RSS

The Bulletin

Zombie broadcast hoax only the tip of the security iceberg

Posting in Design

We may like the idea of smart meters and grids, but what's the point if we can't even protect the emergency broadcast system?

The recent hacking of America's Emergency Alert System (EAS), which warned citizens in Montana that "the bodies of the dead are rising from their graves and attacking the living" raised confusion as well as hilarity, but if hackers can so easily get into an emergency system designed to protect citizens, who knows what would happen if a smart grid system was taken down -- something that so many core services rely upon.

Was it down to sophisticated cracking software or the back-breaking work of criminals? No. According to Reuters, it was the far too-common reason so many systems are often compromised -- simple, human stupidity.

Like waving a red flag to a bull, system administrators across the U.S. left a number of passwords for the EAS software simply set to default. Unsurprising when you consider how many people insist on using passwords that are the hacker's delight, including 'qwerty', 'password', and '12346'.

Mike Davis, a security expert at IOActive Labs, told the publication that by using Google's search engine, he was able to find at least 30 additional alert systems that are vulnerable to attack. The zombie hoax may have only been a prank present on one station, but as Davis noted, the message could have been delivered to a lot more systems, and had the potential to breed chaos rather than humor.

The vulnerabilities in EAS systems have been forwarded to the Department of Homeland Security's U.S. Computer Emergency Readiness Team, US-CERT, but here's an idea: how about we start with the basics, and force lazy administrators to change the passwords regularly when it comes to such sensitive systems?

Failing that, perhaps the guys behind the EAS should take Google's password ring for a spin.

Image credit: Daniel Hollister

Related:

— By on February 13, 2013, 7:45 PM PST

Charlie Osborne

Contributing Editor

Charlie Osborne is a freelance journalist and photographer based in London. In addition to SmartPlanet, she also writes for business technology website ZDNet and consumer technology site CNET. She holds a degree in medical anthropology from the University of Kent. Follow her on Twitter. Disclosure