IPAWS Advisory: Emergency Alert System (EAS) Vulnerability

FEMA recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network).

This exploit was successfully demonstrated by Ken Pyle, a security researcher at CYBIR.com, and may be presented as a proof of concept at the upcoming DEFCON 2022 conference in Las Vegas, August 11-14.

In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks.

FEMA strongly encourages EAS participants to ensure that:

1. EAS devices and supporting systems are up to date with the most recent software versions and security patches;
2. EAS devices are protected by a firewall;
3. EAS devices and supporting systems are monitored and audit logs are regularly reviewed looking for unauthorized access.

FEMA values its partnership with broadcasters and appreciates efforts to maintain public trust and confidence in the Emergency Alert System.

Contact the IPAWS Office at [email protected]

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio