The US Department of Homeland Security has warned of vulnerabilities in the country’s emergency transmission network that allow hackers to broadcast false alerts over radio and TV stations.
“We have recently become aware of certain vulnerabilities in EAS encoder/decoder devices that could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network) if they are not updated to the latest software versions updated,” according to the Federal DHS Emergency Management Agency (FEMA) warned. “This exploit has been successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and can be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”
Pyle told reporters CNN and computer beeps that the vulnerabilities are in the Monroe Electronics R189 One-Net DASDEC EAS, an encoder and decoder for an emergency warning system. TV and radio stations use the equipment to broadcast emergency alerts. The researcher told Bleeping Computer that “several vulnerabilities and issues (confirmed by other researchers) have not been patched in several years and have been merged into one giant bug.”
“When asked what can be done after successful exploitation, Pyle said: ‘I can easily get access to the credentials, certificates and devices, exploit the web server, craft message fake alerts and have them valid/anticipate signals at will . I can also ban legitimate users if I do that and neutralize or disable a response,” added Bleeping Computer.
This isn’t the first time federal officials have warned of weaknesses in the emergency alert system.
This article was previously published on Source link
