Remember that emergency Presidential Alert system that made everyone’s phone obnoxiously buzz last year?
It turns out hackers can spoof these alerts with relatively little effort, according to a terrifying new paper that warns the flaw could result in mass panic.
The paper, titled “This is Your President Speaking: Spoofing Alerts in 4G LTE Networks,” details how a group of researchers were able to successfully fake mobile presidential alerts using commercially-available equipment. They were able to do so is due to a flaw in LTE networks that makes it possible for people to use store-bought equipment to create “black market cell towers,” according to the paper’s authors.
This vulnerability could amount to much more than a practical joke. As the paper’s authors point out, a phoney alert could have devastating effects if it’s sent out in a particularly dense area like a city center or stadium.
“Almost all of a 50,000-seat stadium can be attacked with a 90% success rate,” the University of Colorado researchers write. “The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic.”
The United States has already gotten a taste of this. Last year, an alert about an incoming ballistic missile terrified Hawaiians before officials confirmed it has been a mistake. An investigation later found that a series of blunders lead to the false alarm.
The University of Colorado researchers said this incident is what inspired them to look into the presidential alert system and potential vulnerabilities. They said they notified government officials of their findings before the paper was published, though they note that actually fixing the issue will be a lengthy process.