We may like the idea of smart meters and grids, but what's the point if we can't even protect the emergency broadcast system?
The recent hacking of America's Emergency Alert System (EAS), which warned citizens in Montana that "the bodies of the dead are rising from their graves and attacking the living" raised confusion as well as hilarity, but if hackers can so easily get into an emergency system designed to protect citizens, who knows what would happen if a smart grid system was taken down -- something that so many core services rely upon.
Was it down to sophisticated cracking software or the back-breaking work of criminals? No. According to Reuters, it was the far too-common reason so many systems are often compromised -- simple, human stupidity.
Like waving a red flag to a bull, system administrators across the U.S. left a number of passwords for the EAS software simply set to default. Unsurprising when you consider how many people insist on using passwords that are the hacker's delight, including 'qwerty', 'password', and '12346'.
Mike Davis, a security expert at IOActive Labs, told the publication that by using Google's search engine, he was able to find at least 30 additional alert systems that are vulnerable to attack. The zombie hoax may have only been a prank present on one station, but as Davis noted, the message could have been delivered to a lot more systems, and had the potential to breed chaos rather than humor.
The vulnerabilities in EAS systems have been forwarded to the Department of Homeland Security's U.S. Computer Emergency Readiness Team, US-CERT, but here's an idea: how about we start with the basics, and force lazy administrators to change the passwords regularly when it comes to such sensitive systems?