Critical vulnerability in EAS system
Washington, Aug. 5, 2022
The Department of Homeland Security warned of critical vulnerabilities in the Emergency Alert System’s encoder/decoder devices. The vulnerability could be used to send bogus emergency alerts.
The announcement was made in a public online statement from the federal agency. If the systems are not updated, cable networks and radio stations could be used by threat actors to panic the public with fake emergency alerts.
The flaw in EAS was discovered by a security researcher who claims that this vulnerability is the result of other, smaller flaws that have been neglected over many years.
The flaw allows hackers to gain access to credentials, certificates and devices, exploit the web server, send fake alerts, preempt signals and lock out legitimate users.
EAS is a U.S. national public alert system that allows the President or state and local authorities to communicate critical information in the event of a federal or local emergency.