IOActive has discovered vulnerabilities in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States.
They uncovered the vulnerabilities in the digital alerting systems – DASDEC – application servers. The DASDEC receives and authenticates EAS messages. Once a station receives and authenticates the message, the DASDEC interrupts the broadcast and overlays the message onto the broadcast with the alert tone containing some information about the event.
The affected devices are the DASDEC-I and DASDEC-II appliances.
“Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network’s regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,” said Mike Davis, principal research scientist for IOActive.