Securing the wireless emergency alerts system
Open Access
- 22 September 2021
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in Communications of the ACM
- Vol. 64 (10), 85-93
- https://doi.org/10.1145/3481042
Abstract
Modern cell phones are required to receive and display alerts via the Wireless Emergency Alert (WEA) program, under the mandate of the Warning, Alert, and Response Act of 2006. These alerts include AMBER alerts, severe weather alerts, and (unblockable) Presidential Alerts, intended to inform the public of imminent threats. Recently, a test Presidential Alert was sent to all capable phones in the U.S., prompting concerns about how the underlying WEA protocol could be misused or attacked. In this paper, we investigate the details of this system and develop and demonstrate the first practical spoofing attack on Presidential Alerts, using commercially available hardware and modified open source software. Our attack can be performed using a commercially available software-defined radio, and our modifications to the open source software libraries. We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The real impact of such an attack would, of course, depend on the density of cellphones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic. Fixing this problem will require a large collaborative effort between carriers, government stakeholders, and cellphone manufacturers. To seed this effort, we also propose three mitigation solutions to address this threat.This publication has 7 references indexed in Scilit:
- MobileinsightPublished by Association for Computing Machinery (ACM) ,2016
- LTE/LTE-A jamming, spoofing, and sniffing: threat assessment and mitigationIEEE Communications Magazine, 2016
- Smartphone Background Activities in the WildPublished by Association for Computing Machinery (ACM) ,2015
- Interference Self-Coordination: A Proposal to Enhance Reliability of System-Level Information in OFDM-Based Mobile Networks via PCI PlanningIEEE Transactions on Wireless Communications, 2014
- Crowdsourcing to smartphonesPublished by Association for Computing Machinery (ACM) ,2012
- High-speed high-security signaturesJournal of Cryptographic Engineering, 2012
- A close examination of performance and power characteristics of 4G LTE networksPublished by Association for Computing Machinery (ACM) ,2012