Connect with us

Mobile

It is ridiculously easy to send fake threats through the emergency alert system

Everything is terrible.

emergency alert system
Image: Medium

Man, it has not been a good week for mobile phone security. Whether it’s the ongoing plague of robocalls or the “massive espionage campaign” hackers are carrying out on our call records, our cell phones are seemingly becoming more weaponized by the day (and that’s not even counting the horn-shaped bone spurs they’re apparently giving us).

As it turns out, even the system we rely on in cases of emergency can be used against us.

Speaking at the International Conference on Mobile Systems, Applications and Services in Seoul, South Korea, a team of researchers from the University of Boulder revealed how easy (and cheap) it was to hijack the WEA (wireless emergency alerts) system.

“We were able to do this attack with commercially-available software defined radios for about $1000,” said Eric Wustrow, a co-author of the study and an assistant professor in Electrical, Computer and Energy Engineering.

What is a wireless emergency alert system?

Wireless emergency alerts are typically used to warn cell phone users in a given area of everything from an AMBER alert to a weather warning. The system controlling them is currently operated by both the FCC and FEMA and uses geographic targeting to blast the alert over an LTE channel.

While the transmissions from the government agencies to the cell towers are secure, it’s the subsequent transmission from the tower to the user that is vulnerable to an attack. Vice offers a rundown of how the researchers were able to hijack the communication at this stage:

To prove it, researchers built a mini “pirate” cell tower using easily-available hardware and open source software. Using isolated RF shield boxes to mitigate any real-world harm, they then simulated attacks in the 50,000 seat Folsom Field at the University. 90 percent of the time, the researchers say they were able to pass bogus alerts on to cell phones within range.

The study comes in response to a January 2018 emergency alert that erroneously informed Hawaii residents of an impending nuclear ballistic missile attack. One could easily see the type of mass panic a hacker could cause by sending a false message to a sports stadium or subway station, which is why Wustrow is so adamant about finding a solution.

Until then, I have only one piece of advice: BURY YOUR PHONES IN SAND AND TAKE TO THE SEA!

What do you think? Surprised by how easy it is to hack into the emergency broadcasting system? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Mobile