Forwarded from: The entropy Technician <delchiat_private> There are a few things I'd like to add to this ..... I was in the hot seat of a broadcast station for many moons, and EBS ( the system prior to EAS ) was one of my duties. One of the biggest problems with EBS, that EAS was supposed to solve - was that quite a few operators responded improperly to EBS activations. Despite training and retraining things still failed to happen. These breakdown made the system rather ineffective. The EBS system worked out of a special EBS receiver. This was tuned to the regional lead ( I forget teh term, I believe it was PCPS or some such ) and listened for the magical two tone sound. When that happened it opened up and you could hear the boradcast of the PCPS. You would then hear the script ' this is an activation ' and so on. At this point in a real activation there would be authentication. This consisted of a code that was spoken, and the operator ( hopefully ) pulled out the little red package and opened it - to find the codes needed. If they matched, the operator would manually switch in the broadcast. The breakdowns here were many and quite preventable. Lost authentication packs, EBS receivers that were turned down , or had their antennas disconnected .... and so on. The funny part was that the weekly mandated tests that were designed to test the gear were often not performed WITH the gear! Special tapes with the two tone signal , or audio carts were used to transmit the tests! One time in my experience , an operator accidently transmitted a EBS tone, andme being the boy scout I was, followed procedures to the letter. When I did not hear an authentication or an emergency message, I called the PCPS and asked WTF was up? They had no idea what I was talking about. I could hear a guy saying " OH SHIT " over and over in the backgorund. I ended up calling the head of that station, asking about a stray EBS activation tone, and got my head handed to me for it. No fun. In the end, however - it was an accidental tramsnission and I was patten on the head for following the lines. One of the most overlooked bits about this whole EAS/EBS thing - is that the whole system is voluntary! The wods themselves : "The broadcasters of your area in voluntary cooperation with the Federal, State and local authorities have developed this system to keep you informed in the event of an emergency.... " Now while it is voluntary - the fines and actions that the FCC can take against your station if you foul up or misuse the EBS can be extreme. If you were an operator , and Uncle Charle came a knocking - and asked you to perform an EBS test and you did not know the procedure ... your station could be fined or worse..... Now the next bit of fun - the hardware was quite expensive. Still is. It needs to be made to exacting specs, which means charge em as much as possible. So what you end up with is a voluntary system that you have to spend money on to use, and if you dont do it right you can get fined ( $10k was a nice starting point ) all in the name of local / national emergency notification. What happens if you choose not to volunteer ? In the event of an natioanl activation , you must cease broadcast right then and there. Shut down. Thus says the FCC : 11.19 EAS Non-participating National Authorization Letter. This authorization letter is issued by the FCC to broadcast station licensees and cable systems and wireless cable systems. It states that the licensee, cable operator or wireless cable operator has agreed to go off the air or in the case of cable discontinue programming on all channels during a national level EAS message. For broadcast licensees this authorization will remain in effect through the period of the initial license and subsequent renewals from the time of issuance unless returned by the holder or suspended, modified or withdrawn by the Commission. EAS may not be the bees knees, but it is a far cry better than the old EBS system. While EAS automatically switches the broadcast , any savvy operator can manually override it if it turns out to be a false activation. I believe (IMHO) that the lack of secure communication design in the EAS is not due to poor science, but to economics. A more secure network, a more hack proof network would cost money. Moey to design, to get though the legal system , to build, to get station managers to buy into , and to retrain people. Instead of this, an automated system that requires little human intervention ( Wargames, anyone ? ) and that runs automatically was cheaper to build and impliment. There are the usual arguments about keeping people in the loop, which is why there are manual oeprators for EAS on a large scale - and despite the ease of building I seriously doubt there will be much EAS hacking going on. Not for the lack of inspiration or people who would do it - but that in the current state of the country - such an offence could only result in extreme penalty. I recall a story from a few years ago about a similar system ( I believe it was in Europe ) whereby a signal was sent out that forced all car radios to tune to a specific frequency for emergency information - it was hacked to pieces and playyed with for a while ( agian , I have to dig in my place to find the articles on