Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Presidential Phone Alerts Can Be Spoofed, Researchers Say

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Issued via the Integrated Public Alert and Warnings System (IPAWS) along with AMBER alerts and imminent threat alerts, the Presidential Alerts are intended to inform the public of imminent threats and cannot be blocked. 

In a recently published whitepaper, a group of security researchers from the University of Colorado Boulder has demonstrated how Presidential Alerts could be targeted in spoofing attacks using commercially available hardware and modified open source software.

Specifically, the researchers were able to target the system using a commercially-available software defined radio, along with modifications to the open source NextEPC and srsLTE software libraries. 

“We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the whitepaper reads.

WEA, the researchers explain, sends alerts via the commercial mobile alert service (CMAS) standard System Information Block (SIB) messages, the LTE downlink within broadcast messages. Cell towers broadcast the SIB to all cell phones tuned to its control channels. 

With the cell tower broadcasting the SIB messages to the user device independently from the mutual authentication procedure between them, this means that all SIBs are vulnerable to spoofing from a malicious tower. 

Even if the device and the tower have completed authentication and communicate securely, the former is still exposed to the security threat caused by the broadcasts from other, possibly malicious, towers, because the device periodically gathers SIB information from neighboring towers. 

A CMAS spoofing attack, the research paper reveals, is easy to perform but challenging to defend in practice. The researchers were able to successfully conduct the attack on 9 smartphones from 5 manufacturers. 

“Fixing this problem will require a large collaborative effort be-tween carriers, government stakeholders, and cell phone manufacturers. To seed this effort, we also discuss several defenses to address this threat in both the short and long term,” the paper reads. 

The researchers also say they disclosed the findings to various pertinent partners (FEMA, FCC, DHS, NIST, 3GPP, and GSMA, along with AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, Samsung, Google, and Apple) in January 2019, before the public disclosure. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.