Experts Identify Vulnerabilities in Emergency Alert Systems

IOActive experts say the products of top vendors are affected

By on February 14th, 2013 13:37 GMT

Earlier this week we learned that a Montana TV station’s Emergency Alert System (EAS) was hacked and abused to issue a prank warning about dead bodies rising from their graves. According to experts, the attackers might have leveraged some vulnerabilities that had been identified in EAS.

Cesar Cerrudo, the CTO of IOActive, told Computerworld that Mike Davis, a researcher with IOActive, has identified critical security holes in the systems used by many TV and radio stations.

Cerrudo hasn’t named the vulnerable devices, but he highlights that at least two products sold by a main vendor are affected.

“We found some devices directly connected to the Internet and we think that it's possible that hackers are currently exploiting some of these vulnerabilities or some other flaws,” Cerrudo explained.

The company has notified the US Computer Emergency Readiness Team (US-CERT) about its findings. CERT is working with the affected vendors on addressing the issues.

The experts will detail their findings at the upcoming RSA Conference in San Francisco.

Comments