Jump to content

FEMA warns of Vulnerabilities in the US Emergency Alert System

rcmaehl
 Share

Summary

Multiple Vulnerabilities have been found in the US Emergency Alert System and specifics will soon be public knowledge

 

Media

hackers-exploit-flaws-us-emergency-alert-system-fake-warning.jpg

 

Quotes

Quote

The Department of Homeland Security warned that attackers could exploit critical... vulnerabilities in unpatched Emergency Alert System... devices to send fake emergency alerts via TV and radio. "We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts" "This exploit was successfully demonstrated by Ken Pyle,"... "and may be presented as a proof of concept at the upcoming DEFCON 2022"..."The vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks." BleepingComputer also spoke with Ken Pyle. He told BleepingComputer that multiple vulnerabilities and issues... haven't been patched for several years and snowballed into a huge flaw. "I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alerts via crafts message, have them valid / pre-empting signals at will. I can also lock legitimate users out when I do"

 

My thoughts

You'd think that with a system as important as this, that it'd be kept up to date and not on the open internet. Unfortunately, this isn't the case, as both are false as proven multiple times in the last 2 decades including several small scaling hijackings.

 

Sources

Bleeping Computer (quote source)

FEMA IPAWS Bulletin

 

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to comment
Share on other sites

Link to post
Share on other sites

They also don't have their infrastructure working the way it should. 

https://www.adn.com/alaska-news/2021/08/10/alaskas-cellphone-emergency-alert-system-malfunctioned-during-the-last-earthquake-and-experts-still-dont-know-why/

Quote

Anchorage is at almost no risk of a tsunami, even during a large earthquake, and the National Tsunami Warning Center in Palmer did not send an alert to cellphones in Alaska’s largest city. Many residents received warning messages anyway. Many others did not.

Quote

Over the past several years, Anchorage residents have repeatedly received alerts intended for people in other parts of the state. Bryan Fisher, director of the Alaska Division of Homeland Security and Emergency Management, said changes were made to fix problems that were previously discovered. Last month’s alert appears to have exposed a new issue.

We get alerts for the wrong place. Sometimes it's the equivalent of a country away. 

Spoiler

image.thumb.png.f2c4e399c1d8ffae4bc8826ea8efd6a7.png

The one in Anchorage last year was 1480 KM away. It's become fairly normal for us. 

I got a warning for that Tsunami. The town I live in is farther away than Anchorage and at almost 800 feet in elevation or 245 meters and almost a 90 minute drive inland.

I'm not actually trying to be as grumpy as it seems.

Project Hot Box

CPU 12900k, Motherboard Gigabyte Aorus Elite AX, RAM CORSAIR Vengeance 4x16gb 5200 MHZ, GPU AMD Radeon 6800 XT FE, Case Lian Li O11 Dynamic Mini, Storage Sabrent Rocket Q4 2tbCORSAIR Force Series MP510 1920GB NVMe, CORSAIR FORCE Series MP510 960GB NVMe, PSU CORSAIR sf600, Cooling Arctic Liquid Freezer ii 360, Displays Odyssey G9, LG 34UC98-W 34-Inch,Keyboard Mountain Everest Max, Mouse Mountain Makalu 67, Sound AT2035, Massdrop 6xx headphones, Go XLR 

Oppbevaring

CPU i9-9900k, Motherboard, ASUS Rog Maximus Code XI, RAM, 48GB Corsair Vengeance LPX 32GB 3200 mhz (2x16)+(2x8) GPU Asus ROG Strix 2070 8gb, PNY 1080, Nvidia 1080, MSI 1070 Gaming X 8gb, Case Phanteks Enthoo Evolv X, 2x Storage Samsung 860 Evo 500 GB, 5x Seagate IronWolf 8tb NAS(ZFS1), PSU Corsair RM1000x, Cooling Asus Rog Ryuo 240 with Noctua NF-12 fans, OS Unraid

 

Why is the 5800x so hot?

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

10 hours ago, rcmaehl said:

ou'd think that with a system as important as this, that it'd be kept up to date and not on the open interne

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, Donut417 said:

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

Well they did do a test recently, like 4 years ago, and for what it seemed to me it went well. We got a announcement at school to expect alerts, and we all stopped doing whatever in class just to watch/hear it happen.

--Dominik W

 

(What else do you need, this is just a signature, plus I have them disabled 😅)

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Dominik W said:

nd we all stopped doing whatever in class just to watch/hear it happen.

As I recall I never got an alert. Which is the point. They cant make it work on a national scale, it works fine on a local scale but national scale not so much. 

I just want to sit back and watch the world burn. 

Link to comment
Share on other sites

Link to post
Share on other sites

52 minutes ago, Donut417 said:

As I recall I never got an alert. Which is the point. They cant make it work on a national scale, it works fine on a local scale but national scale not so much. 

I must say that I'm surprised then. Our entire school was pretty much ringing. That's not my problem tho, I ain't no federal it guy. The name alone sounds just gray and lonely.

--Dominik W

 

(What else do you need, this is just a signature, plus I have them disabled 😅)

Link to comment
Share on other sites

Link to post
Share on other sites

You'd be amazed how often this comes down to "the station was too lazy to change the default login on the EAS encoder".

 

There are strict guidelines in place about playing back recordings of EAS alerts over the air. All those grating buzzsaw noises are in-band signaling that encodes what kind of alert is being broadcast. Each media market has a "primary insertion point" that the authorities go to, and all the other outlets listen to. If they play back a recording of an EAS alert, all the other stations in the market will take it to air regardless of its legitimacy.

 

 

2 hours ago, Donut417 said:

If I recall during 9/11 most people found out about the attacks due to social media and such. I dont recall the EAS going off at all. Im pretty sure the FCC tried to do a national test a few years later and it failed. No fucking surprise there. The US government could fuck up a cup of water. 

If by "social media" you mean "phone calls" and "everyone was glued to their TVs because all four broadcast networks went into wall-to-wall coverage", then yes.

 

https://archive.org/details/911

Dell owns my soul.

Link to comment
Share on other sites

Link to post
Share on other sites

this system scares me if its at night, and now its hackable and sometimes false? well, not surprising.

how are you doing today

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×