That’s the latest from a group of security researchers at IOActive, which found that two types of servers used in the system can be exploited to send out faux messages. The vulnerability is thanks in large part to accidental inclusion of the private security shell key — which grants users root access to the servers — in a recent firmware update.
“An attacker who gains control of one or more DASDEC systems can disrupt these stations’ ability to transmit and could disseminate false emergency information over a large geographic area,” IOActive stated in an advisory paper posted on Monday. “In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems.”
Attacks on emergency broadcasting systems aren’t new. As Ars Technica highlights, T.V. stations in Montana, Michigan, California, Tennessee and New Mexico have been compromised in the past, possibly through this very exploit.
Montana’s KRTV station, in particular, interrupted broadcasts of a zombie outbreak during the Steve Wilkos talk show. The warning stated that civil authorities have reported “that the bodies of the dead are rising from their graves and attacking the living.” And that citizens shouldn’t attempt to “approach or apprehend these bodies, as they are extremely dangerous.”
Electronic highway signs and construction notices are also a popular target of hackers looking to pull a prank — especially of the zombie variety.
But the pranks may be over: Wired reports that IOActive notified the affected vendors with the Cyber Emergency Response Team at Carnegie Mellon, and fixes should be on the way.
So, if you’re iOS 6 or 7 device ever pops up with a message warning of a zombie outbreak, don’t worry — too much.