• Some US EAS systems hackable with SSH key
    18 replies, posted
[url]http://arstechnica.com/security/2013/07/we-interrupt-this-program-to-warn-the-emergency-alert-system-is-hackable/[/url] [quote=Ars Technica]The US Emergency Alert System, which interrupts live TV and radio broadcasts with information about national emergencies in progress, is vulnerable to attacks that allow hackers to remotely disseminate bogus reports and tamper with gear, security researchers warned. The remote takeover vulnerability affects the DASDEC-I and DASDEC-II application servers made by a company called Digital Alert Systems. It stems from the a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from security firm IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware.[/quote]
Well that isn't good. Hopefully nobody actually tries to do this and cause panic.
Someone is looking for work tonight.
Reminds me of the [URL="https://www.youtube.com/watch?v=B_iuZ0NCSpo"]Max Headroom hack[/URL], but less creepy
I hope the worst that ever comes from this is only the intruder saying something stupid like "ur a faget".
My cable gets interrupted at least once per day by the EAS to show me literally nothing on CSPAN.
the EAS has been going off a lot more than usual in my area these days nothing interesting, just the "Required Weekly Test" message
[QUOTE=lavacano;41371508]the EAS has been going off a lot more than usual in my area these days nothing interesting, just the "Required Weekly Test" message[/QUOTE] isn't a weekly test only meant to happen, like, weekly i don't see how it is faster more usual than weekly
Maybe someone might do the zombie message again
Umm [quote] Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware. [/quote] This is like saying "If you hand out keys to your house, somebody might get into it." Well, no shit? Every system with "an access" is potentially vulnerable when you assume you are going to hand out the access credentials/key/whatever to people.
yeah no wonder the ssh key is a vulnerability that is practically the fucking PASSWORD
EAS: Easily Accessible Systems?
To be fair the EAS is incredibly insecure. The protocol is totally public; if you manage to play a tape over the air through a PEP, there's no security checks or anything, so any downstream stations are automatically preempted. It's been done by accident many times before on local levels.
Its not meant to be super encrypted for extremely fast and limited error response.
Shitheads who get caught messing with it could be put away for a LONG time. [editline]9th July 2013[/editline] [QUOTE=Sam Za Nemesis;41379434][video=youtube;c7pNAhENBV4]http://www.youtube.com/watch?v=c7pNAhENBV4[/video][/QUOTE] As funny as this is, people who could send out a fake "Volcano warning" in Seattle-Tacoma, or Radiological Hazard Warning in the areas near nuclear plants could cause a lot of damage and havoc.
[QUOTE=Pocket Medic;41371531]isn't a weekly test only meant to happen, like, weekly i don't see how it is faster more usual than weekly[/QUOTE] Supposed to yeah. Usually it doesn't happen any more often than that (though generally it's less than weekly). Recently though I could swear I've been seeing it once a day, maybe multiple times a day. So either they really want to make sure it works after the Skagit County bridge collapse, or some kid found his way in and keeps setting off the test because he thinks it's funny.
[QUOTE=LoneWolf_Recon;41371261]Reminds me of the [URL="https://www.youtube.com/watch?v=B_iuZ0NCSpo"]Max Headroom hack[/URL], but less creepy[/QUOTE]It's crazy how they never found out the people who did that.
[QUOTE=Killer900;41382100]It's crazy how they never found out the people who did that.[/QUOTE] It was the 80s and it was on-air analog television, they couldn't exactly track the source
Sorry, you need to Log In to post a reply to this thread.