Zombie emergency message revealed vulnerabilities in system

Recall back in February, someone managed to hack the Emergency Broadcast System and announced that bodies were rising from the grave. It was a good joke but not necessarily funny when you realize that this was a major security breach of a system that is critical in an emergency. We noted that engineers were looking into it. Here is an update on that.

This Is Not a Test: Emergency Broadcast Systems Proved Hackable | Threat Level | Wired.com.

Several models of Emergency Alert System decoders, used to break into TV and radio broadcasts to announce public safety warnings, have vulnerabilities that would allow hackers to hijack them and deliver fake messages to the public, according to an announcement by a security firm on Monday.

The vulnerabilities included a private root SSH key that was distributed in publicly available firmware images that would have allowed an attacker with SSH access to a device to log in with root privileges and issue fake alerts or disable the system.

It’s a bit technical but the gist is that there were several vulnerabilities in the system. These require some fixes and update to the system. So, like with other white hat hackers, it was “harmless” and revealed some serious deficiencies that needed to be addressed.