Earlier last year, the Federal Emergency Management Agency tested the national Wireless Emergency Alert system. As the system was tested for “Presidential Alert”, you can’t opt out of the emergency alert. Although the alert system can be pretty useful to send mass messages to smartphones and other services at the same time, researchers have revealed that attackers can exploit LTE security vulnerabilities to spoof the alerts.
In case you aren’t aware, the radio used to send out the mass alert is open source and publicly accessible. And in a recent paper, researchers from the University of Colorado Boulder revealed how the radio’s open source nature can be exploited to spoof the Presidential Alert system. In order to prove the vulnerabilities, the group put together an alert with a custom message and was able to cover an entire stadium with a 90 percent accuracy.
According to TechCrunch, the researchers exploited multiple well-known LTE vulnerabilities to send out the mass alerts. During their test, the researchers sent the alerts from a specific LTE channel to ensure that the alert looks like they were sent out from a verified source. As smartphones have no way to verify the messages sent using the LTE network, the alerts can be easily faked.
The researchers said, “The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic.”
However, they noted that the problem can be easily addressed by adding digital signatures to ensure authenticity of alerts.