Slashdot Mirror
Emergency Alert System Insecure
glebe writes "The U.S. Emergency Alert System used to issue disaster warnings and other alerts over T.V. and radio is vulnerable to spoofing and denial-of-service attacks, SecurityFocus is reporting. Apparently, 'the EAS was built without basic authentication mechanisms, and is activated locally by unencrypted low-speed modem transmissions over public airwaves.' The FCC acknowledged the security issues yesterday in a public notice seeking comment on the future of the system."
Dear FCC,
Since you asked, I thought I would weigh in with my comments about The U.S. Emergency Alert System (EAS). I think it's appalling that anyone with a 14.4 could tap into this system and alter it for their own aims. The whole system could be crashed by terrorists during an attack, compounding the devastation of any terrorist attack by cutting off access to the system, or providing false and possibly deadly information. For example, during the 9/11 attacks the EAS could have directed people to return to their desks in the WTC, magnifying the losses suffered that day.
I suggest you rebuild the EAS and take it offline until such a time that it can be secure.
>... the EAS is designed to allow the President to interrupt television and radio programming and speak directly to the American people in the event of an impending nuclear war, or a similarly extreme national emergency.
With the audio capabilities available today, it would be quite possible to dupe the public into thinking they were listening to George Bush, when in fact they were listening to the words of Osama bin Laden. And with the stuff Bush has been saying lately, the public might actually believe it was Bush no matter how insane the babble was!
Somehow you would want to have a method for ensuring the audio was legit, encrypted and unaltered. I'm sure there are many ways to do this today, so I'm not really sure why you're asking me! Throw up a bunch of secure pipes and give the president access to them. Come up with a way to keep his message secure. Yeah, it's going to be expensive, but not as costly as 80,000 employees of the WTC returning to their offices because the EAS said it was "just a test".
Kind Regards,
Scott
The dangers of knowledge trigger emotional distress in human beings.
I've always thought things like this were insecure. When I was in
:)
high school, I wanted to make a device to activate the tornado siren.
I figured I could just implement a simple replay attack. I never got
around to researching what frequency the signal was broadcast on, and
I didn't know how to record the signal once I knew where to get it
from. But it seems simple:
record when they do the monthly test, replay whenever. Panic everyone. Good
fun.
Apparently if you modify various bits you can make them play different
sounds and even broadcast voice. Plenty of fun to be had there.
If anyone has done anything like this, I'd be interested in knowing,
just so I don't have to get myself hauled off to jail trying to do it
myself
fp?
My other car is first.
10 bucks for whoever can get all of Nevada to evacuate due to imminent flooding.
after a mysterious color purple alert was issued. Officials believe it was the work of slashdot user outraged at the horrible color schemes on the popular news for nerds website.
to give you this emergency message: ``Are your mortgage rates skyrocketing? Are your sexual organs too small? Do you have more money than brains? You can solve all of these problems by purchasing SUPER-VIAGRA! . . . and something about a tornado.''
MOUNT TAPE U1439 ON B3, NO RING
...how long until primetime television is interrupted so that we may be informed that 'all your base are belong to us'?
Almost two years old, in fact:
http://www.securityfocus.com/news/613
I'm sure one could find even earlier discussions of this vulnerability.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
NWR Specific Area Message Encoding (SAME)
Full spec (pdf)
I'm sure it's nothing Halliburton or Diebold can't fix for $400 Million via a no-bid contract.
If they went public with this, I'd bet good money it's a precursor to an already set up proposal from a well-connected contractor who wants to ride the wave of public fear all the way to ten times the cost of fixing it.
When it was made, that wouldn't have been a problem. It was put in to repeat a message sent in the event of soviet nuclear attack. Each node would relay to all the other nodes. Of course, modem technology was rather scarce at the time, so security wasn't the top concern. This thing was never designed for security.
This is one of the few times where I can see hacking as terrorism. If you hack this, you are, in my eyes and in those of the law, a terrorist. Leave this one be.
Since when has this country used intellectual elite as a pejorative term?
That said - don't y'all sprain yer hamstrings to jump up and point fingers at the "government" or twist this into an open-source vs. closed source issue.
Every system is designed in relation to its operating environment. The EBS was originally designed for a far more benign environment than exists today. I bet the primary goal of the designers was to come up with a system that was simple and effective and would work even if large parts of the power grid and the telephone network collapsed. It is inconceivable that they did not ask themselves if they needed bullet-proof authentication mechanisms - it is equally probable that they discarded that requirement as being potentially failure-prone. Given the fairly benign security environment that they designed for, and given the technology available and the overarching goal of simplicity - they cam up with what is really quite functional.
