Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Presidential Phone Alerts Can Be Spoofed, Researchers Say

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Issued via the Integrated Public Alert and Warnings System (IPAWS) along with AMBER alerts and imminent threat alerts, the Presidential Alerts are intended to inform the public of imminent threats and cannot be blocked. 

In a recently published whitepaper, a group of security researchers from the University of Colorado Boulder has demonstrated how Presidential Alerts could be targeted in spoofing attacks using commercially available hardware and modified open source software.

Specifically, the researchers were able to target the system using a commercially-available software defined radio, along with modifications to the open source NextEPC and srsLTE software libraries. 

“We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the whitepaper reads.

WEA, the researchers explain, sends alerts via the commercial mobile alert service (CMAS) standard System Information Block (SIB) messages, the LTE downlink within broadcast messages. Cell towers broadcast the SIB to all cell phones tuned to its control channels. 

Advertisement. Scroll to continue reading.

With the cell tower broadcasting the SIB messages to the user device independently from the mutual authentication procedure between them, this means that all SIBs are vulnerable to spoofing from a malicious tower. 

Even if the device and the tower have completed authentication and communicate securely, the former is still exposed to the security threat caused by the broadcasts from other, possibly malicious, towers, because the device periodically gathers SIB information from neighboring towers. 

A CMAS spoofing attack, the research paper reveals, is easy to perform but challenging to defend in practice. The researchers were able to successfully conduct the attack on 9 smartphones from 5 manufacturers. 

“Fixing this problem will require a large collaborative effort be-tween carriers, government stakeholders, and cell phone manufacturers. To seed this effort, we also discuss several defenses to address this threat in both the short and long term,” the paper reads. 

The researchers also say they disclosed the findings to various pertinent partners (FEMA, FCC, DHS, NIST, 3GPP, and GSMA, along with AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, Samsung, Google, and Apple) in January 2019, before the public disclosure. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.