Zombies are fun in games, but how about Zombie attacks in reality? Okay, I know that sounds like a prank. But the flip side of the conversation is that some pranksters issued fake warnings of a Zombie apocalypse. The pranksters exploited the vulnerabilities in America’s TV emergency alert system and loopholes that the station bosses remember to change the default passwords on their broadcast equipment. They hacked several television stations’ emergency alert system in Montana and Michigan to broadcast an on-air audio warning about the end of the world.
“It isn’t what [the pranksters] said,” White said. “It is the fact that they got into the system,” said Karole White, president of the Michigan Association of Broadcasters.
This may sound funny, but if we take a keen look at the issue, this is not funny at all. It’s rather worrisome. The fact that some mischievous people hacked the critical infrastructure is dangerous to public safety. Not exactly, but this is a kind of swatting attack. This can be better described with the following example,
“When people call the 911 system to submit false calls for help, this results in fully armed SWAT teams being sent to the houses of unsuspecting, innocent people. No one has been killed in these incidents, but that has more to do with good training and luck. The fact is that the system is being compromised in a way that is putting people at real risk by sending fully armed teams into situations they believe may require deadly force (and where their own lives are at risk).”
The touch point here is that Emergency Alert System is a part of critical infrastructure and is highly trusted. Any compromise of these systems with malicious intent can lead to truly dangerous consequences.
In addition, Mike Davis, a hardware expert at the computer security biz found 30 alert systems across the US that is vulnerable to attack. The security flaws allow attackers to remotely compromise these devices and broadcast official alerts through US radio and TV stations. He reported the vulnerabilities to the US’s Computer Emergency Response Team about a month ago but is not revealing details of the vulnerabilities nor the names of the manufacturers they affect, pending confirmation of a fix.