And then the world changed (surprise, surprise). the environment that surrounded the EMS changed, rapidly and unpredictably. Where previously it was safe to assume that natural disasters would bring people in the community together to work in co-operation to face the threat, we now wonder which sleeper cells activate in these situations. The comfortable security blanket of yore that RipVanVinkle aka RVV dozed is suddenly yanked off - exposing us to the elements.
Its like waking up one day in the shadow of a dam and suddenly seeing a thousand leaks in it. The small leaks have always been there - all dams leak and sweat a little. But now we know that there are people out there that seek to widen the cracks and stuff them with C4 and stick some fulminate in them (amazing how much chemistry you can pick up from the newspapers isnt it?). So RVV franctically tries to seal the leaks in the dam. Paranoia? Perhaps.
The real tragedy is that the time that should be spent tending to his crops, playing with his children, making hot, sweaty love to his wife and dreaming big dreams in his afternoon nap is now spent in searching and classifying and closing the leaks in the dam.
Will RipVanVinkle make his dam perfect? Can any dam be made perfectly leak free? Go figure.
See that long UID - that's what you get for lurking too long
On February 21, 1971, an alert message announcing a nuclear war was sent over the teletype network by accident. Somebody at NORAD loaded the wrong paper tape. Almost no stations broadcast the message. One station in Florida actually did. After that, NORAD lost their authority to send emergency action messages on their own.
The current system has more input sources than the old one did. There are weather alerts, and now even child abduction alerts. If there's ever a phony message, it will probably come from some "authorized" input source.
A detailed history is here.
Not only that, but you can find the format for EAS messages on Wikipedia, along with an overview of SAME headers and messages.
EAS has never been a secret. Neither was EBS, nor CONELRAD. HAND.
Yes, its based on low-speed modem transmissions over public airwaves. What wasn't mentioned is:
The low-speed transmissions are done by 'primary' stations, who have big transmitters. 'Secondary' stations choose primary stations to monitor, and retransmit the alerts the primary stations transmit.
The low-speed transmissions are done on their broadcast frequency.
So, you know what you need to exploit this? Locally, you need to know which local station(s) is/are primary, and a transmitter big enough to override the monitored signal, or a group of transmitters big enough to override the monitored signal at each of the monitoring antennas.
Nationally, you would need to do this for EVERY primary station.
It isn't perfect, but its actually pretty reasonable security. A far bigger threat would be someone who could inject a believable warning into the primary systems, and even there, I'm not so certain its really a worry (see: 1970s NORAD mistake that no one broadcast).
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
It truly was designed for a different era, but has its uses even today. Virtually all weather emergency bulletins are sent out via the EAS protocols today, which doesn't normally affect people in, say, Silicon Valley, but makes a big difference in Tornado Alley and in Florida right now.
A few miles from here there was a fire at a chemical factory in La Mesa, CA... I was sitting there watching something on a high-cable channel when I hear a tone and see scrolling text at the top of the screen advising me to evacuate the area. Thank you EAS, and thank you Cox Cable.
When San Diego had its Cedar Fire in 2003 (largest fire in the history of CA, which altered everyone here's life) the EAS was used by the NWS, FD, and PD to provide information on evacuation across all channels on the cable systems (not sure about the radio, they might have been covering that themselves).
The California Office of Emergency Services has a Emerg. Digital Info Service that uses some of the same technology and protocols as well (includes the much-reknowned AMBER alerts).
Don't think that this is some relic, this is used and tested on at least a weekly basis nationwide (SD Info).
That being said, efforts to modernize and update things are great. I'd like to see some sort of emergency protocol for data packets, similar to the emergency phone service that allows infrastructure workers' phone calls to have priority in the midst of an emergency. There should be a EAS sitatuion website that is update out-of-bounds and is replicated (through some fancy AS routing) to servers all across the country, so it's always accessible. Think of a FEMA-run Akamai.
The company I work for was even considering some way to allow people to have EDIS/EAS alerts pop up (via Messenger service or some other client) whenever they were released for the area they're in (won't work because of all the RFC1918 space they use
Emergency Alert Systems, and Civil Defense systems in general ARE still around, and ARE working within their original intent, but more public attention needs to be brought to them, so that all know about them. It's not so much security, but having more eyes on them will undoubtedly help suggest further improvements.
