Emergency broadcast systems vulnerable


by CBR Staff Writer| 11 July 2013

Vulnerabilities can allow hackers to take control and generate fake messages to the public.

The Emergency Alerting Systems (EAS), which was deployed to broadcast public safety warnings, has been proved to be vulnerable to hackers, according to researchers.

Researchers have revealed that vulnerabilities can allow hackers to take control over EAS and generate fake messages to the public.

Security firm IOActive reported that one TV network's output was broken up by news of a 'zombie apocalypse' in the US.

IOActive principal research scientist, Mike Davis, reported that the vulnerabilities were discovered in the application servers of two digital alerting systems called DASDEC-I and DASDEC-II, which are responsible for receiving and validating emergency alert messages.

"These DASDEC application servers are currently shipped with their root privileged SSH key as part of the firmware update package," Davis said.

"This key allows an attacker to remotely log on in over the Internet and can manipulate any system function."

The vulnerabilities comprised a private root SSH key being distributed in openly accessible firmware images, which would enable hacker with SSH access to a device to log in with freedom of rooting and generate false alerts or immobilise the system.

Originally, the flaws in the system, which was launched in 1997, were exposed by hackers by replacing an older set-up.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2210 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.