The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. EAS is a U.S. national public warning system that enables state authorities to disseminate information within 10 minutes during an emergency. Such alerts can interrupt radio and television to broadcast emergency alert information. If left unpatched, the issues could allow an adversary to issue fraudulent emergency alerts over TV, radio, and cable networks. This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.
DHS strongly encourages EAS participants to ensure that:
- EAS devices and supporting systems are up to date with the most recent software versions and security patches.
- EAS devices are protected by a firewall.
- EAS devices and supporting systems are monitored and audit logs are regularly reviewed looking for unauthorized access.