And I agree with the earlier poster... ANYONE who hacks a system like this deserves the 20 years of time they'll get. That's just dumb. It's on a par with DOSing a 911 call center. Don't do it. You WILL cause loss of life and NO ONE will have any sympathy when you go to prison for a very, very long time. In fact, I'd love to help catch you.
Hire a Linux system administrator, systems engineer,
Actually, it is likely that some percentage of the population would survive a war. Sure, nobody within a mile of a detonation is likely to be alive, but further out if you have cover and a supply of iodine, safe food, and water, you'll have a chance to make it.
In any population there will be those who are more tolerant of radiation that others. A nuclear war will simply select for humans who can tolerate these conditions. Sure, mankind will probably live in the stone ages for a thousand years or more, but eventually things will clean themselves up enough for civilization to re-emerge.
I wonder what such a society would be like? It would have some knowledge from the high-tech past, but little means of employing most of it...
As a broadcast engineer, this system was IMO, broken from the gitgo.
However, let me also point out that the huge majority of the system, if it all worked, which is rare, is secure in that the average stations gear can only accept input from the designated primary station in the area, and the NWS services which are also a part of the "network".
The rest of the secondary sites in a given area are proscribed from the generation of any spurious information by the FCC, with the penalties being both uncontestable, and damned expensive for the offender who originated the false message.
The rest of the problem is its dependability. The local system here has to jump the NRAO Quiet Zone, and is I believe now a satellite link, itself a huge problem in the event of an emp from an atomic device on the same side of the planet, or solar flares also can potentially render the link useless.
Once you get the alert up here from star city, then you have the problem of poorly designed gear foisted off on us broadcasters by the relatively short timetable mandated by the last methodology change about 15 years ago. That gear is now failing, and the maker, who was probably incorporated just to peddle the things, has since found it impossible to survive on the expendables the system requires, like its printers unique thermal paper etc. No schematics were furnished without a lot of yelling and screaming on our part, and sending it back for expert service? Fugetaboudit. Expert service does not exist in many cases.
And then the commission wants to fine us 27,000 per malfunction to boot. Most of the failures are beyond our control as the testing frequency is not sufficient to locate a malfunction before its a real malfunction.
Yes, its broken, hopelessly so. It needs to be replaced with something that actually works AND is secure from outside attacks.
And it needs to be stated up front that anyone with an idea of sueing the users for using an unknown submarine patent they ran to the patent office and got a patent on after the system was developed, will do jail time until such time as the system is declared unusable as this one s/b now. We went thru that already with this system, some jerk, smelling an easy dollar, ran and got a patent on it from our slumbering USTPO and sent all of us letters demanding $1500 a year for a license to use the system that was developed and mandated by the government. I think all of us were in close harmony during the chorus that told the commission and the equipment makers to pay it, we weren't about to pay annually for something that was mandated by them once we had purchased the original gear and installed it.
They faded away into the slime from whence they came eventually, and the patent was eventually set aside, or so we are being told.
Yah, we need a new system, one considerably more well thought out than this one ever was.
--
Cheers, Gene
The BBC TV film "Threads" (made in 1983) had a go at describing it. The film was made at the height of public 'nuclear paranoia', and apparently makes "The Day After" look like a soap opera by comparison (I've not seen "The Day After" so I can't really comment on it).
"Threads" is the most depressing film I've ever seen. When I originally saw it (aged 12) I had to turn off the TV right after the nuclear attack happened and couldn't sleep for weeks because it made me realise what nuclear war was about - I hadn't even barely understood until then. I recently got it in DivX form off a friend and watched it all the way through. It is not a film that comes under the heading "entertainment".
There is a good synopsis here: http://www.ibp-intl.demon.co.uk/nuke/threads.html
The leaflets the UK Government were publishing at the time (when we all thought nuclear war was basically inevitable - it was when not if - and we had no control over it; it was largely an American or Russian decision whether the world should be scorched): http://www.cybertrn.demon.co.uk/atomic/
If you google around a bit, there are some quite good descriptions of the UK's (long-dismantled) emergency warning systems - it was multiplexed on the same phone lines as the Speaking Clock and could basically start and stop the sirens centrally. The UKWMO (also now defunct, described in the 'Protect and Survive' URL above) controlled the 'all clear' etc. signals.
Oolite: Elite-like game. For Mac, Linux and Windows