Slashdot Mirror
Emergency Alert System Insecure
glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."
I've always thought things like this were insecure. When I was in
:)
high school, I wanted to make a device to activate the tornado siren.
I figured I could just implement a simple replay attack. I never got
around to researching what frequency the signal was broadcast on, and
I didn't know how to record the signal once I knew where to get it
from. But it seems simple:
record when they do the monthly test, replay whenever. Panic everyone. Good
fun.
Apparently if you modify various bits you can make them play different
sounds and even broadcast voice. Plenty of fun to be had there.
If anyone has done anything like this, I'd be interested in knowing,
just so I don't have to get myself hauled off to jail trying to do it
myself
fp?
My other car is first.
That's not a good idea. The system is currently used for many events less catastrophic than World War III, like severe weather warnings.
Mea navis aericumbens anguillis abundat
...don't fix it.
Seriously. We don't have to coat everything in 50 feet of kevlar, spaced 100 feet apart and communicating with 1GB encryption keys.
Unencrypted broadcasting modem: scales well and very cost-effective.
When it was made, that wouldn't have been a problem. It was put in to repeat a message sent in the event of soviet nuclear attack. Each node would relay to all the other nodes. Of course, modem technology was rather scarce at the time, so security wasn't the top concern. This thing was never designed for security.
This is one of the few times where I can see hacking as terrorism. If you hack this, you are, in my eyes and in those of the law, a terrorist. Leave this one be.
Since when has this country used intellectual elite as a pejorative term?
It did not go off at our radio stations during 9/11 .. but then we are nowhere near any of the places that were attacked. However, it is used. We have had it go off for weather emergencies, and for Amber Alerts to find potentially kidnapped children. (In both cases locally, the children were found within an hour of the alert being broadcast.) So, not quite useless... but could be used better than it is. Oh, and we had to pay for all the equipment, and the changeover in equip from the EBS to the EAS. So no fed moneys come to us to pay for it.
On another note, we do not monitor every possible frequency out there for carrying forward EAS alerts... someone wanting to "hack into the system" would have to also know the exact frequencies we do monitor, and override those freqs... not that that's too hard to figure out, but it's another wrench in the way.
KDLynch
They could have already set up monitors that could very quickly traingulate the source of an interference, while in parallel secretly laying down a secure system. Then by encouraging press coverage of the security holes, they would raise the possibility of a terrorist trying to use said security holes, and in doing so, give up their location.
Puting on my meta-tin-foil-hat.
The previous poster is correct. There were actually two tones (853 and 960 Hz) which were broadcast at the same time for 22.5 seconds. By using two tones it prevented false detection. Usually. I built more than one EBS detector during that period with a couple of Tone detectors (NE567 if I remember correctly) and an and gate and a 555 timer to not alert unless the tone was on for more than 10 seconds or so. This was primarily used in later years for local emergencies such as tornadoes. However, for nationwide emergencies another system was used.
Each station had a "big red envelope". The station I worked for had it at the operator position in the main control room. Digging around the internet I found this site which has a picture of an envelope from 73. I remember the newer ones (about 1991) being better printed, but about the same. The envelopes were sealed and were not to be opened unless the station received an EBS message via teletype which needed to be authenticated. This envelope was replaced on a regular basis.
At some point during the period I was around the station I asked the owner about the envelope, and he related the story about the February 1971 activation. Evidentally he was on duty when the message came in. (Looks like there's a copy of the message up on this site). He opened the envelope and checked the authenticators. Now you have to realize that everyone pretty much knew that the only likely reason for the nationwide system to be activated was nuclear war. Saying that he was rather worried by this message is an understatement. I can't remember if he complied with the warning or if it was called off fast enough that he didn't have to, but I do remember he was either ready to shut down or did.
If you google for "1971 EBS Activation", You will find some other stories about this event.
I heard that in one of the Dakotas they had a chemical disaster and the police tried for an hour to get an annoucement over the air. Turns out that all the local broadcast stations were remotely managed from 1000 miles away and nobody could get ahold of anyone who could put an annoucement on the air. Gotta love radio station consolidation...
Actually, it is likely that some percentage of the population would survive a war. Sure, nobody within a mile of a detonation is likely to be alive, but further out if you have cover and a supply of iodine, safe food, and water, you'll have a chance to make it.
In any population there will be those who are more tolerant of radiation that others. A nuclear war will simply select for humans who can tolerate these conditions. Sure, mankind will probably live in the stone ages for a thousand years or more, but eventually things will clean themselves up enough for civilization to re-emerge.
