Vulnerabilities Found in Emergency Alert Systems
Industry: Communication | Level: Strategic | Source: The Record
Vulnerabilities identified in the emergency alert system (EAS) have prompted the Federal Emergency Management Agency (FEMA) to alert participants to the potential of hacks broadcasting fraudulent alerts on TV, radio, and cable networks. The issue is only applicable to EAS devices and does not affect emergency alerts sent to phones. The vulnerabilities were discovered by cybersecurity researcher, Kyle Pyle coming across poor security controls when studying EAS devices. Some of the issues were found to involve the EAS systems encode/decode devices not running on the latest software versions. Pyle’s comment for The Record attributes part of the issue to vulnerabilities with the volume of devices in use and not having a central administrator as FEMA does not manage the systems, which are instead utilized and managed by local stations, authorities, and affiliates. Pyle adds “One of the problems is these are everywhere; anyone can launch an alert with the right access… even by accident.” Pyle has withheld information regarding the discovery of the vulnerabilities noting their severity can be critical and he does not want the issue to escalate.