That next text from President Donald Trump might be fake: A group of researchers was able to send out fake, unblockable presidential alerts to phones in a 50,000-seat football stadium.
The team from the University of Colorado Boulder figured out a way to spoof the alert and send it out using commercially available software-defined radio, as well as modifications to the open source NextEPC and srsLTE libraries. Basically, they proved that anyone with the right equipment and software can send fake alerts to your phone with a 90% success rate.
The Federal Emergency Management Agency tested its first presidential alert in October. These Wireless Emergency Alerts (WEA) are meant to allow the president to quickly and easily communicate with Americans during emergencies. The messages are similar to severe weather alerts or Amber alerts, but you can’t turn off presidential alerts. That means if your phone gets a fake one, you’re going to see it.
The researchers published a paper this month with the results of their test, which used portable base stations to mimic the LTE signal sent out by a cell phone tower. While the test at University of Colorado Bolder’s Folsom Field didn’t actually hit 50,000 people, the fake alerts did appear on both iOS and Android phones.
“We find that with only four malicious portable base stations of a single watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate,” the researchers wrote. “The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic.”
It’s easy to imagine how fake unblockable texts purportedly coming from the president of the United States could be abused. Malicious actors could use them to fool thousands of people into thinking the country was under attack or a stadium needed to be evacuated. Knowing that a text could be fake might also cause people to doubt messages they receive during real emergencies.
The University of Colorado Boulder researchers were clear in their paper that this is a massive vulnerability in the country’s cell phone network. While they suggested a few ways to fix the problem, none are easy.
“Fixing this problem will require a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers,” they wrote.
- Make some time for the best smartwatch deals for June 2019
- 343 Industries says first beta for Halo: Reach on PC will be next week
- Get your walking shoes on. Uber kicks low-rated riders to the curb
- PayPal vs. Google Pay vs. Venmo vs. Square Cash vs. Apple Pay Cash
- How to use Waze