Exposed SSH Key Means US Emergency Alert System Can Be Hacked 86
wiredmikey writes "Recently discovered security flaws in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States, has made the systems vulnerable to remote attack. The vulnerability stems from an SSH key that is hard-coded into DASDEC-I and DASDEC-II devices made by Monroe Electronics. Unless the default settings were altered during deployment, impacted systems are using a known key that could enable an attacker with full access if the systems are publicly faced or if they've already compromised the network. By exploiting the vulnerability, an attacker could disrupt a station's ability to transmit and/or could send out false emergency information. 'Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,' said Mike Davis, a principal research scientist at IOActive. The DHS issued an alert on the vulnerability, and IOActive, the firm that discovered the flaw, has published additional technical details (PDF) on the security issue."
Zombie apocalypse false report (Score:5, Funny)
when I saw the first part of the blurb, I thought, "the least they could do is publicize the security hole by announcing the zombie apocalypse." Guess they beat me to the punch.
Misdirection (Score:5, Funny)
I think this is just misdirection and cover up.
'Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,
How do we know there was no zombie apocalypse. Maybe they're just claiming a vulnerability to pretend the apocalypse was a fake. When was the last time you talked to somebody in Montana, would you even know if it'd been overrun ?
Re:Zombie apocalypse false report (Score:3, Funny)
When I saw the second part of the blurb, I thought, "They *say* there wasn't a zombie apocalypse and that it was just a security flaw, but maybe that's only because they managed to contain the outbreak in Montana." :-)
Re:Misdirection (Score:5, Funny)
Plausible.
Most people when meeting somebody from Montana wouldn't be able to tell if they are "living" or "living dead".
Re:Misdirection (Score:4, Funny)
They only got 4 calls about the alert.
That was a full 50% of their audience.
Re:Zombie apocalypse false report (Score:4, Funny)
When I saw the second part of the blurb, I thought, "They *say* there wasn't a zombie apocalypse and that it was just a security flaw, but maybe that's only because they managed to contain the outbreak in Montana." :-)
I grew up in Montana. I've been to Great Falls. If there were zombies in February, the zombies arose from the grave and them promptly iced over, and were then disassembled using chainsaws.