The Federal Emergency Management Agency (FEMA) released a public notice that states that it recently became aware of certain vulnerabilities in EAS encoder/decoder devices which, if not updated to the most recent software versions, could allow an intruder to issue EAS alerts over the host infrastructure (TV, radio, cable network).
FEMA wrote, “This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14. In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks.”
FEMA strongly encourages EAS participants to ensure that:
- EAS devices and supporting systems are up to date with the most recent software versions and security patches;
- EAS devices are protected by a firewall;
- EAS devices and supporting systems are monitored and audit logs are regularly reviewed looking for unauthorized access.
Contact the IPAWS Office at firstname.lastname@example.org.