Latest in Gear

Image credit: ASSOCIATED PRESS

FEMA's presidential alerts are an easy target for spoofing attacks

Fake alerts could be sent to nearly all cellphones nationwide.
190 Shares
Share
Tweet
Share
Save

Sponsored Links

ASSOCIATED PRESS

Last fall, FEMA conducted the first nationwide test of its Wireless Emergency Alert (WEA) system when it beamed a "presidential alert" to all capable phones in the US. WEA has long been used to send alerts about missing children, natural disasters and other dangerous events. But a few years ago, the FCC voted to expand WEA so that, among other changes, government officials could write longer messages. Now, researchers from the University of Colorado Boulder warn that WEA's presidential alerts can be easily spoofed.

In their paper, the researchers developed and tested a spoofing attack on presidential alerts. They used commercially available hardware and modified open-source software to send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. The vulnerability is due to the fact that WEA alerts use LTE. Alerts are sent on a specific channel to every compatible device in range, and there's no way for the device to verify the authenticity of the alert. Presidential alerts are especially risky because users can't opt out of them, as they can with AMBER alerts or weather warnings.

"Fake alerts in crowded cities or stadiums could potentially result in cascades of panic," the researchers wrote. We got a glimpse of just how disruptive fake alerts can be last year, when a false alert mistakenly warned every cellphone in Hawaii that a nuclear missile was on its way. The panic would be more widespread if an alert were sent out nationwide. The paper warns that fixing the problem will require "a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers." Given the US government's relationship with some cell phone manufacturers in particular, that seems like a big ask.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
190 Shares
Share
Tweet
Share
Save

Popular on Engadget

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

View
YouTube is shutting down its TV-friendly web interface

YouTube is shutting down its TV-friendly web interface

View
SIM-based attack has been used to spy on people for two years

SIM-based attack has been used to spy on people for two years

View
Discord is pulling its subscription service's free games library

Discord is pulling its subscription service's free games library

View
Deluge of Pixel 4 photos confirms a few of the phone's key specs

Deluge of Pixel 4 photos confirms a few of the phone's key specs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr