Latest in Gear

Image credit:

FEMA's presidential alerts are an easy target for spoofing attacks

Fake alerts could be sent to nearly all cellphones nationwide.
Share
Tweet
Share

Sponsored Links

ASSOCIATED PRESS

Last fall, FEMA conducted the first nationwide test of its Wireless Emergency Alert (WEA) system when it beamed a "presidential alert" to all capable phones in the US. WEA has long been used to send alerts about missing children, natural disasters and other dangerous events. But a few years ago, the FCC voted to expand WEA so that, among other changes, government officials could write longer messages. Now, researchers from the University of Colorado Boulder warn that WEA's presidential alerts can be easily spoofed.

In their paper, the researchers developed and tested a spoofing attack on presidential alerts. They used commercially available hardware and modified open-source software to send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. The vulnerability is due to the fact that WEA alerts use LTE. Alerts are sent on a specific channel to every compatible device in range, and there's no way for the device to verify the authenticity of the alert. Presidential alerts are especially risky because users can't opt out of them, as they can with AMBER alerts or weather warnings.

"Fake alerts in crowded cities or stadiums could potentially result in cascades of panic," the researchers wrote. We got a glimpse of just how disruptive fake alerts can be last year, when a false alert mistakenly warned every cellphone in Hawaii that a nuclear missile was on its way. The panic would be more widespread if an alert were sent out nationwide. The paper warns that fixing the problem will require "a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers." Given the US government's relationship with some cell phone manufacturers in particular, that seems like a big ask.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Scientists might know why astronauts develop health problems in space

Scientists might know why astronauts develop health problems in space

View
Darth Vader actor and legend David Prowse dies at 85

Darth Vader actor and legend David Prowse dies at 85

View
'Spider-Man: Miles Morales' bug gives NYC the patio heater superhero it needs

'Spider-Man: Miles Morales' bug gives NYC the patio heater superhero it needs

View
Vava’s 4K ultra short-throw projector is $840 off at Amazon

Vava’s 4K ultra short-throw projector is $840 off at Amazon

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr