This is a test... gets hacked

Everyone is familiar with the Emergency Broadcasting alerts that begin with: "This is a test...." However, the US-CERT, which is part of the US Department of Homeland Security, warns that security-critical vulnerabilities in US emergency alert systems potentially allow attackers to switch off the systems or misuse them to broadcast arbitrary emergency alerts. These alerts are used on radio and TV stations to enable the government to broadcast in an emergency. It is designed to allow the President to address the nation.

However, security researchers at IOActive discovered that publicly available firmware updates for emergency alert systems by Digital Alert Systems and Monroe Electronics include SSH keysPDF that enable remote attackers to log in as root. Other vulnerabilities are mentioned that could affect the generation of passwords and session IDs that could potentially contain sensitive information.

Applying firmware updates will resolve the issues.

The researchers also discovered that the systems offer default passwords. If a broadcaster doesn't change this password before launching the emergency alert system, potential attackers can easily take control of the system. In early 2013, unknown attackers managed to remotely control the KRTV and Public TV 13 stations this way. The intruders took the opportunity to inform the nation of the imminent beginning of the zombie apocalypse.