Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications Security United States

Researchers Demonstrate How US Emergency Alert System Can Be Hijacked and Weaponized (vice.com) 33

After an emergency alert was accidentally sent to Hawaii residents last year, warning of an impending nuclear ballistic missile attack, researchers at the University of Colorado Boulder were prompted to ask the question: How easy would it be to exploit the nation's emergency alert systems, wreaking havoc on the American public via fake or misleading alerts? In short, they found that it wasn't very difficult at all. Motherboard reports: Their full study was recently unveiled at the 2019 International Conference on Mobile Systems, Applications and Services (MobiSys) in Seoul, South Korea. It documents how spoofing the Wireless Emergency Alert (WEA) program to trick cellular users wasn't all that difficult. To prove it, researchers built a mini "pirate" cell tower using easily-available hardware and open source software. Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University. 90 percent of the time, the researchers say they were able to pass bogus alerts on to cell phones within range. The transmission of these messages from the government to the cellular tower is secure. It's the transmission from the cellular tower to the end user that's open to manipulation and interference, the researchers found. The vulnerability potentially impacts not just US LTE networks, but LTE networks from Europe to South Korea.
This discussion has been archived. No new comments can be posted.

Researchers Demonstrate How US Emergency Alert System Can Be Hijacked and Weaponized

Comments Filter:
  • Unlike WIFI, you are unable to control which cell towers you connect to, as far as I know.
    Until users have transparency outside of the word, "ROAMING" to what they are connecting to this exploit will live on. This exploit is currently a favorite of law enforcement with their "stingray" devices and spy agencies that put up fake cell towers to track phones.

    Wouldn't it be nice if there were an authenticated list of cell towers and you could control the LTE association on your phone?

    It is undeniable that phones are just personal tracking devices waiting to be exploited through the cell network.

    • ban sim locks and locked phones first!

    • by msauve ( 701917 )
      Stingrays are illegal - they're unlicensed. Who's watching the watchers?

      "Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University"

      Sounds similarly illegal - unless they actually built the world's largest Faraday cage, around a stadium.

      "Wouldn't it be nice if there were an authenticated list of cell towers and you could control the LTE association on your phone?"

      There is. If, for instance, I'm out of range of a VZW to
    • Wouldn't it be nice if there were an authenticated list of cell towers and you could control the LTE association on your phone?

      That's what the PRL [wikipedia.org] is. Granted, it's controlled by the carrier, not you (they send an updated copy to your phone if they add or remove towers due to changing service agreements with other carriers).

    • by Anonymous Coward

      They're already being exploited by LEOs with Stingray devices.

      The only barrier between hell/terrorists and this scenario is the fact that Stingray devices are top secret and protected by a "you're not allowed to know" defense. Newsflash: Criminals don't care about your allowances. Security via obscurity, which not only doesn't work at all but also works really, really badly against people determined to break it. Don't do that.

      To anyone interested in securing this system: Open your protocols to public scruti

    • Unlike WIFI, you are unable to control which cell towers you connect to, as far as I know.

      You mostly don't have control over which WIFI access point you connect to, either. You know which SSID it is, but SSID can be spoofed.

  • These researchers are gonna suffer for revealing this. No good dead goes unpunished. Cue government hostility in 3...2....1....
  • When Trump Loses the Whitehouse, we will launch his attacks against America using the Emergency Alert System.
  • by Anonymous Coward

    In Ontario we get so many irrelevant Amber alerts from 500 km away that malicious actors will have to queue.

  • by kenh ( 9056 )

    So, all I need to do is:

    Attach a computer to an SDR that covers appropriate frequency range;
    Program said computer to emulate a cell tower;
    Place radio/computer near âtargetâ(TM) cell phone;
    Have radio/computer present itself with a sufficiently powerful enough signal, identified with a lower cost carrier to âbumpâ(TM) the target phone off itâ(TM)s current cell tower;
    In the 45 seconds after the target phone attempts to authenticate my radio/computer I send out a carefully worded fake P

  • I ran into this the other day. It kept repeating, this is MSNBC. Talk about weaponization!

"You'll pay to know what you really think." -- J.R. "Bob" Dobbs

Working...