Slashdot Mirror

← Back to Stories (view on slashdot.org)

Emergency Alert System Insecure

Posted by ryuzaki0 on from the ahoooooga-ahooooooga dept.

glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."

12 of 210 comments (clear)

  1. Go ahead and fuck with the system by Anonymous Coward · · Score: 1, Insightful

    One idiot sentenced to 20 years in jail for broadcasting illegal emergency alerts ought to make people think twice about doing something so stupid.

    1. Re:Go ahead and fuck with the system by Spad · · Score: 2, Insightful

      I don't think that the people you need to be concerned about gaining access to the system are really going to care about prison sentences.

  2. A good reason *not* to keep these things secret by Flexagon · · Score: 3, Insightful

    This is yet another example why keeping infrastructure details secret is a bad idea. It's security through obscurity in the real world, and removes any incentive to actually fix these things. Now that there is a public report about it, there's at least a chance that pressure can be brought to bear, and get it fixed.

    1. Re:A good reason *not* to keep these things secret by 0racle · · Score: 2, Insightful

      Encryption does not hide the fact that a message exists, it just alters what the text appears to be. Also, a principle in cryptology for some time has been, "The general system must not be a secret." Today that can be restated, "The algorithm must not be a secret." So not only is the fact that there is a message, but the way the message was altered is also known. With these knowns, encryption is not 'security through obscurity' since that term relates to hiding the fact that there are problems, something you can not do with encryption.

      --
      "I use a Mac because I'm just better than you are."
  3. Yup by mfh · · Score: 2, Insightful

    Well the above letter was kind of a joke. I mean, there were flames shooting out of the buildings!

    But the seriousness of the insecure EAS could have been much more deadly. Like if a nuke was detonated and people were told that some city was safe to return to, even when in reality a bunch of nuclear fallout was starting to cling to everything within miles of the blast.

    I'm not sure how effective hacking the EAS would be, but I am damn sure I wouldn't want to find out. I say, take it offline until they can secure it (and I don't mean by getting Diebold involved).

    --
    The dangers of knowledge trigger emotional distress in human beings.
  4. That thing is for real ? by Ralconte · · Score: 3, Insightful

    During the 9-11 attacks, did that beep come on the TV and radio? Some commedians have joked that it didn't so I don't know. I got my news from the web -- bbc.co.uk was fairly, and the local radio announcers gave the info as they saw it. Did the gov't even try to use the Emergency Alert System? Seriously, I thought the alert was just for a nuclear attack by the USSR, never ment to be anything more than that -- a useless anachronism since the 1970's. Sounds like another group of buearucrats who want some of the Patriot Act resources to pad a sagging budget.

  5. In search of the perfect dam by syrinje · · Score: 4, Insightful
    First of all, a small clarification - I agree that critical, life-saving infrastructure must be secure. That unauthorized access to these systems must be prevented. That public confidence in the sources of information is key to saving lives in the event of a disaster - and hence must be guaranteed to be genuine. A 100% of the time.

    That said - don't y'all sprain yer hamstrings to jump up and point fingers at the "government" or twist this into an open-source vs. closed source issue.

    Every system is designed in relation to its operating environment. The EBS was originally designed for a far more benign environment than exists today. I bet the primary goal of the designers was to come up with a system that was simple and effective and would work even if large parts of the power grid and the telephone network collapsed. It is inconceivable that they did not ask themselves if they needed bullet-proof authentication mechanisms - it is equally probable that they discarded that requirement as being potentially failure-prone. Given the fairly benign security environment that they designed for, and given the technology available and the overarching goal of simplicity - they cam up with what is really quite functional.

    And then the world changed (surprise, surprise). the environment that surrounded the EMS changed, rapidly and unpredictably. Where previously it was safe to assume that natural disasters would bring people in the community together to work in co-operation to face the threat, we now wonder which sleeper cells activate in these situations. The comfortable security blanket of yore that RipVanVinkle aka RVV dozed is suddenly yanked off - exposing us to the elements.

    Its like waking up one day in the shadow of a dam and suddenly seeing a thousand leaks in it. The small leaks have always been there - all dams leak and sweat a little. But now we know that there are people out there that seek to widen the cracks and stuff them with C4 and stick some fulminate in them (amazing how much chemistry you can pick up from the newspapers isnt it?). So RVV franctically tries to seal the leaks in the dam. Paranoia? Perhaps.

    The real tragedy is that the time that should be spent tending to his crops, playing with his children, making hot, sweaty love to his wife and dreaming big dreams in his afternoon nap is now spent in searching and classifying and closing the leaks in the dam.

    Will RipVanVinkle make his dam perfect? Can any dam be made perfectly leak free? Go figure.

    --
    See that long UID - that's what you get for lurking too long
  6. Re:It isn't as bad as it sounds. by evilviper · · Score: 2, Insightful
    So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal

    Which isn't difficult at all...

    Once you're a few miles away from the multi-megawatt signal, a transmitter of a few watts can over-power the signal locally.
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  7. Secure? by Cow007 · · Score: 2, Insightful

    Let us remember there is no such thing as "secure" there is only more secure. Don't rate this "100% funny" its not funny at all.

    --
    411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
  8. Re:Dear FCC by Gary+Destruction · · Score: 2, Insightful
    the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency.
    I doubt that the President would tell anybody about an impeding nuclear war. That would just create panic and hysteria.
  9. Re:Simple solution by Alioth · · Score: 2, Insightful

    Why?

    All you need is a central signing authority a la SSL websites. Everyone has a copy of the CA's key hardcoded into their emergency receiver equipment. You just have to make bloody sure the CA is never compromised (and there are ways to do that - the current SSL CAs seem to be remaining secure).

    The bit that you distribute - the CA root cert in your box - can be sent out publically. It doesn't need a secure distribution channel.

    This would be an entirely appropriate level of security for an emergency broadcast system.

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
  10. Re:So... by M-G · · Score: 2, Insightful

    Stations are required to monitor at least two sources of EAS data. To spoof a manned station, you'd need at least two transmitters.

    Good info up until that statement. The reason you're required to monitor at least two stations is for redundancy, not confirmation.

    With EBS, you only monitored one upstream station, creating a weak link. EAS requires multiple sources to prevent this problem, but doesn't cross-check the other sources.

    Think of a weather warning, where the local NWS office issues an EAS alert. All stations monitoring NOAA weather radio in the area will receive it. Some will relay it. A small station will likely get the alert direct from NOAA and from another station they monitor. So even if a station did verify with two sources, a single spoofed alert could give them two identical alerts.