Fake presidential alerts can be easily sent out using LTE vulnerabilities
What you need to know
- The University of Colorado Boulder discovered a vulnerability with presidential alerts.
- Using LTE, the alerts can be easily spoofed and sent out to thousands of people.
- The test was performed successfully 9 out of 10 times.
Last October, the Federal Emergency Management Agency sent out the nation's first "presidential alert." Using the same alert system that delivers AMBER and weather alerts to your phone, the presidential alert allows the acting President of the United States to send messages to U.S. citizens in the event of a disaster or emergency.
Unfortunately, at least according to a study done by the University of Colorado Boulder, the system isn't nearly as secure as it probably should be.
Using nothing more than readily available hardware and open-source software, the team at the university was able to send a spoofed presidential alert to every single phone in a football stadium consisting of 50,000 seats. The spoofed message was successfully sent out nine out of the ten times it was attempted.
Commenting on its findings, the University of Colorado Boulder said:
It's said that digital signatures could be added to the alerts, making it "far more difficult to send spoofed messages", but that it isn't a "magical solution."
Emergency alerts and Android: What you need to know
Be an expert in 5 minutes
Get the latest news from Android Central, your trusted companion in the world of Android
Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.