Security vulnerabilities in LTE can allow hackers to “easily” spoof presidential alerts sent to mobile phones in the event of a national emergency.
Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50,000-seat football stadium with little effort, with the potential of causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week.
Their attack worked in nine out of 10 tests, they said.
Last year the Federal Emergency Management Agency sent out the first “presidential alert” test using the Wireless Emergency Alert (WEA) system. It was part of an effort to test the new state-of-the-art system to allow any president to send out a message to the bulk of the U.S. population in the event of a disaster or civil emergency.
But the system — which also sends out weather warnings and AMBER alerts — isn’t perfect. Last year amid tensions between the U.S. and North Korea, an erroneous alert warned residents of Hawaii of an inbound ballistic missile threat. The message mistakenly said the alert was “not a drill.”
Although no system is completely secure, many of the issues over the years have been as a result of human error. But the researchers said the LTE network used to transmit the broadcast message is the biggest weak spot.
Because the system uses LTE to send the message and not a traditional text message, each cell tower blasts out an alert on a specific channel to all devices in range. A false alert can be sent to every device in range if that channel is identified.
Making matters worse, there’s no way for devices to verify the authenticity of received alerts.
The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders and cell phone manufacturers.” They added that adding digital signatures to each broadcast alert is not a “magic solution,” but would make it far more difficult to send spoofed messages.
A similar vulnerability in LTE was discovered last year, allowing researchers to not only send emergency alerts but also eavesdrop on a victim’s text messages and track their location.