skip to main content
research-article
Open access

Securing the wireless emergency alerts system

Published: 22 September 2021 Publication History

Abstract

Modern cell phones are required to receive and display alerts via the Wireless Emergency Alert (WEA) program, under the mandate of the Warning, Alert, and Response Act of 2006. These alerts include AMBER alerts, severe weather alerts, and (unblockable) Presidential Alerts, intended to inform the public of imminent threats. Recently, a test Presidential Alert was sent to all capable phones in the U.S., prompting concerns about how the underlying WEA protocol could be misused or attacked. In this paper, we investigate the details of this system and develop and demonstrate the first practical spoofing attack on Presidential Alerts, using commercially available hardware and modified open source software. Our attack can be performed using a commercially available software-defined radio, and our modifications to the open source software libraries. We find that with only four malicious portable base stations of a single Watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate. The real impact of such an attack would, of course, depend on the density of cellphones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic. Fixing this problem will require a large collaborative effort between carriers, government stakeholders, and cellphone manufacturers. To seed this effort, we also propose three mitigation solutions to address this threat.

References

[1]
3GPP TR 33.969. Technical Specification Group Services and System Aspects; Study on security aspects of public warning system (PWS) (Release 15), 2018. http://www.3gpp.org/DynaReport/33969.htm.
[2]
3GPP TS 23.041. Technical Specification Group Core Network and Terminals; Technical realization of Cell Broadcast Service (CBS) (Release 15), 2018. http://www.3gpp.org/dynareport/23041.htm.
[3]
3GPP TS 29.168. Technical Specification Group Core Network and Terminals; Cell Broadcast Centre interfaces with the evolved packet core (Release 15), 2018. http://www.3gpp.org/dynareport/29168.htm.
[4]
3GPP TS 31.115. Technical Specification Group Core Network and Terminals; Secured packet structure for (Universal) subscriber identity module (U)SIM toolkit applications (Release 15), 2019. http://www.3gpp.org/dynareport/31115.htm.
[5]
3GPPx TS 36.211. Technical Specification Group Radio Access Network; Physical channels and modulation (Release 15), 2018. http://www.3gpp.org/dynareport/36211.htm.
[6]
3GPP TS 36.331. Technical Specification Group Radio Access Network; Evolved universal terrestrial radio access (E-UTRA); radio resource control (RRC) (Release 15), 2018. http://www.3gpp.org/dynareport/36331.htm.
[7]
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y. Highspeed high-security signatures. J. Cryptographic Eng 2, 2 (2012), 77--89.
[8]
Bui, N., Widmer, J. OWL: a reliable online watcher for LTE control channel measurements. In ACM All Things Cellular (MobiCom Workshop) (November 2016).
[9]
CellMapper. Cellular coverage and tower map, 2018. https://www.cellmapper.net.
[10]
Chen, X., Jindal, A., Ding, N., Hu, Y.C., Gupta, M., Vannithamby, R. Smartphone background activities in the wild: origin, energy drain, and optimization. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking (2015), MobiCom'15, Paris, France.
[11]
Goldsmith, A. Wireless Communications. Cambridge University Press, Cambridge, England, August 2005.
[12]
Gomez-Miguelez, I., Garcia-Saavedra, A., Sutton, P.D., Serrano, P., Cano, C., Leith, D.J. srsLTE: an open-source platform for LTE evolution and experimentation. In ACM WiNTECH (MobiCom, Workshop) (October 2016).
[13]
Huang, J., Qian, F., Gerber, A., Mao, Z.M., Sen, S., Spatscheck, O. A close examination of performance and power characteristics of 4G LTE networks. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (2012), MobiSys'12, Low Wood Bay, Lake District, UK.
[14]
Li, Y., Peng, C., Yuan, Z., Li, J., Deng, H., Wang, T. Mobileinsight: extracting and analyzing cellular network information on smartphones. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (2016), MobiCom'16, New York City, New York, USA.
[15]
Lichtman, M., Jover, R.P., Labib, M., Rao, R., Marojevic, V., Reed, J.H. LTE/LTE-A jamming, spoofing, and sniffing: threat assessment and mitigation. IEEE Commun. Mag. 54, 4 (April 2016), 54--61.
[16]
National Public Radio. Officials assess response to camp fire in northern california, 2018. https://goo.gl/iF12Vo.
[17]
NextEPC Inc. Open source implementation of LTE EPC, 2019. https://www.nextepc.com/.
[18]
Nsnam. NS-3: a discrete-event network simulator for internet systems, 2018. https://www.nsnam.org.
[19]
The Washington Post. Cellphone users nationwide just received a 'Presidential Alert.' Here's what to know, 2018. https://goo.gl/KRfDjf.
[20]
Wikipedia. Hawaii false missile alert, 2018. https://goo.gl/oD9ofx.
[21]
Yang, D., Xue, G., Fang, X., Tang, J. Crowdsourcing to smartphones: incentive mechanism design for mobile phone sensing. In The 18th Annual International Conference on Mobile Computing and Networking (August 2012), MobiCom'12, Istanbul, Turkey.
[22]
Yang, H., Huang, A., Gao, R., Chang, T., Xie, L. Interference self-coordination: a proposal to enhance reliability of system-level information in OFDM-based mobile networks via PCI planning. IEEE Trans. Wirel. Commun. 13, 4 (April 2014), 1874--1887.

Cited By

View all
  • (2024)Exploring the Impact of Big Data Analytics on Emergency Calls within Telecommunication SystemsProcedia Computer Science10.1016/j.procs.2024.06.021238(240-247)Online publication date: 2024

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 64, Issue 10
October 2021
89 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3487943
Issue’s Table of Contents
This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2021
Published in CACM Volume 64, Issue 10

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)905
  • Downloads (Last 6 weeks)149
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Exploring the Impact of Big Data Analytics on Emergency Calls within Telecommunication SystemsProcedia Computer Science10.1016/j.procs.2024.06.021238(240-247)Online publication date: 2024

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media