A study by researchers at the University of Colorado Boulder (CU Boulder) "raises a red flag" around alerts sent by the US Wireless Emergency Alert (WEA) system.
Their suspicions were aroused in January 2018, when millions of Hawaiians received a message, labelled 'Presidential Alert', on their cell phones stating that someone had launched a ballistic missile attack on the state.
The team wondered 'how secure are such emergency alerts (?)' and discovered a back door through which hackers might mimic those alerts, sending fake messages to people in a confined area, such as a sports arena or a city block.
"Sending the emergency alert from the government to the cell towers is reasonably secure," said Sangtae Ha, an assistant professor in the Department of Computer Science at CU Boulder. "But there are huge vulnerabilities between the cell tower and the users."
Because the government wants presidential alerts to reach as many phones as possible, it takes a broad approach to broadcasting these alerts, sending messages through a distinct channel to every device in range of a cell tower.
Ha and his colleagues discovered that hackers could exploit this by creating their own, black market cell towers. To show this, the team developed software mimicing the format of a presidential alert.
"We only need to broadcast that message into the right channel, and the smartphone will pick it up and display it," Ha said.
The team found that such messages could be sent out using commercially-available wireless transmitters with a high success rate - hitting 90% of phones in an area the size of CU Boulder’s Folsom Field - and potentially sending malicious warnings to tens of thousands of people.
