Presidential text alerts are open to spoofing attacks, warn researchers

Researchers have shown that it’s technically possible for hackers to target the US presidential alerts system to send fake messages on a localised basis.

For anyone who can’t remember what these are, the Federal Emergency Management Agency (FEMA), which manages the system, sent a message to US 200 million mobile users designed to test the Wireless Emergency Alerts (WEA) system at 2:18 pm (ET) on 3 October 2018. It read:

Presidential Alert. THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.

Judging from Twitter responses and a legal challenge, not all Americans were pleased at the idea of being sent a text message of up to a 90-characters by the US President that they can’t opt out of or block, but it did achieve its purpose of publicising an unfamiliar element of the system.

Launched in 2006, there are in fact three types of Integrated Public Alert and Warnings System (IPAWS) alerts, the other two being Imminent Threat Alerts (usually weather or fire-related) and Amber Alerts used to tell people about missing or abducted children.

Emergency alerts also have the potential to go badly wrong, as millions of Hawaii residents discovered on 13 January 2018, when they received the following terrifying message at 8:07 am:

Emergency alert. Ballistic missile inbound to Hawaii. Seek immediate shelter. This is not a drill.

As people crawled under café tables in fear, it took 38 minutes for the authorities to confirm that the message was a false alarm caused by human error.

Cascades of panic

Intrigued by such events, researchers at the University of Boulder wondered to themselves whether it might be possible for hackers to sow chaos by generating similar entirely fake alerts.

Worryingly, in their paper, This is Your President Speaking: Spoofing Alerts in 4G LTE Networks, they have demonstrated that it is, at least for specific locales.

The fundamental weakness is that with a bit of effort it’s eminently possible to set up rogue cell towers (from 3G onwards called Evolved Node Bs or ‘eNodeB’ for short) which can be used to send spoof messages.

The authentication weaknesses that make this possible are complex but can be abused either by allowing mobile users to connect to the rogue tower, or by routing messages from a rogue tower through a genuine base station.

from Naked Security – Sophos