Emergency Alert System Insecure

glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."

tornado sirens too?

[jrockway]

I've always thought things like this were insecure. When I was in
high school, I wanted to make a device to activate the tornado siren.
I figured I could just implement a simple replay attack. I never got
around to researching what frequency the signal was broadcast on, and
I didn't know how to record the signal once I knew where to get it
from. But it seems simple:
record when they do the monthly test, replay whenever. Panic everyone. Good
fun.

Apparently if you modify various bits you can make them play different
sounds and even broadcast voice. Plenty of fun to be had there.

If anyone has done anything like this, I'd be interested in knowing,
just so I don't have to get myself hauled off to jail trying to do it
myself :)

fp?