"We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to the most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure," said the Federal Emergency Management Agency (FEMA), an agency under the DHS.
The DHS further advised organizations using EAS to strengthen their security measures to prevent any potential abuse. (Related: U.S. Emergency alert system vulnerable to hijacking, report finds.)
According to the DHS advisory, the flaws in EAS encoder and decoder devices were successfully exploited by Ken Pyle, a security researcher for the cybersecurity firm CYBIR.
The DHS expects the exploit to be presented, with proof of concept code, at the DEF CON Hacking Conference in Las Vegas. "In short, the vulnerability is public knowledge and will be demonstrated to a large audience in the coming weeks."
EAS has far-reaching capabilities for sending out emergency alerts either nationally or at the local level. Americans are likely to know about the EAS from its regular tests that loudly interrupt TV shows and radio broadcasts. It is run on the federal level by FEMA and several partners, including the Federal Communications Commission and the National Oceanic and Atmospheric Administration.
The EAS is designed to make sure that the president or other designated federal officials can address Americans within 10 minutes of a national emergency. It requires the cooperation of radio and television broadcasters and the operators of cable TV, wireless cable systems, satellites and wire lines.
State and local officials are also allowed to use the system to broadcast messages during emergencies, such as extreme weather events and AMBER alerts.
Homeland Security has not gone public regarding the exact nature of the security flaws in the EAS encoder and decoder devices. But Pyle, in interviews, claimed that the vulnerabilities reside in the Monroe Electronics R189 One-Net DASDEC EAS, an emergency alert system encoder and decoder.
These digital encoder and decoder devices are used by television and radio stations nationwide to transmit emergency alerts. Pyle said that "multiple vulnerabilities and issues – confirmed by other researchers – haven't been patched for several years and snowballed into a huge flaw."
"When asked what can be done after successful exploitation, Pyle said: 'I can easily obtain access to the credentials, certs, devices, exploit the web server, send fake alerts via crafts message, have them validate and pre-empt signals at will. I can also lock legitimate users out when I do, neutralizing or disabling a response,'" wrote Sergiu Gatlan in his interview with Pyle for information security and technology news publication Bleeping Computer.
Erich Kron, a security awareness advocate at the security training firm KnowBe4, noted that as America's tech systems become more interconnected, more vulnerabilities will likely be found and exploited.
"In a case such as this that impacts emergency notifications, it may be easy to think that no real harm could come from a false alarm," said Kron. "However, history proves that is not true."
Kron pointed to multiple incidents when glitches and cyberattacks caused panic, such as when the Associated Press Twitter account was hacked and published false reports of explosions at the White House in 2013, and when Hawaii accidentally issued a ballistic missile alert in 2018.
"Even false alerts such as these have real-world impact, and at the very least dissolve public faith in these critical systems," said Kron.
Learn more about cyber attacks at CyberWar.news.
Watch this clip from "The Stew Peters Show" as Stew Peters and Maria Zeee talk about the globalists' planned "cyber COVID," which will kill all computers, phones and smart televisions.