Security vulnerabilities in LTE allow hackers to easily hoax presidential alerts
Researchers from the University of Colorado Boulder have warned that Presidential Alerts sent via the Wireless Emergency Alert (WEA) program can be easily spoofed by exploiting LTE security vulnerabilities.
For those unaware, WEA is an alerting network in the United States designed to disseminate emergency alerts to mobile devices such as cell phones and pagers under the mandate of the Warning, Alert, and Response Act of 2006.
These alerts include AMBER alerts, severe weather alerts, and (unblockable) Presidential Alerts, intended to inform the public of imminent threats.
The first national test of a mandatory Presidential alert (which means alerts issued by the President of the United States) was held on October 3, 2018, by the Federal Emergency Management Agency (FEMA) where a “presidential alert” was sent to all capable phones in the U.S.
However, it has now been discovered that the presidential alerts sent through WEA can be easily tricked. To prove this, the researchers developed and tested a spoofing attack on Presidential alerts, which has been described in their paper, “This is Your President Speaking: Spoofing Alerts in 4G LTE Networks.”
The researchers used a commercially-available software defined radio as well as modified open-source software tools to put together an alert with a custom message.
They found that with four malicious portable stations of a single Watt of transmit power each, they could send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. This was possible due to the fact that WEA alerts use LTE and the researchers were able to exploit multiple LTE security vulnerabilities.
“The true impact of such an attack would, of course, depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the researchers wrote.
Since the alerts are sent from a specific LTE channel to every compatible device in range, there is no way for the smartphones to find out the authenticity of the alert. In comparison to AMBER alerts or weather warnings, Presidential alerts are riskier as users can’t opt out of them.
The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers.” However, the problem could be addressed by adding digital signatures to alerts that would make it far more difficult to send spoofed messages.