Unchanged passwords in zombie alert hoax
MANILA, Philippines - While hackers may have ultimately been the ones who infiltrated the US emergency broadcast system to make a zombie alert hoax, it seems TV stations were partly to blame for not changing the factory default passwords on their equipment.
Reuters brings up an urgent advisory from the Federal Communications Commission (FCC), which instructed TV stations to "change passwords on equipment from all manufacturers, making sure that gear was secured behind firewalls and to also inspect systems to ensure that hackers had not queued 'unauthorised alerts' for future transmission."
While the hoax itself did no lasting harm, the implications of such an attack would be more deeply felt had there been more malicious communication spread across affected broadcast systems.
Mike Davis, a hardware security expert from IOActive Labs, also mentioned how a Google search led him to identify 30 alert systems across the US that were potentially open to attack.
He also sent a report about those vulnerabilities in emergency alert systems to the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) for investigation last month, though the Reuters report mentions, "Officials with US-CERT could not be reached."
In the meantime, electronics manufacturers will want to take note of how the situation allowed these default passwords to remain available for hackers to take advantage of, and remedy the situation from their end as well. - Rappler.com