Sophos Cloud Optix
Chances are that you have seen pictures of hacked road signs, warning you that a zombie invasion is underway, and chuckled to yourself.
But would you be laughing as hard if your favourite TV programme was interrupted by an emergency alert telling you that the bodies of the dead had risen from their graves, and attacking the public.
Check out the following video, which shows what happened to Public TV 13 and CBS affiliate KRTV in Montana after someone hacked into the Emergency Alert System:
"Civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Follow the messages onscreen that will be updated as information becomes available. Do not attempt to apprehend or approach these bodies as they are considered extremely dangerous.
"I repeat, civil authorities in your area have reported that the bodies of the dead are rising from their graves and attacking the living. Do not attempt to apprehend or approach these bodies as they are considered extremely dangerous.
"This warning applies to all areas receiving this broadcast. Tune into 920AM to get information in the event you are separated from your television or if electrical services are interrupted.
"This station will now cease transmission, so please use your battery-powered radio. Tune into 920AM for information."
In case you haven’t already guessed – there wasn’t really a zombie uprising.
KRTV published an explanation for the unexpected interruption to their programming, but strangely didn’t refer to zombies.
It isn’t clear how hackers managed to broadcast the emergency alert on the TV stations, but the most obvious line of investigation would be to examine if the alert service was only “protected” by a default password that could have been widely known.
Obviously, hacking into systems to broadcast bogus emergency messages via TV stations isn’t something that can be condoned. I’m sure that none of us find it in the slightest bit funny, and there won’t be a single Naked Security reader who is chortling inside.
But hey, it makes a change from a Dalek invasion, right?
Zombie image from Shutterstock.
There was likely zero actual hacking involved here. No security protocols were bypassed because none exist. EAS messages are broadcast unencrypted over the air. TV stations just have receivers that listen for incoming broadcasts on particular frequency bands that automatically cut into programming as soon as they receive a properly formatted start sequence. The only thing stopping someone from spoofing the signal is the threat of federal jail time.
you really told it how it is, but you now even made them look very stupid. beause they announced that they had no idea how anyone did this, what a real intelligent government we have.
I'll have you know I found it absolutely hilarious.
"I'm sure that none of us find it in the slightest bit funny, and there won't be a single Naked Security reader who is chortling inside."
You're absolutely right, Graham. (snidker) This is no laughing matter! (mmmpphh) It was utterly reprehensible. (teehee) This is very serious business indeed. (gmskmpt)
(Thanks for my morning chuckle.)
The explanation is very simple: The Emergency Alert System is activated by a network-capable interface box that every radio station, TV station and cable provider must have, per FCC regulations. These boxes are accessible via their network interface with a user name and password. Just like any cable modem or router you might have in your home, there are default user names and passwords set on the boxes by the manufacturer. In this case, the boxes were compromised because the stations that owned them didn't change the default password. Many more stations recorded attempts to log into their EAS boxes, but such attempts were stopped in those cases because the users had changed the default passwords.
Network Security 101 strikes again.
That's definitely hilarious 🙂
I'm confused, is it safe to go outside?
That depends..
Are you a zombie? If so, I’d stay indoors.
You might get hit with a shovel.
I cannot believe they would be such a prankster and try to make people believe that sort of thing. I live in Montana and whoever did this, deserves to be kicked in the shins. God bless
yeah, coz it's so believable. oh, and you spelled friendly wrong.
While some might have taken this seriously, I myself could not. I DO NOT believe that this could or would ever happen. I'm chuckling, but, it isn't funny that someone hacked a t.v. station and my have caused a huge panic. I really hope this person is found.
I'm convinced the dead have been rising for years…. well, brain dead anyway!?
Well, here in CZ some group made a similar prank several years ago. They intercepted a video stream from a weather/snow conditions camera that was fed live into a morning TV broadcast and keyed in a nuclear explosion :).
Now that's funny!!
I bet some of those simple small town people actually believed there was a zombie threat.
Which makes this super funny.
Can I get one of those pancake pans here in Australia?
Now I want pancakes.
I think everyone is missing the worst aspect of this. When an actual Zombie Apocalypse happens, no one will believe it and it will be a complete catastrophe.
No, I am not being serious.
The spoof was clearly orchestrated by those nefarious hackers who are advertising the pancake pan. Now the product has received truly global coverage (US/UK/AU + God knows where else). The shameless viral propagation of this item by Sophos will no doubt bring them a cut of the ill-gotten-gains. Today, Montana – TOMORROW, THE WORLD… MUH – HA HA HA HA HA HA HA.
Ermagerd Zermbies!