These alerts include emergency warnings that are displayed or announced by interrupting the TV and radio broadcasts.
The US Department of Homeland Security has released a warning informing the nation about critical vulnerabilities in the country’s emergency broadcast network, the Emergency Alert System (EAS). The vulnerabilities were found in the non-updated EAS encoder/decoder devices.
If the latest firmware/software versions arent installed, hackers can issue bogus EAS alerts over the “host infrastructure (TV, radio, cable network).”
EAS is a national public warning system that lets state authorities disseminate information within ten minutes after acknowledging an emergency. The alerts are issued after interrupting the TV and radio broadcasts.
According to the Federal Emergency Management Agency of the DHS, the exploit was demonstrated by CYBIR’s security researcher Ken Pyle. Pyle explained that the exploits were found in the Monroe Electronics R189 One-Net DASDEC EAS. This equipment is used to transmit emergency alerts. If left unpatched, a threat actor can easily issue false emergency alerts and create chaos in public.
Successful exploitation can let adversaries access the credentials, devices, certificates, and web server. They can exploit the server, deliver bogus alerts through crafts messages, and make them validate/pre-empt signals. Pyle said he could also lock legit users out at will and neutralize/disable a response.
Pyle has been credited for discovering the flaw, but its details are currently kept under wraps to prevent malicious actors from