A major vulnerability has been discovered in the U.S. Emergency Alert System, researchers have warned.that could allow hackers to break into the system and broadcast fake messages to the United States.
According to a new report by security firm IOActive, U.S. Emergency Alert System, the system used to broadcast to the United States in times of national crisis can be hacked remotely by hackers.
Recent firmware update of DASDEC-I and DASDEC-II application servers disseminated the secure shell (SSH) keys, that allows anyone with limited knowledge to log in at the root level of the server. Technically, compromising the DASDEC systems doesn't sound too difficult. In that scenario, an attacker could take over the system and issue emergency messages.
Monroe Electronics was notified about vulnerabilities in its equipment in January and the company's internal development team developed a software update that was made available in March.
The Emergency Alert System devices are installed at large and small broadcasters. The EAS is designed to enable to the President of the United States to speak to US citizens within 10 minutes of a major disaster occurring.
These alerts were passed among stations using wire services, which connected to television and radio stations around the U.S. When a station received an official notification, it would disrupt the current broadcast to deliver the message to the public.