When we all received the presidential emergency alert last year on our cell phones, we were expecting it. That was an official test of a government alert, and it worked, Inside Towers reported. But what if hackers could access the same communication channels? The University of Colorado Boulder (UCB) studied this possibility and came to some disturbing conclusions.
The interdisciplinary team discovered a weak point in the system that could allow an unauthorized party a backdoor into the emergency alert process. “Sending the emergency alert from the government to the cell towers is reasonably secure,” said assistant professor in the Department of Computer Science Sangtae Ha, a researcher on the project. “But there are huge vulnerabilities between the cell tower and the users.” The team has passed their information along to the government.
An enterprising troublemaker could set up an illegal cell tower, transmit the alert over the right frequency, and distribute it to people’s smartphones. Tests using commercially available equipment were approximately 90 percent successful according to the UCB study. “We only need to broadcast that message into the right channel, and the smartphone will pick it up and display it,” said Ha.
The Boulder team is working with other government and private agencies to develop countermeasures to identify and stop this kind of hacking attempt. “We think it is concerning, which is why we went through a responsible disclosure process with different government agencies and carriers,” said Dirk Grunwald, a computer science professor.
July 8, 2019