The attacks Monday on a handful of stations prompted the Government to order broadcasters to change passwords for the equipment used by the authorities to immediately push out emergency transmissions through what is known as the emergency alert system, or EAS.
The FCC did not want to comment on the attacks, but urgent advice posted by television stations on Tuesday, the Agency said: "all EAS participants are required to take immediate action".
Instructed them to change passwords on equipment from all manufacturers that emergency forces broadcasts on television networks, interrupting regular programming. It instructed them to make sure that the gear was protected behind firewalls and also inspect systems for ensuring that hackers had no tail "unauthorized alerts" for future transmission.
The attacks came at a time when officials and external security experts are warning that the United States is at risk of a cyber attack that could cause serious injury or even cost lives. President Barack Obama told Congress that some hackers are looking for ways to attack the United States power grid, banks and air traffic control systems.
While the zombie hoax seemed to be rather harmless, the fact that hackers could easily sent an emergency message showed that they are able to wreak havoc with communications more alarming.
"It's not what he said. Is the fact that they got in the system. They could have caused any real damage, "says Karole White, President of the Michigan Association of Broadcasters.
White and its equivalent in Montana, Greg MacDonald, said he believed that hackers were able to get because the stations had not changed the default password that they used when they shipped from the manufacturer.
"Zombie" hackers targeted two stations in Michigan and several in California, Montana and New Mexico, said White.
A male voice addressed viewers in a video posted on the Internet of fake warning broadcast by KRTV in Great Falls, Montana, an affiliate CBS: "civilian authorities in your area have reported that the bodies of the dead are rising from the grave and attacking life."
The voice warned "not to approach or catch these bodies as they are extremely dangerous."
STILL VULNERABLE
Larry Estlack, President of the Michigan Emergency Alert System, told Reuters that passwords sometimes not getting changed because EAS uses equipment that are not easy to configure.
"Some people have trouble getting through the setup procedure. Is quite complex, "he said.
But Mike Davis, a hardware security experts with a firm known as IOActive Labs, said that there were other ways to remotely access to systems that allow hackers to skip verification of the password even if they have been modified.
Davis said that he had submitted a report to the u.s. Department of Homeland Security's Computer Emergency Readiness Team, or US-CERT, about a month ago that detailed security flaws in EAS equipment that warned make it vulnerable to attack.
"Changing passwords is insufficient to prevent unauthorized remote access. There are still more undisclosed authentication exclusions, "told Reuters via email. "I would recommend disconnecting them from the network until a fix is available.
Davis said he was able to use the search engine Google Inc. to identify some 30 who believed that systems were vulnerable to attack from Wednesday morning.
With US-CERT officials could not be reached.
Bill Robertson, vice President of the privately held electronic electronics Lyndonville Monroe, New York, told Reuters that his company's equipment had been compromised at least some of the attacks after hackers gained access to their default passwords.
Monroe publishes the default password for the equipment manuals that can be consulted on its Web site.
Robertson said he believed that the attackers had been able to access the devices via the Internet because television stations had not properly secured the equipment behind walls of fire, which is what I recommend to Monroe.
"The devices were not really locked down right. They were exposed, "he said.
He said the company is working to reinforce safety on equipment and may update the software so that it forces customers to change their default passwords.
"They were compromised because the door was left open. It was just like saying ' Walk in the door, ' "he said.
Spokesman for the Federal Emergency Management Agency Dan Watson said the breach did not have any impact on the Government's ability to activate the emergency alert system.
(Reporting by Jim Finkle; Editing by Lisa Shumaker and Patrick Graham)
No comments:
Post a Comment