Serious bug in US Emergency Alert System could be abused to create mass panic

A bug in the US Emergency Alert System (EAS), a tool used to deliver urgent alerts to the general public, could be abused by threat actors to send out fake alerts, possibly creating mass panic.

The Department of Homeland Security (DHS) recently confirmed these findings in an advisory and urged organizations using EAS to tighten up on their security measures, in order to prevent any abuse. 

As reported by The Register, the flaw was discovered by cybersecurity researcher Ken Pyle, who also managed to successfully exploit it. Apparently, a proof-of-concept is in the works and should be presented to the general public soon.

Tightening up security

In order to keep their endpoints secure, the DHS says, businesses need to update both their hardware and their software to the latest versions, apply security patches wherever possible, and set up a firewall as extra means of defense. Furthermore, they need to monitor their systems, and regularly review audit logs, to make sure no unauthorized access occurs. 

While the DHS did not go into details about the flaw, The Register found reports of holes being found in the Monroe Electronics R189 One-Net DASDEC EAS device.

EAS is a tool used by the US government to send out urgent messages to its citizens. During an emergency, the US President and other high-level state officials can use the system to address the American people in less than 10 minutes, through TV broadcasters, cable TV, wireless cable systems, satellite and wireline operators. 

The system is run by the Federal Emergency Management Agency (FEMA), Federal Communications Commission (FCC), and National Oceanic and Atmospheric Administration.

• These are the best antivirus services right now

Via The Register