On Monday, Aug. 1, the Federal Emergency Management Agency issued a public alert about “certain vulnerabilities” in EAS encoder/decoder devices. FEMA said these vulnerabilities present a security concern, allowing outside actors to issue emergency alerts, whether it be via TV, radio or cable network.
In its public notice, FEMA encourages broadcasters and other EAS participants to check that their devices and supporting systems are up to date with the most recent software and security patches. The agency also asks participants to ensure that EAS devices are protected by a firewall and are monitored, with audit logs regularly reviewed looking for unauthorized access.
“This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON conference in Las Vegas,” said FEMA. “In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks.”
Closing out its remarks, FEMA said it values its partnership with broadcasters “and appreciate your efforts to maintain public trust and confidence in the Emergency Alert System.”