FCC moves to close down backdoor weakness in EAS system that may have led to “zombie attack” alert.

As many of our readers have probably heard, a number of broadcast stations in various parts of the country found their EAS systems hacked yesterday. The result: the stations issued EAS alerts about zombie attacks. Since the alerts appear to have utilized (probably through the miracle of Internet accessibility) the stations’ own systems, those alerts sounded for all the world – and could, and should, have been accepted by the public – as the Real Deal (except for the part about the zombies).

While this may have amused some, the fact of the matter is that any compromise of the EAS system creates serious risks to the public. It’s not hard to imagine faux alerts with a much more sinister effect.

With that in mind, the FCC has (according to our friends at the NAB) issued the following “Urgent Advisory” outlining “immediate actions to be taken regarding CAP EAS device security”:

All EAS Participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP EAS equipment is secured behind properly configured firewalls and other defensive measures. 

All CAP EAS equipment manufacturer models are included in this advisory.

All Broadcast and Cable EAS Participants are urged to take the following actions immediately.

  1. EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts. 
  2. EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
  3. EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
  4. If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device’s Ethernet connection until those settings have been updated.
  5. EAS Participants that have questions about securing their equipment should consult their equipment manufacturer.

When the Commission refers to “immediate” action, it presumably means “immediate”, like right now, this instant, as soon as possible (if not sooner). Bear in mind that many, if not most, broadcasters will likely be providing coverage of the President’s State of the Union speech this evening. We’re guessing that the FCC is looking to have all the steps outlined above wrapped up before those festivities crank up.

This has been a public service announcement from CommLawBlog.