Presidential text alerts are open to spoofing attacks, warn researchers

Researchers have shown that it’s technically possible for hackers to target the US presidential alerts system to send fake messages on a localised basis.

For anyone who can’t remember what these are, the Federal Emergency Management Agency (FEMA), which manages the system, sent a message to US 200 million mobile users designed to test the Wireless Emergency Alerts (WEA) system at 2:18 pm (ET) on 3 October 2018. It read:

Presidential Alert. THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.

Judging from Twitter responses and a legal challenge, not all Americans were pleased at the idea of being sent a text message of up to a 90-characters by the US President that they can’t opt out of or block, but it did achieve its purpose of publicising an unfamiliar element of the system.

Launched in 2006, there are in fact three types of Integrated Public Alert and Warnings System (IPAWS) alerts, the other two being Imminent Threat Alerts (usually weather or fire-related) and Amber Alerts used to tell people about missing or abducted children.

Emergency alerts also have the potential to go badly wrong, as millions of Hawaii residents discovered on 13 January 2018, when they received the following terrifying message at 8:07 am:

Emergency alert. Ballistic missile inbound to Hawaii. Seek immediate shelter. This is not a drill.

As people crawled under café tables in fear, it took 38 minutes for the authorities to confirm that the message was a false alarm caused by human error.

Cascades of panic

Intrigued by such events, researchers at the University of Boulder wondered to themselves whether it might be possible for hackers to sow chaos by generating similar entirely fake alerts.

Worryingly, in their paper, This is Your President Speaking: Spoofing Alerts in 4G LTE Networks, they have demonstrated that it is, at least for specific locales.

The fundamental weakness is that with a bit of effort it’s eminently possible to set up rogue cell towers (from 3G onwards called Evolved Node Bs or ‘eNodeB’ for short) which can be used to send spoof messages.

The authentication weaknesses that make this possible are complex but can be abused either by allowing mobile users to connect to the rogue tower, or by routing messages from a rogue tower through a genuine base station.

The researchers were able to build their hack using a software-defined radio, a modified version of some open source libraries, and four malicious bases with only 1Watt of transmit power each.

This would be good enough to target a stadium of 50,000 people with a 90% success rate across any one of the US’s largest four mobile networks.

The effect would, therefore, be limited to relatively small areas but would be simple to pull off in key locations:

Fake alerts in crowded cities or stadiums could potentially result in cascades of panic.

How might this be countered?

One solution would be to replace or upgrade cell base stations but that would be expensive and complex and take years to complete.

Another possibility for presidential alerts specifically would be to add digital signatures to messages although creating an interoperable system based on such an idea would require fiddly key management.

The researchers reason that the simplest patch might be to implement base station authentication by the devices themselves.

It’s not hard to imagine how enemies of the US might abuse presidential alerts to alarm or confuse its citizens at important moments. It’s also possible that debunked fake spoofing might cause many Americans to stop paying attention to genuine alerts.

In fact, at least one hacking attack has already happened in the US, the absurd ‘zombie apocalypse’ incident that happened in Montana in 2013. That used the medium of TV rather than mobile/wireless, but the warning was clear – the alerting system makes an inviting and vulnerable target.