Last fall, FEMA conducted the first nationwide test of its Wireless Emergency Alert (WEA) system when it beamed a "presidential alert" to all capable phones in the US. WEA has long been used to send alerts about missing children, natural disasters and other dangerous events. But a few years ago, the FCC voted to expand WEA so that, among other changes, government officials could write longer messages. Now, researchers from the University of Colorado Boulder warn that WEA's presidential alerts can be easily spoofed.
In their paper, the researchers developed and tested a spoofing attack on presidential alerts. They used commercially available hardware and modified open-source software to send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. The vulnerability is due to the fact that WEA alerts use LTE. Alerts are sent on a specific channel to every compatible device in range, and there's no way for the device to verify the authenticity of the alert. Presidential alerts are especially risky because users can't opt out of them, as they can with AMBER alerts or weather warnings.
"Fake alerts in crowded cities or stadiums could potentially result in cascades of panic," the researchers wrote. We got a glimpse of just how disruptive fake alerts can be last year, when a false alert mistakenly warned every cellphone in Hawaii that a nuclear missile was on its way. The panic would be more widespread if an alert were sent out nationwide. The paper warns that fixing the problem will require "a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers." Given the US government's relationship with some cell phone manufacturers in particular, that seems like a big ask.