A “huge flaw” threatens the US emergency alert system, warns a DHS researcher

Obstacle light with city bokeh background
Zoom in / Obstacle light with city bokeh background

The US Department of Homeland Security warns of vulnerabilities in the nation’s emergency broadcast network that allows hackers to issue bogus alerts on radio and TV stations.

“We recently became aware of some vulnerabilities in EAS encoder / decoder devices which, if not updated to the latest software versions, could allow an actor to issue EAS alerts on the host infrastructure (TV, radio, cable network)”, the federal DHS Alerted the Agency for Emergency Management (FEMA). “This exploit has been successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and could be presented as proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.”

Pyle told reporters from CNN and Bleeping Computer that the vulnerabilities reside in Monroe Electronics’ DASDEC EAS R189 One-Net, an emergency alarm system encoder and decoder. Television and radio stations use the equipment to broadcast emergency alerts. The researcher told Bleeping Computer that “multiple vulnerabilities and problems (confirmed by other researchers) have not been fixed for several years and have turned into a huge flaw.”

“When asked what can be done after successful exploitation, Pyle said: ‘I can easily get access to credentials, certificates, devices, exploit the web server, send fake alerts via craft message, get valid signals / anticipating at will. I can also block legitimate users when I do, by neutralizing or disabling a response, ‘”added Bleeping Computer.

This isn’t the first time federal officials have warned of vulnerabilities in the emergency alert system.