this .. .it was a while ago ) IMHO the ' deep flaws ' in EAS are no more different than the flaws in airport screeners. As for the concerns... here is my take : > The problem, experts say, is that the EAS data headers include no > authentication whatsoever. That means anyone capable of following > the specifications and with the skill to build a low-power radio > transmitter akin to a "Mr. Microphone" toy can get their own > messages into the system -- commandeering a radio or television > station with a custom broadcast of their own, I think that the Mr Microphone reference is a bit too much here. In order to trick the EAS rcvr into tripping you would have to : 1. Be on the same frequency as the PEP ( Primary Entry Point ) 2. Be strong enough so that the target station EAS rcvr would reject the true PEP signal 3. Transmit the correct data burst, and 4. Continue to transmit, to insert the rogue audio stream This may seem simple on paper, and even in the smoky beer sodden rooms of the Alexis Park this has been discussed - however in reality it would not be a simple feat to build, construct, and keap stealthy such a thing. ( Now by saying this, I can already hear people telling me I'm full of it, or that I underestimate the hacker spirit and so on. My experience shows that it's rare that things on this scale ever happen. I'm not saying that it is impossible, but it's not likely. The mottovation, money and skill needed are not in as ready a supply as one might think) Now aside from this, let's say a rogue signal does get out there. Oh so now we are listening to a false EAS transmission. Let's say we are listening to Mc Hawking or some such .... the rogue signal is going to stick out like a sore body part - and any operator on duty will have the switch in hand rather quickly. > non-standard 500 baud modems. That's not much protection: the modem > specs are published in the FCC regulations, and the technology is > simple and slow enough to be easily emulated by any off-the-shelf PC > with a sound card. A transmit-only modem could even be built from > scratch with a few dollars in components, according to Burgan. This strikes me as more fo the 'scary hacker ' bugaboo that is normally used to bilk ignormant C*O's into buying things. How many people do you think are capable of walkign into a store with ' a few dollars ' and building this. From that how many people would do it ? From that, how many people are motivated to do that instead of sitting in front of a stadium all night to get brittney tickets? The numbers just don't justify the scare tatic. In perspective, you could go into a store with a few dollars and build a device to insert a rogue signal into a cable TV head end, or to transmit your old beastie boys vinyl 24/7 on 101.5 FM. You could build a garage door opener and open every one on your block ( well ok , in the old days you could .... ) and so on. > it entirely because it's too complicated to do." The FCC adapted the > EAS from an older National Weather Service system used to issue > severe weather warnings. Again, I think the answer was money. Mooolah. > Though it's not known to have ever been exploited, the spoofing risk > is one of the factors quietly driving calls to reform the EAS. In a > paper published earlier this year, Columbia University researchers > Henning Schulzrinne and Knarig Arabshian proposed enhancing the > system with an Internet-based emergency notification system, noting > that under the current design "it would not be hard to drive by an > EAS receiver with a small transmitter and make it distribute a false > alarm." Ok, time for some more IMHO. good idea, badmethod. If we are to get paranoid about the EAS, yes by all means let us sit down and make a better one. Let us NOT however rely on the internet at all. Any security admin can tell you that the net is ugly enough without a method of waking up every device in the nation. By the way kids, National Network Override is already part of the IP header. I spoke about this a bit ago - no one seemed to think much of it as it's not normally looked at - but some people looked at me like their hari was on fire when I talked about exploiting it. > Peter Ward, chairman of the Partnership for Public Warning, a > nonprofit group formed this year to explore advanced warning > systems, would phase out the EAS, and replace it with an all-digital > network tied to cell phones, digital televisions and pagers, turning > any networkable device into a "smart receiver that would know the > wishes of the owner And that is going to cause SO MUCH screaming - I can already hear it now. If we don't allow V-chips in our TV's , and so on ... how do you expect THAT to wash over ? I'm sure that if such a system were to come into existance that there would be more commercial exploiting than spoofing of such a system. ( Ps : I'm not comparing a notification system to the censorship of the V chip - but many people will see it as a form of big big brother.) All in all, the EBS/EAS has served well in their time - and if we do need a new system, then one should be designed with effeciency, ease of use, and sound technicial design in mind - not economics and scare tatics. Sic Transit, - D - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 13:08:59 PDT