“Huge flaw” threatens US emergency alert system, DHS researcher warns

The US Department of Homeland Security warns of vulnerabilities in the nation's emergency broadcast network that make it possible for hackers to issue bogus warnings.

The DHS's Federal Emergency Management Agency (FEMA) said that they recently became aware of certain vulnerabilities that could allow an actor to issue an alert over the host infrastructure. A proof of concept for the exploit will be presented at the DEFCON conference in Las Vegas in August.

The Monroe Electronics R189 One-Net DASDEC EAS is an emergency alert system. Emergency alert equipment is used by radio and television stations. Multiple vulnerabilities and issues have not been patched for several years and have snowballed into a huge flaw, according to a researcher.

When asked what could be done after successful exploitation, he said: 'I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alert via crafts message, have them valid / pre-empting signals at will.' Bleeping Computer said that he could lock out legitimate users when he did.

This isn’t the first time federal officials have warned of vulnerabilities in the emergency alert system.