrypted slow-modem-like broadcasts over the broadcast airwaves. That is, station A has a machine that listens to station B, and when station B broadcasts an alert that needs to be heard on station A, a magic box interrupts programming to broadcast the alert.

    Sure, there's no tech security in the EAS system itself, but there is plenty of physical security at any TV or radio station under the jurisdiction of the FCC. To put it bluntly, if their broadcast signal is overtaken by a hacker by any means, that station is at risk of having its ability to do business taking away from them forever by losing their license.

    To create a false EAS message, an attacker would need to know what stations monitors what other stations in the EAS network, and also be able to overtake on of those statioons to get their own broadcast on the air. This just plain isn't likely... not to mention whatever public panic might be created would be mitigated by the real EAS system quickly publishing a "Ignore last message, we've lost control of our system!" message.

Brain off-line, please wait.

Working...