News

US emergency broadcasts can be hacked, say researchers

Warwick Ashford

The US emergency broadcast system set up to enable the president to talk to the country within 10 minutes of a disaster can be hacked, researchers have warned.

In February, hackers exposed weaknesses in the system by interrupting the Montana Television Network's regular programming with news of a zombie apocalypse, according to security firm IOActive.

IOActive discovered that the root privileged authentication key for the alert-issuing appliances is distributed as part of the firmware.

This key would allow an attacker to log in as root over the internet to an alert appliance and then manipulate any system function, according to IOActive.

Lead researcher Mike Davis said the system needs to be re-engineered, because an attacker who gains control of the appliances that deliver emergency messages could disrupt broadcasters’ ability to transmit and could disseminate false emergency information over a large area.

In addition, depending on the configuration of this and other devices, these messages could be forwarded to and mirrored by other emergency message delivery systems.

However, a security notice on the website of the firm that supplies the alert appliances urges customers to ensure they have installed the latest software update.

This indicates that the device makers may have heeded IOActive’s advice to update the firmware to resolve the security issues.

The notice also advises customers to change the factory default password and make sure all network connections are behind secure firewalls.

No similar emergency broadcast system exists in the UK, but the government is set to begin trials later in the year of a new public emergency alert system, according to the BBC.

The plans include alert systems that span multiple platforms, including the internet and mobile phone networks, with social media being a key component, according to a consultation document.

"The popularity of social media makes it an ideal platform for communication with people and for disseminating additional information in the aftermath of an emergency," the document says.

However, the document also notes that security must be a high priority to prevent false alarms.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy