In this article, you will get all information regarding Warning! Critical vulnerabilities found in US Emergency Response System • The Register – World Time Todays

The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems that, if exploited, could allow intruders to broadcast fake alerts over television, radio and cable networks.

The Department of Homeland Security (DHS) said in an advisory it was recently briefed on the flaws in EAS encoder and decoder devices, adding that they were successfully exploited by Ken Pyle, a security researcher at cybersecurity firm CYBIR. The advisory has a sense of urgency as the exploit “can” be presented with proof-of-concept code at next week’s DEF CON conference in Las Vegas.

“In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks,” the agency wrote in the advisory issued this week by DHS’s Federal Emergency Management Agency (FEMA).

DHS urges organizations operating the EAS to ensure their equipment and supporting systems are updated with the latest software versions and security patches, are firewalled and monitored, with audit logs regularly reviewed to ensure there are none unauthorized access.

The exact nature of the vulnerabilities was not disclosed by Homeland Security.

EAS has wide-ranging capabilities nationally and locally, although it’s probably best known for the irritating regular tests that clamorously interrupt TV and radio broadcasts. The federal service is operated by FEMA and its partners, including the Federal Communications Commission (FCC) and the National Oceanic and Atmospheric Administration.

The system is designed to ensure the President can speak to US citizens within 10 minutes during a national emergency and requires radio and television stations, cable television, wireless cable systems, satellite and landline operators to ensure this.

State and local officials can also use the system during emergencies, which can range from extreme weather events to AMBER alerts. The alerts are communicated through the Integrated Public Alert and Warning System (IPAWS).

IPAWS to think about

The security industry can expect more such vulnerabilities to be found and exploited as more systems are connected, especially on such a large scale, according to Erich Kron, security awareness advocate at KnowBe4, a security awareness training company.

“In a case like this, affecting emergency notifications, it’s easy to think that a false alarm could do no real harm,” Kron said The registry. “However, history proves that this is not true.”

He pointed to the takeover of the Associated Press Twitter account in 2013 when a fake tweet on the account reported that there had been two explosions at the White House, injuring President Obama. The news sent people panicking and caused the Dow Jones Industrial Average to fall 150 points when it was retweeted.

Then-White House press secretary Jay Carny was quick to reassure the country that nothing had happened and that President Obama had not been hurt, and the stock market returned to normal within six minutes of the initial tweet.

A group calling itself the Syrian Electronic Army, which supported Syrian President Bashar al-Assad, would later reportedly claim responsibility for the attack.

Interesting side note: The Syrian Electronic Army tried to hack years ago The registry‘s proprietary publishing system with an email to one of our reporters. The message supposedly came from one of our editors and had a link to a page that looked exactly like our signup process to collect the username and password. The biggest giveaway was that the email was far too cheerful for this editor to send and the scam was rumbled. It also spurred us to add multi-factor authentication and other protections.

In 2018, a ballistic missile alert was inadvertently issued via the EAS and wireless EAS over television, radio, and cell phones in Hawaii. The alert claimed a missile aimed at the state had flown in and urged residents to take shelter. People were panicking, phone systems were overloaded and freeways were congested, Kron said.

The accidental alarm was the result of a communications failure during a drill at Hawaii’s Emergency Management Agency.

“Even false alarms like this have real-world implications and, at the very least, destroy public confidence in these critical systems,” he said. According to Kron, organizations dealing with these systems should patch these systems regularly as a normal part of operations.

“Although patching is known to cause problems in IT systems, a mature and well-designed patch management program can ensure that any problems caused can be easily reversed and the system kept online until a solution to the problem is found “, he said . “It’s just too important to keep these systems working and secure to not keep them up to date with security patches.” ® Warning! Critical vulnerabilities found in US Emergency Response System • The Register

Warning! Critical vulnerabilities found in US Emergency Response System • The Register – World Time Todays

For more visit

Latest News by

See also  Pittsfield youth baseball team headed to World Series