A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked.
The attack is possible thanks to multiple vulnerabilities in how LTE works.Our attack can be performed using a commercially-available software defined radio, and our modifications to the open source NextEPC and srsLTE software libraries. We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The true impact of such an attack would of course depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic.
Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.
- alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified
- phones have no way of knowing if an alert is genuine or not