Emergency Alert System

LTE flaws let hackers ‘easily’ spoof presidential alerts

Posted by | amber alert, Emergency Alert System, Government, hawaii, LTE, Mobile, mobile phones, president, Security, technology, telecommunications, text messaging, United States | No Comments

Security vulnerabilities in LTE can allow hackers to “easily” spoof presidential alerts sent to mobile phones in the event of a national emergency.

Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50,000-seat football stadium with little effort, with the potential of causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week.

Their attack worked in nine out of 10 tests, they said.

Last year the Federal Emergency Management Agency sent out the first “presidential alert” test using the Wireless Emergency Alert (WEA) system. It was part of an effort to test the new state-of-the-art system to allow any president to send out a message to the bulk of the U.S. population in the event of a disaster or civil emergency.

But the system — which also sends out weather warnings and AMBER alerts — isn’t perfect. Last year amid tensions between the U.S. and North Korea, an erroneous alert warned residents of Hawaii of an inbound ballistic missile threat. The message mistakenly said the alert was “not a drill.”

Although no system is completely secure, many of the issues over the years have been as a result of human error. But the researchers said the LTE network used to transmit the broadcast message is the biggest weak spot.

Because the system uses LTE to send the message and not a traditional text message, each cell tower blasts out an alert on a specific channel to all devices in range. A false alert can be sent to every device in range if that channel is identified.

Making matters worse, there’s no way for devices to verify the authenticity of received alerts.

The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders and cell phone manufacturers.” They added that adding digital signatures to each broadcast alert is not a “magic solution,” but would make it far more difficult to send spoofed messages.

A similar vulnerability in LTE was discovered last year, allowing researchers to not only send emergency alerts but also eavesdrop on a victim’s text messages and track their location.

Powered by WPeMatico

Presidential alerts we really hope Trump won’t send…

Posted by | america, donald trump, Emergency Alert System, Google, Government, Mobile, president, text messaging, Twitter, United States, White House | No Comments

Move over Twitter, President Trump now has the power to send every phone in the land a simultaneous message — thanks to the new “presidential alert”, tested by FEMA yesterday.

What’s it for? The idea is to enable the president of the United States to warn the nation of major threats — such as a natural disaster or terrorist attack.

FEMA did already have the power to mass text US phones, via the National Wireless Emergency Alert System devised by the Bush administration in 2006, which has been used for sending alerts about national emergencies like weather events or missing children at a local level.

But now the system has been expanded to allow for the White House to compose and send its own ‘presidential alert’ to all phones in a national emergency situation.

There is no opt-out.

Repeat: No opt-out.

Fortunately Congress did limit the substance of these alerts — to “natural disasters, acts of terrorism, and other man-made disasters or threats to public safety”, further stipulating that:

Except to the extent necessary for testing the public alert and warning system, the public alert and warning system shall not be used to transmit a message that does not relate to a natural disaster, act of terrorism, or other man-made disaster or threat to public safety.

But bearing in mind the ‘rip it up’ record of the current holder of office of the president of the US, there are no copper-bottomed guarantees about how ‘threat to public safety’ might be interpreted by president Trump.

So it remains a slightly mind-bending concept that the president could, say after a 3am binge-watch of his favorite TV show, fire out an alert entirely of his framing to EVERY US PHONE.

Technology is indeed a double-edged sword.

Here are a few ideas of presidential alerts we really hope Trump won’t be sending…

  • an accidental photo of a body part after he couldn’t figure out how to use the system and hit send accidentally
  • a text message intended for his son-in-law
  • “Donald Trump”
  • covfefe
  • an even worse spelling mistake, e.g. mangling the name of another world leader — like French president “Manuel Macaroon”
  • actual insults directed at other world leaders, e.g. suggesting Emmanuel Macron has a dandruff problem
  • threats of thermonuclear war
  • an unfortunate spoonerism, e.g. ‘the rockets are cot numbing’
  • a love sonnet to president Kim Jong-Un
  • encouragement to Russia to hack political opponents’ emails
  • a recipe for a “beautiful” chocolate cake
  • his golf handicap
  • an affiliate link to a brochure of Trump Tower
  • US stock market numbers
  • investment advice
  • an affiliate link to buy The Art of The Deal
  • any other book recommendations at all
  • a love sonnet to Ivanka Trump
  • a claim that the hurricane isn’t actually as bad as FEMA’s alert says it is
  • #MAGA
  • “Lock her up”
  • “His testimony was very credible, very credible”
  • “You also had some very fine people on both sides”
  • any claim about the size of the crowds at his inauguration
  • any claim about historical precedence and what his administration has achieved
  • all forms of self congratulation
  • his thoughts on the UN
  • his thoughts on NATO
  • his thoughts on the EU
  • his thoughts on China
  • his thoughts on the Queen
  • anything at all about women
  • “Melanie”
  • all insults about “the failing New York Times”
  • a heart emoji + the words “Tucker Carlson”
  • any text that includes the words “Fox & Friends”
  • any text that includes the phrase “America first”
  • a photo of Melania reclining on gilt furniture, in a gilt room, with some gilt statues
  • a selfie with anyone, especially Nigel Farage
  • any text written in ALL CAPS
  • any text ending with the word “Sad!”
  • his travel itinerary for his next trip to the Winter White House
  • a love sonnet to president Putin
  • ‘exciting’ real estate opportunities
  • credit for Brexit
  • a threat to Twitter not to shadowban conservative voices
  • “You’re fired!”
  • “Build the wall!”
  • “Mission accomplished!”
  • anything at all about president Obama
  • all sports commentary
  • anything containing the word “winning”
  • his thoughts on climate change
  • his thoughts on environmental protection
  • his thoughts on the safety of radioactive substances
  • a list of reasons why the Iran deal was a mistake
  • his thoughts on anything at all to do with the rest of the world
  • a photoshopped picture of Justin Trudeau to make him look ugly
  • diet advice
  • travel advice
  • fashion advice
  • complaints that Google is biased
  • anything about tax — unless it’s his own tax returns
  • a message to Peter Thiel asking him to come back
  • a message asking where the nearest KFC is
  • a message asking where he left his last bucket of KFC
  • a really boring and slightly blurred photo of the inside of Air Force One
  • any message about anything at all he saw on TV last night
  • “Ha-ha you can’t opt out!”
  • “Genius”
  • his thoughts

Powered by WPeMatico