Security consultancy firm IOActive has warned that emergency alert system devices utilized by radio and TV stations can easily be hacked in an effort to cause widespread panic.
"We found some devices directly connected to the Internet and we think that it's possible that hackers are currently exploiting some of these vulnerabilities or some other flaws," chief technology officer of IOActive Cesar Cerrudo told Computerworld.
Cerrudo stated that at least two types of Emergency Alert System devices are predominately vulnerable to attacks. "We contacted CERT [U.S. Computer Emergency Readiness Team] almost a month ago and CERT is coordinating with the vendor to get the issues fixed," he said.
The hacker that bypassed the television stations' systems security for the zombie hoax is said to have utilized a "back door" attack.
"It has been determined that a 'back door' attack allowed the hacker to access the security of the EAS equipment," said Cynthia Thompson, station manager for ABC 10, which was one of the stations affected. "The nature of the message Monday night was not necessarily dangerous, but the fact that the system was vulnerable to outside intrusion is a danger."
