Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Widespread Vulnerability In EAS System Used To Broadcast Zombie Warning?

chicksdaddy (814965) writes | about a year ago

Government 0

chicksdaddy writes "OK – the good news is that the dead aren’t rising from their graves and the Zombie Apocalypse hasn’t begun (yet).The bad news: a phony EAS (Emergency Alerting System) warning about just such a cataclysm earlier this week may have been the result of a hack of what one security researcher says are known vulnerabilities in the hardware and software that is used to distribute emergency broadcasts to the public in the U.S.

The warning from Mike Davis, a Principal Research Scientist at the firm IOActive, comes just days after unknown hackers compromised EAS systems at television stations in the U.S. and broadcast a bogus emergency alert claiming that the “dead were rising from their graves” and attacking people. Published reports say that at least four television stations were the victims of the hoax: WBKP and WNMU in Marquette, Michigan; KNME/KNDM in Albuquerque, New Mexico; and KRTV in Great Falls, Montana.

Davis says that he discovered and reported a number of critical vulnerabilities in a key component of the EAS system: multi-function hardware known as a CAP EAS or ENDEC device.Davis said he and a colleague downloaded and analyzed firmware for the dominant manufacturer of so-called CAP-EAS devices and found that the software was rife with critical, easily exploitable security vulnerabilities, including embedded passwords and remotely exploitable software vulnerabilities. Davis declined to name the vendor whose software he analyzed, but said he reported the issues to the Department of Homeland Security’s ICS-CERT. The hack of the devices used to broadcast the zombie warning sounds similar to the kinds of holes he just reported, he said."

Link to Original Source

cancel ×

0 comments

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...