Root SSH Key Compromised in Emergency Alerting Systems

[securitybreach]

File this one among the stories that fell through the cracks due to the 4th of July holiday in the U.S. According to a July 3 advisory from the Department of Homeland Security’s ICS-CERT, the Root SSH Key for Monroe Electronics emergency alert systems has been compromised. The private SSH key used in firmware images prior to version 2.0-2 of Monroe’s DASDEC-I and DASDEC-II, which are emergency alert system (EAS) encoder/decoder devices used to broadcast EAS messages over digital and analog channels, has been compromised – though how it happened exactly remains a puzzle. The SSH key was hardcoded into the devices, which is bad form really. Most programmers avoid it, but those who use hard-coded crypto keys in their firmware often do so because they feel it is safer than using hard-coded passwords. In reality, this sense of security is a false one......

 

https://www.securityweek.com/root-ssh-key-compromised-emergency-broadcast-systems

[V.T. Eric Layton]

Laxness in security for the past two decades is going to come back to bite some serious ass in the future.

[securitybreach]

Laxness in security for the past two decades is going to come back to bite some serious ass in the future.

 

Agreed!

[V.T. Eric Layton]

Of course, two decades ago no one had the foresight to predict that very serious security measures would be needed in the future. Not many of the techies of those days were thinking about viruses, malware, NSA backdoors, the GoogleNet, etc.

[Guest LilBambi]

Not that they weren't told to be aware. They never seem to get the real connections and possibilities until it happens and then it's everyone else's fault.

[V.T. Eric Layton]

There are no hunks in my lifestyle.