Alerts of "rising dead" still exploitable on EAS

Share this article:
Security group IOActive announced Thursday that vulnerabilities are still present in the EAS.
Security group IOActive announced Thursday that vulnerabilities are still present in the EAS.

A security group which shed light in July on the vulnerabilities hackers exploited to compromise the national Emergency Alert System (EAS) announced Thursday that those weaknesses are still present, despite a patch having been issued.

“The patch was to specifically address the vulnerabilities in [US-CERT's] VU#662676 – specifically time-based passwords, exposed SSH keys being the most serious,” Mike Davis, principal research scientist at IOActive, a security service provider, told on Friday.

The patch was designed so exposed SSH keys would be removed and user-generated passwords would be corrected, Davis said, but the researcher explained that did not end up being the case and that most patched systems are still vulnerable.

“After discovering that most of the patched servers running 2.0-2 were still vulnerable to the exposed SSH key, I decided to dig deeper into the newly issued security patch and discovered another series of flaws which exposed more credentials (allowing unauthenticated alerts) along with a mixed bag of predictable and hard-coded keys and passwords,” Davis said in a Thursday post.

There are web accessible back-ups containing credentials also available, the researcher added. “Even new features introduced to the 2.0-2 version since I first looked at the technology appeared to contain a new batch of hard-coded (in their configuration) credentials.”

A few months ago, Davis discovered that the root privileged SSH key for DASDEC-1 and DASDEC-II – a digital emergency alerting and messaging technology made by Digital Alert Systems and used in the EAS – and perhaps other Linux-based hardware too was vulnerable, allowing attackers to manipulate the system by logging in using the default password “Root” to a DASDEC device.

What that allowed hackers to do in February was broadcast zombie outbreak messages to viewers of four stations in Michigan and Montana, warning them of “dead bodies rising from the grave and attacking the living.”

At the time, the station manager of affected Michigan stations WBUP (ABC-10) and WBKP (CW-5) confirmed the zombie alert incident was caused by hackers.

When asked how this vulnerability allows an attacker to compromise the system, Davis said, “The attacker logs into the server using the hard-coded root password, or using the root SSH key, and issues an alert using the software. Alternatively, an attacker can just create credentials for himself and login using the web interface as any other authorized DASDEC user.”

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.