University of Colorado researchers released a report on the details of the presidential alerting system and their development and demonstration of the first practical spoofing attack on presidential alerts, using both commercially available hardware and modified open source software.
Draft P25 ISSI/CSSI Conformance Test Tool Validation CAB Released for Public CommentCongress Passes TikTok Ban on Federal Devices
FCC Proposes Rules to Improve Routing of Wireless 911 Calls and Texts
Modern cellphones are required to receive and display alerts via the wireless emergency alert (WEA) program, under the mandate of the Warning, Alert and Response Act of 2006. These alerts include AMBER alerts, severe weather alerts and unblockable presidential alerts, intended to inform the public of imminent threats. In 2019, a test presidential alert was sent to all capable phones in the United States, prompting concerns about how the underlying WEA protocol could be misused or attacked.
The researchers said their attack can be performed using a commercially available software defined radio (SDR) and their modifications to the open source NextEPC and srsLTE software libraries.
“We find that with only four malicious portable base stations of a single watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate,” the summary said.
The impact of such an attack would depend on the density of cellphones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic.
The researchers said that fixing this problem would require a large collaborative effort among carriers, government stakeholders and cellphone manufacturers. The report discusses several short- and long-term defenses to address the threat.
The full report is here.
Would you like to comment on this story? Find our comments system below.