Posted
by
Soulskill
from the can-it-be-aliens-next-time-please dept.
from the can-it-be-aliens-next-time-please dept.
chicksdaddy writes
"More than six months after hacked Emergency Alert System (EAS) hardware allowed a phony warning about a zombie uprising to air in several U.S. states, a security consulting company is warning that serious issues persist in software from Monroe Electronics,
whose equipment was compromised in the earlier attack.
In a blog post,
Mike Davis of the firm IOActive said patches issued by Monroe
Electronics, the Lyndonville, New York firm that is a leading supplier
of EAS hardware, do not adequately address problems raised earlier this
year, including the use of 'bad and predictable' log-in credentials.
Further inspection by Davis turned up other problems that were either missed in the initial code review or introduced by the patch.
They include the use of “predictable and hard-coded keys and
passwords,” as well as web-based backups that were publicly accessible
and that contained valid user credentials.
Monroe’s R-189 CAP-EAS
product was the target of a hack in February during which EAS equipment
operated by broadcasters in Montana, Michigan and other states was
compromised and used to issue an alert claiming that the 'dead are
rising from their graves,' and advising residents not to attempt to
apprehend them.
CAP refers to the Common Alerting Protocol, a successor
to EAS. A recent search using the Shodan search engine by University of
Florida graduate student Shawn Merdinger found more than 200 Monroe
devices still accessible from the public Internet. 66% of those were
running vulnerable versions of the Monroe firmware."
No comments:
Post a Comment
Spammers, stay out. Only political and video game discussion here.