DHS Warns of Critical Flaws in Emergency Alert System Devices

Last week, the Department of Homeland Security (DHS) warned that its Emergency Alert System (EAS), which the department uses to transmit emergency communications via TV and radio networks, could be exploited by a cyber threat actor to send out false emergency alerts. Specifically, critical security vulnerabilities in unpatched EAS encoder/decoder devices, recently discovered by a security researcher, could allow an attacker to issue fake emergency messages over the EAS infrastructure, obtain credentials, and keep legitimate users out of the system thus preventing them from responding to alerts. Although the researcher indicates that not all of the vulnerabilities have been addressed, users of EAS systems are urged to immediate apply the latest software updates to mitigate some of the vulnerabilities. Read more at CNN or at BleepingComputer.