US Emergency Alerting System vulnerable to attack

Security firm IOActive has discovered vulnerabilities in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States. According to the company, hardware appliances used by broadcasters to transmit emergency communications contained vulnerabilities that could be exploited over the Internet, although patches are now available.

The appliances in question are the DASDEC-I and DASDEC-II application servers, made by a company called Digital Alert Systems. The security flaws stem from a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access.

"An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area," the IOActive advisory warned. "In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems."

"Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network's regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is," said Mike Davis, principal research scientist for IOActive.

Read more -here-

• Ray-Ban Meta smart glasses can now play Apple Music
• Apple's AI will work without an Internet connection
• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware
• Boston Dynamics retires its hydraulic humanoid robot Atlas