Passwords Blamed for Fake Zombie Attack Alert
Experts are saying poor password practices allowed a hack of the Emergency Alert System, sending zombie warnings to TV viewers at a few stations.
Broadcasters are being urged to change the passwords on their Emergency Alert System (EAS) units in light of several reports of EAS hackings that resulted in phony EAS alerts being issued. It appears someone figured out the factory-default password of certain encoders, and sent a fake zombie attack alert via EAS.
It's only been recently that EAS devices have been accessible via the internet when the FCC and FEMA led EAS participants to convert to a system that uses the web and the Common Alerting Protocol (CAP) to help facilitate delivery of a single message through multiple means. Richard Rudman, an expert and advocate for EAS, told Radio World magazine's Leslie Stimson that the hacks were not related to CAP, nor to FEMA's Integrated Public Alert and Warning System's (IPAWS) system for facilitating EAS delivery called IPAWS-OPEN. FEMA issued a statement saying IPAWS was not hacked, and that the incident did not interfere with FEMA's ability to activate EAS.
Rudman says the hacker knew what he was doing, but EAS systems would not be vulnerable if the units are placed behind a firewall, and strong passwords are used. He suggested use of Gibson Research site for testing password strength.
There is a bright side, at least according to Karole White of the Michigan Association of Broadcasters. She's quoted by TVNewsCheck as saying, "...this minor attack, while it may have confused or frightened people, uncovered some weaknesses that we can look at fix, and adjust to."
All the best,