Researchers Demonstrate How US Emergency Alert System Can Be Hijacked and Weaponized (vice.com) 33
After an emergency alert was accidentally sent to Hawaii residents last year, warning of an impending nuclear ballistic missile attack, researchers at the University of Colorado Boulder were prompted to ask the question: How easy would it be to exploit the nation's emergency alert systems, wreaking havoc on the American public via fake or misleading alerts? In short, they found that it wasn't very difficult at all. Motherboard reports: Their full study was recently unveiled at the 2019 International Conference on Mobile Systems, Applications and Services (MobiSys) in Seoul, South Korea. It documents how spoofing the Wireless Emergency Alert (WEA) program to trick cellular users wasn't all that difficult. To prove it, researchers built a mini "pirate" cell tower using easily-available hardware and open source software. Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University. 90 percent of the time, the researchers say they were able to pass bogus alerts on to cell phones within range. The transmission of these messages from the government to the cellular tower is secure. It's the transmission from the cellular tower to the end user that's open to manipulation and interference, the researchers found. The vulnerability potentially impacts not just US LTE networks, but LTE networks from Europe to South Korea.
Re: So.... nothing to do with the US alert syste (Score:2)
What the fuck are you talking about? So Europe and Korea being affected as well makes it not a problem for the US? What? I think you may have missed a word in that summary. It says, "not only the US" is affected but also the other countries. That is, it says that the US, Europe, and Korea are all affected. So, yeah, the headline is correct. At the same time the researchers also demonstrated the same thing for other countries' emergency alert systems. So what?
You can't control which towers your phone accesses (Score:3)
Unlike WIFI, you are unable to control which cell towers you connect to, as far as I know.
Until users have transparency outside of the word, "ROAMING" to what they are connecting to this exploit will live on. This exploit is currently a favorite of law enforcement with their "stingray" devices and spy agencies that put up fake cell towers to track phones.
Wouldn't it be nice if there were an authenticated list of cell towers and you could control the LTE association on your phone?
It is undeniable that phones are just personal tracking devices waiting to be exploited through the cell network.
ban sim locks and locked phones first! (Score:2)
ban sim locks and locked phones first!
Re: (Score:2)
Re: (Score:2)
get Belgium to use US EMS system
Re: (Score:2)
"Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University"
Sounds similarly illegal - unless they actually built the world's largest Faraday cage, around a stadium.
"Wouldn't it be nice if there were an authenticated list of cell towers and you could control the LTE association on your phone?"
There is. If, for instance, I'm out of range of a VZW to
Re: (Score:2)
That's what the PRL [wikipedia.org] is. Granted, it's controlled by the carrier, not you (they send an updated copy to your phone if they add or remove towers due to changing service agreements with other carriers).
Re: (Score:1)
They're already being exploited by LEOs with Stingray devices.
The only barrier between hell/terrorists and this scenario is the fact that Stingray devices are top secret and protected by a "you're not allowed to know" defense. Newsflash: Criminals don't care about your allowances. Security via obscurity, which not only doesn't work at all but also works really, really badly against people determined to break it. Don't do that.
To anyone interested in securing this system: Open your protocols to public scruti
Re: (Score:2)
Unlike WIFI, you are unable to control which cell towers you connect to, as far as I know.
You mostly don't have control over which WIFI access point you connect to, either. You know which SSID it is, but SSID can be spoofed.
punishment incoming (Score:2)
Trump Will Call-to-Arms Using System if He Loses (Score:1)
they'll have to take their turn! (Score:1)
In Ontario we get so many irrelevant Amber alerts from 500 km away that malicious actors will have to queue.
Re: (Score:2)
I'm still not enabling alerts. Amber alerts, severe weather alerts, whatever. I don't care.
I have eyes and ears, and no government system is going to advise me of anything that affects me before I find out on my own.
If we had decent earthquake prediction and alerts for that, I'd sign up.
So easy! (Score:2)
So, all I need to do is:
Attach a computer to an SDR that covers appropriate frequency range;
Program said computer to emulate a cell tower;
Place radio/computer near âtargetâ(TM) cell phone;
Have radio/computer present itself with a sufficiently powerful enough signal, identified with a lower cost carrier to âbumpâ(TM) the target phone off itâ(TM)s current cell tower;
In the 45 seconds after the target phone attempts to authenticate my radio/computer I send out a carefully worded fake P
I encountered this (Score:2)