Flaws in LTE can allow hackers to spoof presidential alerts
Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the ‘Presidential Alert,’ a new category that can’t be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.
Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.
A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message.
Why it matters: The Wireless Emergency Alert (WEA) system is meant to allow the president to promptly broadcast alert messages to the entire connected US population in case of a nationwide emergency. It can also send out bad weather or AMBER alerts to notify citizens in a particular region or locality, thus making its operation critical. However, the exploitation of LTE networks used in it can enable the transmission of spoofed messages that can cause wide spread of misinformation and panic among the masses.
The researchers didn’t perform an actual attack on a live crowd at the stadium or on actual mobile devices, Eric Wustrow, a researcher on the paper, told Gizmodo in an email. The tests performed were instead done in isolated RF shield boxes, Wustrow said, “and our analysis of Folsom Field was a combination of empirically gathered data and simulation.”
First, alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified. Second, phones have no way of knowing if an alert is genuine or not. Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.