Enlarge / Obstruction mild with bokeh metropolis background
The US Department of Homeland Security is warning of vulnerabilities within the nation’s emergency broadcast community that makes it potential for hackers to subject bogus warnings over radio and TV stations.
“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network),” the DHS’s Federal Emergency Management Agency (FEMA) warned. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”
Pyle instructed reporters at CNN and Bleeping Computer that the vulnerabilities reside within the Monroe Electronics R189 One-Net DASDEC EAS, an Emergency Alert System encoder and decoder. TV and radio stations use the gear to transmit emergency alerts. The researcher instructed Bleeping Computer that “multiple vulnerabilities and issues (confirmed by other researchers) haven’t been patched for several years and snowballed into a huge flaw.”
“When asked what can be done after successful exploitation, Pyle said: ‘I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alerts via crafts message, have them valid / pre-empting signals at will. I can also lock legitimate users out when I do, neutralizing or disabling a response,’” Bleeping Computer added.
This isn’t the primary time federal officers have warned of vulnerabilities within the emergency alert system.