Discovery of a vulnerability capable of hacking all functions remotely to an emergency alert system
ByAlan Levine
We found a vulnerability that it is possible to take over via the Internet to a system that is used to send emergency alerts at TV stations and radio stations. In the worst case, third parties can remotely log in and use the full function of the system, so experts need not only update the firmware but also drastic review of the alarm system itself I pointed out.
This Is Not a Test: Emergency Broadcast Systems Proved Hackable | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/07/eas-holes/
We interrupt this program to warn the Emergency Alert System is hackable | Ars Technica
http://arstechnica.com/security/2013/07/we-interrupt-this-program-to-warn-the-emergency-alert-system-is-hackable/
Emergency broadcast equipment in US vulnerable to hackers | PCWorld
http://www.pcworld.com/article/2043880/emergency-broadcast-equipment-in-us-vulnerable-to-hackers.html
It is pointed out that vulnerability is a system that sends emergency alarm in the form of interrupting broadcasting when an emergency occurs during broadcasting of television and radio,Digital Alert SystemsOf the DASDEC series,Monroe ElectronicsR189 One-Net.
Appearance of equipment is like this.
As a vulnerability,A predictable session ID or password is generated, or setting information is output to the logIn addition, since the default SSH secret key used when the administrator accesses with the root privilege is included in the firmware, the old firmware device is used as the default setting In this case, third parties can log in with root authority and can use all functions.
In February 2013, emergency broadcast of "fake zombies occurred and hit people" using the emergency alarm system pointed out this time vulnerability was shed, but this vulnerability US-CERT does not disclose whether it is a misuse or not.
The picture at that time is this.
TV Station's Emergency Alert System Hacked, Warns of Montana Zombie Apocalypse - YouTube
Although the performer does not know about the alarm, the program is progressing without any particular reaction, but there is an eerie alarm sound so as to overlap with the program sound and a narration of "Zombies are very dangerous and a lot of troubles are generated" The target area of the alarm is displayed at the top of the screen.
Although the above picture belongs to the television station of Montana State, it is said that equipment hacking was also confirmed in Michigan, California, Tennessee, New Mexico.
The vulnerability pointed out this time is a countermeasure organization that is dealing with the crisis of the Internet ·ICS-CERTWhenUS-CERTIt was released two weeks ago, and it can be countermeasures if the firmware is updated to newer than 2.0-2. Security companyIOActiveResearcher Mike Davis pointed out that updating the firmware naturally requires a drastic review of the system in addition to that.
If it is a "zombie attack", it is judged that it is "a malicious joke, it will be a prank", but if this is "launching a nuclear missile towards our country" then we can not do it in a chalet ....
Related Posts:
