Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Presidential Phone Alerts Can Be Spoofed, Researchers Say

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Presidential Alerts that all modern cell phones in the United States are required to receive and display as part of the Wireless Emergency Alert (WEA) program can be spoofed, researchers have discovered. 

Issued via the Integrated Public Alert and Warnings System (IPAWS) along with AMBER alerts and imminent threat alerts, the Presidential Alerts are intended to inform the public of imminent threats and cannot be blocked. 

In a recently published whitepaper, a group of security researchers from the University of Colorado Boulder has demonstrated how Presidential Alerts could be targeted in spoofing attacks using commercially available hardware and modified open source software.

Specifically, the researchers were able to target the system using a commercially-available software defined radio, along with modifications to the open source NextEPC and srsLTE software libraries. 

“We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the whitepaper reads.

WEA, the researchers explain, sends alerts via the commercial mobile alert service (CMAS) standard System Information Block (SIB) messages, the LTE downlink within broadcast messages. Cell towers broadcast the SIB to all cell phones tuned to its control channels. 

With the cell tower broadcasting the SIB messages to the user device independently from the mutual authentication procedure between them, this means that all SIBs are vulnerable to spoofing from a malicious tower. 

Even if the device and the tower have completed authentication and communicate securely, the former is still exposed to the security threat caused by the broadcasts from other, possibly malicious, towers, because the device periodically gathers SIB information from neighboring towers. 

Advertisement. Scroll to continue reading.

A CMAS spoofing attack, the research paper reveals, is easy to perform but challenging to defend in practice. The researchers were able to successfully conduct the attack on 9 smartphones from 5 manufacturers. 

“Fixing this problem will require a large collaborative effort be-tween carriers, government stakeholders, and cell phone manufacturers. To seed this effort, we also discuss several defenses to address this threat in both the short and long term,” the paper reads. 

The researchers also say they disclosed the findings to various pertinent partners (FEMA, FCC, DHS, NIST, 3GPP, and GSMA, along with AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, Samsung, Google, and Apple) in January 2019, before the public disclosure. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.