DHS warns of critical flaws in Emergency Alert System encoder/decoder devices

The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices.

The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks.

The Emergency Alert System (EAS) is a national public warning system that requires radio and TV broadcasters, cable TV, wireless cable systems, satellite and wireline operators to provide the President with capability to address the American people within 10 minutes during a national emergency.

The alert was issued by the DHS Federal Emergency Management Agency (FEMA) through the Integrated Public Alert and Warning System (IPAWS).

The vulnerabilities in EAS encoder/decoder devices were discovered by security researcher Ken Pyle from CYBIR.

“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network).” reads the advisory. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”

The US DHS did not disclose details about the flaw to prevent active exploitation in the wild.

The researcher plan to disclose as a proof of concept for the issues at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.

FEMA recommends EAS participants to ensure that:

EAS devices and supporting systems are up to date with the most recent software versions and security patches;
EAS devices are protected by a firewall;
EAS devices and supporting systems are monitored and audit logs are regularly reviewed looking for unauthorized access.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Emergency Alert System)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.