Several broadcast groups are taking precautions to ensure their emergency alert units are secure. That’s in the wake of someone hacking into a station’s EAS encoder/decoder through its connection to the Internet and programming a fake alert, which the device automatically transmitted.
The fake alert was apparently transmitted in several states that we know of so far, including Montana, Utah, Michigan and New Mexico. Others may come to light later.
The FCC told stations this week they must change the passwords for their EAS encoders/decoders, especially if the devices are still set with the factory default password.
“We have checked to make sure passwords were indeed changed from the factory defaults and we have checked to make sure there were no pending messages queued up for later transmission,” said Cris Alexander, director of engineering for Crawford Broadcasting, which includes 25 radio stations.
Barry Thomas, vice president of engineering for Lincoln Financial Media, said, “When the news of this hit we all confirmed the unique passwords on our EAS equipment and the security of our firewalls.”
Lincoln Financial Media stations that have equipment managed by state emergency officials “reached out to the responsible parties and made them aware of the event” so they could secure their hardware as well, Thomas said. Thomas described IT security at the broadcaster as “pretty buttoned up.” He said he isn’t aware of any attempts by anyone to use the group’s equipment to send bogus alerts.
The bogus alerts, which were initially broadcast over TV stations in Montana and Michigan, warned viewers of “zombie attacks.” The fake alerts occurred when someone knew or figured out the default password of EAS equipment and inserted the fake message.
“I think it is a wake-up call,” said Art Morris, contract engineer and consultant based in Springfield, Mo. “Many engineers were concerned a couple of years ago when an Internet-based system was proposed. Not just because of the potential for this kind of thing. There are still many places in this country where reliable Internet service still isn’t available.”