[EAS] ALERT: EAS Device passwords

David Turnmire eassbelist at cableone.net
Mon Feb 11 21:45:55 CST 2013 

How does one define "PC based" these days?  Because the box looks like a 
PC?  Because a peak inside makes it apparent the manufacturer used an 
"off-the-shelf" motherboard?  Or the fact that it has an operating 
system?  Don't they all have an operating system now?  Often some 
variation on Linux or its cousin BSD?

And you don't need to know any particular operating system's 
eccentricities or vulnerabilities to login with a default password.  All 
you need to know is the brand and maybe model of the box... and chances 
are the manufacturer announces that proudly at the login page.  Maybe 
even kindly provides you a link to their support website so you can 
easily find that default password.

Dave

On 2/11/2013 8:11 PM, Lowell Kiesow wrote:
> I apologize for mentioning this on more than one list, but here
> goes.  I'm going to go out on a limb here, but I'd be willing to bet
> that certain brands of EAS boxes, that are obviously PC based, could
> be far more vulnerable to being hijacked by hackers.  The products
> I'm thinking of are more often used for television and cable.  It was
> KRTV, Great Falls, Montana that got hit.
>
> Through my work with the Washington SECC, I know what kind of
> equipment is in use at a number of stations.  In my sampling, PC
> based EAS boxes are about 27% of the installed base.  Embedded EAS
> boxes are about 73%.  Of the PC based units, 13% are at radio
> stations.  Given that most LP stations are radio, and that radio
> stations use predominately embedded EAS boxes, the chances of hacking
> one box to hit many stations in a market seems less likely.
>
> On the other hand, I suspect that, with enough work, any brand of box
> could be exploited, so I suggest taking prudent steps to prevent
> un-authorized access to EVERY EAS box.  Also, before anyone gets
> defensive, PC based doesn't automatically mean it is vulnerable.  It
> all depends upon how well a particular manufacturer built security
> into the design.
>
>           Lowell Kiesow, Senior Engineer
>           KPLU 88.5, KVIX, KPLI, KPLK
>           www.kplu.org www.jazz24.org
>
> __________________________________________________________
> The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning Working Group). http://eas.radiolists.net
> Please invite your friends to join our Forum! The sign up is at: http://lists.radiolists.net/mailman/listinfo/eas
> ___________________________________________________________
>

More information about the EAS mailing list