The Emergency Alert System (EAS) encoder/decoder devices have serious security flaws, according to the U.S. Department of Homeland Security (DHS).
Unpatched vulnerabilities could enable an adversary to broadcast false emergency alerts over cable, radio, and TV networks.
The Federal Emergency Management Agency of DHS is responsible for issuing the warning on August 1. (FEMA). The flaw was found by CYBIR security researcher Ken Pyle, who is given credit for the discovery.
EAS is a national public warning system used in the United States that enables state authorities to communicate information during an emergency within 10 minutes. Radio and television broadcasts can be interrupted by these alerts to provide information about emergencies.
The vulnerability’s specifics have been kept under wraps to stop malicious actors from actively exploiting it, but it is anticipated to be demonstrated as a proof-of-concept at the DEF CON conference, which will be held in Las Vegas the following week.
The agency stated in the bulletin that “in short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks.”
Relevant parties are advised to secure the EAS devices with a firewall, update them to the most recent software versions, and monitor and audit review logs for indications of unauthorized access to help mitigate the vulnerability.