They uncovered the vulnerabilities in the digital alerting systems – DASDEC – application servers. The DASDEC receives and authenticates EAS messages. Once a station receives and authenticates the message, the DASDEC interrupts the broadcast and overlays the message onto the broadcast with the alert tone containing some information about the event.
The affected devices are the DASDEC-I and DASDEC-II appliances.
“Earlier this year we were shown an example of an intrusion on the EAS when the Montana Television Network’s regular programming was interrupted by news of a zombie apocalypse. Although there was no zombie apocalypse, it did highlight just how vulnerable the system is,” said Mike Davis, principal research scientist for IOActive.
“These DASDEC application servers are currently shipped with their root privileged SSH key as part of the firmware update package. This key allows an attacker to remotely log on in over the Internet and can manipulate any system function. For example, they could disrupt a station’s ability to transmit and could disseminate false emergency information. For any of these issues to be resolved, we believe that re-engineering needs to be done on the digital alerting system side and firmware updates to be pushed to all appliances,” Davis added.
The EAS is designed to enable to the President of the United States to speak to US citizens within 10-minutes of a disaster occurring. In the past these alerts were passed from station to station using the Associate Press (AP) or United Press International (UPI) “wire services” which connected to television and radio stations around the US.
Whenever the station received an authenticated Emergency Action Notification (EAN), the station would disrupt its current broadcast to deliver the message to the public.