The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable networks.
The Emergency Alert System (EAS) is a national public warning system that requires radio and TV broadcasters, cable TV, wireless cable systems, satellite and wireline operators to provide the President with capability to address the American people within 10 minutes during a national emergency.
The alert was issued by the DHS Federal Emergency Management Agency (FEMA) through the Integrated Public Alert and Warning System (IPAWS).
The vulnerabilities in EAS encoder/decoder devices were discovered by security researcher Ken Pyle from CYBIR.
“We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network).” reads the advisory. “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”
The US DHS did not disclose details about the flaw to prevent active exploitation in the wild.
The researcher plan to disclose as a proof of concept for the issues at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.
FEMA recommends EAS participants to ensure that:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Emergency Alert System)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.