In their paper, the researchers developed and tested a spoofing attack on presidential alerts. They used commercially available hardware and modified open-source software to send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. The vulnerability is due to the fact that WEA alerts use LTE. Alerts are sent on a specific channel to every compatible device in range, and there’s no way for the device to verify the authenticity of the alert. Presidential alerts are especially risky because users can’t opt out of them, as they can with AMBER alerts or weather warnings.
“Fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” the researchers wrote. We got a glimpse of just how disruptive fake alerts can be last year, when a false alert mistakenly warned every cellphone in Hawaii that a nuclear missile was on its way. The panic would be more widespread if an alert were sent out nationwide. The paper warns that fixing the problem will require “a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers.” Given the US government’s relationship with some cell phone manufacturers in particular, that seems like a big ask.