What is in this article?:
- CAP EAS hack attack
- Rumor mills rev up
- Good and bad
- Change the locks
At least one television station’s EAS alert system was compromised by an unknown hacker.
Good and bad
For all the cool stuff the Internet brings to broadcasters, such as the ability to control all sorts of things from routers to transmitters from a hand-held mobile device, there’s an equivalent amount of danger and risk in the form of hackers. The more we rely on IT infrastructure connected to the Internet, the more vulnerable we are to external hackers. This should come as no surprise to broadcasters or IT experts. This time the surprise is, to paraphrase General Buck Turgidson in the 1960s classic movie "Dr. Strangelove," we got caught with our pants down.
The simplistic explanation in this case is that someone didn’t update their insertion system password from the factory default. Some manufacturers post default passwords on the Internet in user manuals, and who wouldn’t guess the usual default passwords such as “admin” and “password?” We don’t know exactly how the zombie hacker gained access because the facts aren’t all in yet. What we do know is that in CAP EAS, there can be ways to bypass the password through the back door. The entire CAP EAS protocol structure is public record.
The threat of hackers isn’t limited to what stations air. Telephone hacking demolished a UK-based newspaper and continues to bring down some UK reporters. Stories and photos of electronic road warning sign hacks are not uncommon. On Dec. 18, 2011, this newsletter reported on a spooky cell phone EAS hacking incident that took place in New Jersey. Clearly, digital electronics can and will be hacked.
In radio and television broadcasting, it’s up to engineers, from design engineers to local station engineers, to protect their gear and facilities from all forms hacking. Some might call the EAS zombie incident a prank. Others, such as the federal government, might count the incident as cyber warfare. I think the zombie hacker did us a favor because what happened shines a blinding light through holes in the CAP EAS system, particularly in this era of unattended station operation.
Not coincidently, a report for the FCC is being prepared by an FCC advisory group known as the Communications Security and Reliability Council on end-to-end security threats and improvements that may be needed. The Council includes several CAP EAS manufacturers. The report has been in progress for some time and will be delivered in March. It is not a specific response to the zombie incident but will likely identify some of the holes the zombie hacker used.
