The national Wireless Emergency Alert system was put through its first public test last year. It’s capable of sending messages to smartphones, TV, and other devices at the same time. This system was tested for the “Presidential Alert,” which is a new category of emergency alert that you can’t opt out of. However, it appears that these alerts can be spoofed easily by exploiting LTE security vulnerabilities.
Researchers at the University of Colorado Boulder have detailed in a paper how the Presidential Alerts system can be spoofed through an attack which utilizes a radio that’s commercially available in addition to some open-source software tools.
They’re used to put together an alert with a custom message. The researchers were able to use only four malicious portable stations to cover an entire 50,000 seat stadium and had a success rate of 90 percent.
“The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the researchers say.
They exploited multiple LTE security vulnerabilities for this. The alerts are sent from a specific LTE channel so a spoofed alert can be sent out if that channel is identified. Moreover, there’s no way for smartphones to ascertain whether a Presidential Alert is genuine or not. This problem could be addressed by adding digital signatures to alerts, though.