1050hz intensifies FEMA warns of Vulnerabilities in the US Emergency Alert System

[rcmaehl]

Summary

Multiple Vulnerabilities have been found in the US Emergency Alert System and specifics will soon be public knowledge

 

Media

 

Quotes

Quote

The Department of Homeland Security warned that attackers could exploit critical... vulnerabilities in unpatched Emergency Alert System... devices to send fake emergency alerts via TV and radio. "We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts" "This exploit was successfully demonstrated by Ken Pyle,"... "and may be presented as a proof of concept at the upcoming DEFCON 2022"..."The vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks." BleepingComputer also spoke with Ken Pyle. He told BleepingComputer that multiple vulnerabilities and issues... haven't been patched for several years and snowballed into a huge flaw. "I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alerts via crafts message, have them valid / pre-empting signals at will. I can also lock legitimate users out when I do"

 

My thoughts

You'd think that with a system as important as this, that it'd be kept up to date and not on the open internet. Unfortunately, this isn't the case, as both are false as proven multiple times in the last 2 decades including several small scaling hijackings.

 

Sources

Bleeping Computer (quote source)

FEMA IPAWS Bulletin

 

[IkeaGnome]

They also don't have their infrastructure working the way it should. 

https://www.adn.com/alaska-news/2021/08/10/alaskas-cellphone-emergency-alert-system-malfunctioned-during-the-last-earthquake-and-experts-still-dont-know-why/

Quote

Anchorage is at almost no risk of a tsunami, even during a large earthquake, and the National Tsunami Warning Center in Palmer did not send an alert to cellphones in Alaska’s largest city. Many residents received warning messages anyway. Many others did not.

Quote

Over the past several years, Anchorage residents have repeatedly received alerts intended for people in other parts of the state. Bryan Fisher, director of the Alaska Division of Homeland Security and Emergency Management, said changes were made to fix problems that were previously discovered. Last month’s alert appears to have exposed a new issue.

We get alerts for the wrong place. Sometimes it's the equivalent of a country away. 

Spoiler

The one in Anchorage last year was 1480 KM away. It's become fairly normal for us. 

I got a warning for that Tsunami. The town I live in is farther away than Anchorage and at almost 800 feet in elevation or 245 meters and almost a 90 minute drive inland.

[Salv8 (sam)]

i can imagine someone getting into one of these systems to make it say the classic line:  'what the dog doin'

[Donut417]

10 hours ago, rcmaehl said:

ou'd think that with a system as important as this, that it'd be kept up to date and not on the open interne

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

[Dominik W]

16 minutes ago, Donut417 said:

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

Well they did do a test recently, like 4 years ago, and for what it seemed to me it went well. We got a announcement at school to expect alerts, and we all stopped doing whatever in class just to watch/hear it happen.

[Donut417]

1 minute ago, Dominik W said:

nd we all stopped doing whatever in class just to watch/hear it happen.

As I recall I never got an alert. Which is the point. They cant make it work on a national scale, it works fine on a local scale but national scale not so much. 

[Dominik W]

52 minutes ago, Donut417 said:

As I recall I never got an alert. Which is the point. They cant make it work on a national scale, it works fine on a local scale but national scale not so much. 

I must say that I'm surprised then. Our entire school was pretty much ringing. That's not my problem tho, I ain't no federal it guy. The name alone sounds just gray and lonely.

[Needfuldoer]

You'd be amazed how often this comes down to "the station was too lazy to change the default login on the EAS encoder".

 

There are strict guidelines in place about playing back recordings of EAS alerts over the air. All those grating buzzsaw noises are in-band signaling that encodes what kind of alert is being broadcast. Each media market has a "primary insertion point" that the authorities go to, and all the other outlets listen to. If they play back a recording of an EAS alert, all the other stations in the market will take it to air regardless of its legitimacy.

 

 

2 hours ago, Donut417 said:

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

If by "social media" you mean "phone calls" and "everyone was glued to their TVs because all four broadcast networks went into wall-to-wall coverage", then yes.

 

https://archive.org/details/911

[ebprince the computer nerd]

this system scares me if its at night, and now its hackable and sometimes false? well, not surprising.