Vulnerabilities in software that TV and radio networks around the country use to transmit emergency alerts could allow a hacker to broadcast fake messages over the alert system, a Federal Emergency Management Agency official tells CNN.
A cybersecurity researcher provided FEMA with “compelling evidence to suggest certain unpatched and unsecured EAS (Emergency Alert System) devices are indeed vulnerable,” said Mark Lucero, the chief engineer for Integrated Public Alert & Warning System, the national system that state and local officials use to send urgent alerts about natural disasters or child abductions.
The agency this week urged operators of the devices to update their software to address the issue, saying that the false alerts could in theory be issued over TV, radio and cable networks. The advisory did not say that alerts sent over text messages were affected. There is no evidence that malicious hackers have exploited the vulnerabilities, Lucero said.
It’s unclear how many emergency alert system devices are running the vulnerable software. FEMA referred a request for an estimate of that figure to the FCC, which did not immediately respond to a request for comment.