I wonder what such a society would be like? It would have some knowledge from the high-tech past, but little means of employing most of it...
As a broadcast engineer, this system was IMO, broken from the gitgo.
However, let me also point out that the huge majority of the system, if it all worked, which is rare, is secure in that the average stations gear can only accept input from the designated primary station in the area, and the NWS services which are also a part of the "network".
The rest of the secondary sites in a given area are proscribed from the generation of any spurious information by the FCC, with the penalties being both uncontestable, and damned expensive for the offender who originated the false message.
The rest of the problem is its dependability. The local system here has to jump the NRAO Quiet Zone, and is I believe now a satellite link, itself a huge problem in the event of an emp from an atomic device on the same side of the planet, or solar flares also can potentially render the link useless.
Once you get the alert up here from star city, then you have the problem of poorly designed gear foisted off on us broadcasters by the relatively short timetable mandated by the last methodology change about 15 years ago. That gear is now failing, and the maker, who was probably incorporated just to peddle the things, has since found it impossible to survive on the expendables the system requires, like its printers unique thermal paper etc. No schematics were furnished without a lot of yelling and screaming on our part, and sending it back for expert service? Fugetaboudit. Expert service does not exist in many cases.
And then the commission wants to fine us 27,000 per malfunction to boot. Most of the failures are beyond our control as the testing frequency is not sufficient to locate a malfunction before its a real malfunction.
Yes, its broken, hopelessly so. It needs to be replaced with something that actually works AND is secure from outside attacks.
And it needs to be stated up front that anyone with an idea of sueing the users for using an unknown submarine patent they ran to the patent office and got a patent on after the system was developed, will do jail time until such time as the system is declared unusable as this one s/b now. We went thru that already with this system, some jerk, smelling an easy dollar, ran and got a patent on it from our slumbering USTPO and sent all of us letters demanding $1500 a year for a license to use the system that was developed and mandated by the government. I think all of us were in close harmony during the chorus that told the commission and the equipment makers to pay it, we weren't about to pay annually for something that was mandated by them once we had purchased the original gear and installed it.
They faded away into the slime from whence they came eventually, and the patent was eventually set aside, or so we are being told.
Yah, we need a new system, one considerably more well thought out than this one ever was.
--
Cheers, Gene
The BBC TV film "Threads" (made in 1983) had a go at describing it. The film was made at the height of public 'nuclear paranoia', and apparently makes "The Day After" look like a soap opera by comparison (I've not seen "The Day After" so I can't really comment on it).
"Threads" is the most depressing film I've ever seen. When I originally saw it (aged 12) I had to turn off the TV right after the nuclear attack happened and couldn't sleep for weeks because it made me realise what nuclear war was about - I hadn't even barely understood until then. I recently got it in DivX form off a friend and watched it all the way through. It is not a film that comes under the heading "entertainment".
There is a good synopsis here: http://www.ibp-intl.demon.co.uk/nuke/threads.html
The leaflets the UK Government were publishing at the time (when we all thought nuclear war was basically inevitable - it was when not if - and we had no control over it; it was largely an American or Russian decision whether the world should be scorched): http://www.cybertrn.demon.co.uk/atomic/
If you google around a bit, there are some quite good descriptions of the UK's (long-dismantled) emergency warning systems - it was multiplexed on the same phone lines as the Speaking Clock and could basically start and stop the sirens centrally. The UKWMO (also now defunct, described in the 'Protect and Survive' URL above) controlled the 'all clear' etc. signals.
Oolite: Elite-like game. For Mac, Linux and Windows
EAS is trigged by unencrypted slow-modem-like broadcasts over the broadcast airwaves. That is, station A has a machine that listens to station B, and when station B broadcasts an alert that needs to be heard on station A, a magic box interrupts programming to broadcast the alert.
Sure, there's no tech security in the EAS system itself, but there is plenty of physical security at any TV or radio station under the jurisdiction of the FCC. To put it bluntly, if their broadcast signal is overtaken by a hacker by any means, that station is at risk of having its ability to do business taking away from them forever by losing their license.
To create a false EAS message, an attacker would need to know what stations monitors what other stations in the EAS network, and also be able to overtake on of those statioons to get their own broadcast on the air. This just plain isn't likely... not to mention whatever public panic might be created would be mitigated by the real EAS system quickly publishing a "Ignore last message, we've lost control of our system!" message.