Skip to main content

Black Listed News
Trending Articles:
Trending Articles:

National emergency alerts potentially vulnerable to spoofing

Published: June 23, 2019
Share | Print This


On 3 October 2018, cell phones across the United States received a text message labeled “Presidential Alert.” It was the first trial run for a new national alert system, developed by several U.S. government agencies as a way to warn as many people across the United States as possible if a disaster was imminent. Now, a new study raises a red flag around these alerts—namely, that such emergency alerts authorized by the President of the United States can, theoretically, be spoofed.

On 3 October 2018, cell phones across the United States received a text message labeled “Presidential Alert.” The message read: “THISIS A TEST of the National Wireless Emergency Alert System. No action is needed.”

It was the first trial run for a new national alert system, developed by several U.S. government agencies as a way to warn as many people across the United States as possible if a disaster was imminent. 

Now, a new study by researchers at the University of Colorado Boulder raises a red flag around these alerts—namely, that such emergency alerts authorized by the President of the United States can, theoretically, be spoofed.

Colorado says that the team, including faculty from CU Engineering’s Department of Computer Science (CS), Department of Electrical, Computer and Energy Engineering (ECEE) and the Technology, Cybersecurity and Policy (TCP) program discovered a back door through which hackers might mimic those alerts, blasting fake messages to people in a confined area, such as a sports arena or a dense city block.

The researchers, who have already reported their results to U.S.Government officials, say that the goal of their study is to work with relevant authorities to prevent such an attack in the future.

“We think this is something the public should be aware of to encourage cell carriers and standards bodies to correct this problem,” said Eric Wustrow, a co-author of the study and an assistant professor in ECEE. “In the meantime, people should probably still trust the emergency alerts they see on their phones.”

The researchers reported their results at the 2019 International Conference on Mobile Systems, Applications and Services (MobiSys) in Seoul, South Korea, where their study won the award for “best paper.”

False alarm
Wustrow said that he and colleagues Sangtae Ha and Dirk Grunwald decided to pursue the project, in part, because of a real-life event.

In January 2018, months before the first presidential alert test went out, millions of Hawaiians received a similar, but seemingly genuine, message on their phones: someone had launched a ballistic missile attack on the state.

It was, of course, a mistake, but that event made the CU Boulder team wonder: How secure are such emergency alerts?

The answer, at least for presidentially-authorized alerts, hinges on where you look.

“Sending the emergency alert from the government to the cell towers is reasonably secure,” said co-author Sangtae Ha, an assistant professor in the Department of Computer Science. “But there are huge vulnerabilities between the cell tower and the users.”

Ha explained that because the government wants presidential alerts to reach as many cell phones as possible, it takes a broad approach to broadcasting these alerts—sending messages through a distinct channel to every device in range of a cell tower. 

Fake messages
He and his colleagues discovered that hackers could exploit that loophole by creating their own, black market cell towers. First, the team, working in a secured lab, developed software that could mimic the format of a presidential alert. 

“We only need to broadcast that message into the right channel, and the smartphone will pick it up and display it,” Ha said.

And, he said, the team found that such messages could be sent out using commercially-available wireless transmitters with a high success rate—or roughly hitting 90 percent of phones in an area the size of CU Boulder’s Folsom Field, potentially sending malicious warnings to tens of thousands of people.

It’s a potentially major threat to public safety, said Grunwald, a professor in computer science.

“We think it is concerning, which is why we went through a responsible disclosure process with different government agencies and carriers,” he said.

The team has already come up with a few ways to thwart such an attack and is working with partners in industry and government to determine which mechanisms are most effective. 

Key takeaways from the research:

  • Cell phone users can’t opt out of presidential alerts, text messages sent to phones in the U.S. in emergencies.
  • Researchers have discovered that hackers could, theoretically, spoof such alerts, blasting false messages to phones in a confined space like a sports stadium.
  • The team is currently working with cell carriers and government agencies to develop ways to thwart such attacks.

— Read more in Gyuhong Lee et al., “This is Your President Speaking: Spoofing Alerts in 4G LTE Networks” (paper presented at MobiSysy ’19, Seoul, Korea, 17 June 2019)

 

Related Links:

Researchers Show How to Send Fake Presidential Alerts To Your Phone [defenseone.com]

 

Share This Article...



Image result for patreon

Emigrate While You Still Can!

Loading...


Image result for patreon


PLEASE DISABLE AD BLOCKER TO VIEW DISQUS COMMENTS

Ad Blocking software disables some of the functionality of our website, including our comments section for some browsers.





Login with patreon to gain access to perks!

SIGN UP TO GET BLACKLISTED NEWS DELIVERED RIGHT TO YOUR INBOX

Enter your email address:





More Blacklisted News...

Blacklisted Radio
Blacklisted Nation
On Patreon
On Gab
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Republic Broadcasting
Podcasts on Youtube
Podcasts on Demand
On Iheart Radio
On Spreaker
On Stitcher
On iTunes
On Tunein

Our IP Address:
198.245.55.242

Sponsors:
Garden office

good
longboard
brands


Advertise Here...






BlackListed News 2006-2019
Privacy Policy