[EAS] ALERT: EAS Device passwords
Rich Parker
rparker at vpr.net
Tue Feb 12 19:24:30 CST 2013
Voice of reason - thanks for that Alex.
It amazes me that we don't use keys - and that 'box to box' communications are not regulated by shared keys (i.e. I know who I monitor) - part of the 'traffic' of any alert should be some kind of shared key, set in advance. And they can be rotated - just like the 'pink envelopes'.
I did the 'good boy-scout' thing and made sure the user and admin passwords were 'not factory' - but the reality is that even if we took the 'advice' sent around tonight, and changed passwords, and even did the 'extreme' measure of disconnecting from the 'net', the vulnerability from having a 'hacked' upstream box that you monitor triggering an alert that gets relayed can't be 'stopped' by any of those methods.
I am assuming here that the 'jury is still out' on whether or not this was a 'modified' RWT, or something else. I am inclined to think it was 'something else' based on the fact that there were reports of 'stations in Utah' (and other places) getting the bogus alert - and although it was anecdotal, someone reported that they 'were able to kill the alert' before it went out. That doesn't sound like the behavior of a received RWT (which 'should' be log only, right?).
And as for 'inserting' NV audio into an RWT - those theoretically don't change once they are set-up, so it shouldn't be terribly difficult to decide on 'what an RWT is', and whether or not you use NV audio with it. Then its just a simple matter of a combination of a checksum and a key to allow changes to the NV audio.
And it wouldn't require re-inventing the wheel - the FCC CDBS website has a currently 'legitimate' certificate - so, for instance, that site could be used to distribute keys and or pass-phrase info on a rotating basis - if that's the best plan going forward.
I'm sure this isn't the 'end of this'.....
-rp
----- Original Message -----
From: "Alex Hartman" <goober at goobe.net>
Using a shared-key system versus a user/pass system would be much more
secure inherently. It's harder to get your hands on the keys than it
would be to sniff a password or even a brute-force system.
And "PC Based" means nothing. I'm willing to bet that all the current
EAS systems with a network jack on them are running a BSD or Linux
variant, be it x86 or ARM based. I've done several MitM attacks on my
Sage box since installing it just to prove a point. It really doesn't
take much to get into it if one tries.
--
Alex Hartman
__________________________________________________________
The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning Working Group). http://eas.radiolists.net
Please invite your friends to join our Forum! The sign up is at: http://lists.radiolists.net/mailman/listinfo/eas
___________________________________________________________
--
--
More information about the EAS
mailing list