[EAS] ALERT: EAS Device passwords
Lowell Kiesow
lkiesow at kplu.org
Mon Feb 11 21:11:30 CST 2013
I apologize for mentioning this on more than one list, but here
goes. I'm going to go out on a limb here, but I'd be willing to bet
that certain brands of EAS boxes, that are obviously PC based, could
be far more vulnerable to being hijacked by hackers. The products
I'm thinking of are more often used for television and cable. It was
KRTV, Great Falls, Montana that got hit.
Through my work with the Washington SECC, I know what kind of
equipment is in use at a number of stations. In my sampling, PC
based EAS boxes are about 27% of the installed base. Embedded EAS
boxes are about 73%. Of the PC based units, 13% are at radio
stations. Given that most LP stations are radio, and that radio
stations use predominately embedded EAS boxes, the chances of hacking
one box to hit many stations in a market seems less likely.
On the other hand, I suspect that, with enough work, any brand of box
could be exploited, so I suggest taking prudent steps to prevent
un-authorized access to EVERY EAS box. Also, before anyone gets
defensive, PC based doesn't automatically mean it is vulnerable. It
all depends upon how well a particular manufacturer built security
into the design.
Lowell Kiesow, Senior Engineer
KPLU 88.5, KVIX, KPLI, KPLK
www.kplu.org www.jazz24.org
More information about the EAS
mailing list