Sign up for our newsletter
Technology / Cybersecurity

Emergency broadcast systems vulnerable

The Emergency Alerting Systems (EAS), which was deployed to broadcast public safety warnings, has been proved to be vulnerable to hackers, according to researchers.

Researchers have revealed that vulnerabilities can allow hackers to take control over EAS and generate fake messages to the public.

Security firm IOActive reported that one TV network’s output was broken up by news of a ‘zombie apocalypse’ in the US.

IOActive principal research scientist, Mike Davis, reported that the vulnerabilities were discovered in the application servers of two digital alerting systems called DASDEC-I and DASDEC-II, which are responsible for receiving and validating emergency alert messages.

White papers from our partners

"These DASDEC application servers are currently shipped with their root privileged SSH key as part of the firmware update package," Davis said.

"This key allows an attacker to remotely log on in over the Internet and can manipulate any system function."

The vulnerabilities comprised a private root SSH key being distributed in openly accessible firmware images, which would enable hacker with SSH access to a device to log in with freedom of rooting and generate false alerts or immobilise the system.

Originally, the flaws in the system, which was launched in 1997, were exposed by hackers by replacing an older set-up.

This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.