Recall last year when Hawaii’s cellphone users received a terrifying—but incorrect—warning about an incoming missile attack? New research shows that hackers could easily hijack the nation’s emergency alert system in order to, say, send a fake message that appears to come from the President of the United States.
The June 17 paper by scholars at the University of Colorado Boulder looks at the Wireless Alert System, a federally run arrangement that can send three types of emergency warnings to cell phones: Presidential Alerts, Amber Alerts about missing children, and Imminent Threat Alerts, e.g., dangerous weather, inbound missiles, etc.
How many people could be affected? By their calculations, with just four fake cell towers you could hit 49,300 people seated together — say, in a stadium — with 90 percent success.
Here’s how Presidential Alerts, first tested in October, 2018 work. During a national emergency, FEMA officials send an alert message to phone companies that provide mobile service. Each phone company sends the message to a more local node called a customer broadcast center. That center then geo-targets cell towers to push the alert to connected cell phones.
Because cellphones are constantly hunting for the cell tower with the strongest signal, the researchers set up a fake tower with a relatively powerful 0.1-watt signal. The phones duly dropped their connection to legitimate towers and sought to connect with the fake one.
In normal cellular communication, a phone and tower will open their connection by exchanging messages to verify each other’s authenticity. An idle phone will try five times before dropping the connection, a process that takes about 45 seconds. In that period, it’s possible to send a “Presidential Alert Message” that the phone will read as real.
And when the phone isn’t idle, the researchers found that they could first jam the phone to knock it off the authentic signal and trick it into latching onto the fake tower.