At the 2019 International Conference on Mobile Systems, Applications and Services in Seoul, researchers from the University of Colorado Boulder presented their findings about potential spoofing of the US presidential alert system. A backdoor in the messaging system enables hackers to disseminate fake messages across contained areas (think sports stadiums, transit hubs, and city blocks).
Although the US government has been made aware of the issue, the researchers want the public to know in order to help pressure cell service providers to safeguard systems.
“Sending the emergency alert from the government to the cell towers is reasonably secure,” said researcher Sangtae Ha, an assistant professor in the University of Colorado Boulder’s Department of Computer Science. The biggest vulnerabilities lie between the cell towers and the users. In this liminal space, the messages are liable to be tampered with. There are likely multiple ways to do this, one of which includes the use of black market cellular towers.
The researchers decided to look into safety of the national emergency alert system following the accidental missile alert sent to residents of Hawaii in October of 2018.
Increasing the salience of the inquiry, earlier this year, Australia’s emergency alert system endured an actual cyber attack. An unauthorized individual sent out what was fortunately a harmless text message to tens of thousands of individuals across the country.
Working with partners in the industry and government groups, the Colorado research team is designing mechanisms to protect against additional attacks of this nature.
For more on this story, visit CNET.