Security experts say zombie TV warning exposes flaws
By Jim Finkle
(Reuters) - The zombie attack alert issued on a handful of U.S. TV stations this week is more serious than a mischievous hacker prank say cyber experts, who warn the incident exposes lax security practices in a critical public safety system.
While broadcasters said poor password security paved the way for the bogus warning, security experts said the equipment used by the Emergency Alert System remained vulnerable when stations allow it be accessed via the public Internet.
The fear is that hackers could prevent the government from sending out public warnings during an emergency or attackers could conduct a more damaging hoax than a warning of a zombie apocalypse.
"It isn't what they said. It is the fact that they got into the system. They could have caused some real damage," said Karole White, president of the Michigan Association of Broadcasters.
Following the attacks on Monday, broadcasters were ordered to change the passwords for the EAS equipment.
The Federal Communications Commission (FCC) would not comment on the attacks, but in an urgent advisory sent to television stations on Tuesday said: "All EAS participants are required to take immediate action."
It instructed them to change passwords on equipment from all manufacturers used to deliver emergency broadcasts. The FCC instructed them to ensure gear was properly secured behind firewalls and to inspect systems to ensure that hackers had not queued "unauthorized alerts" for future transmission.