- The researchers noted that their attack method of sending fake alerts has worked in nine out of ten cases.
- The vulnerability can be abused by creating a malicious cell tower channel using off-the-shelf hardware and open-source software.
A vulnerability in LTE networks can be abused by hackers to launch spoofing attacks. The flaw can be exploited to send out spoofed AMBER alerts, and false presidential alerts.
What’s the matter?
Researchers at the University of Colorado Boulder have published a paper which demonstrates a way to send a simulated spoofed University of Colorado Boulderpanic alerts to every phone in a 50,000-seater football stadium.
The researchers noted that their attack method of sending fake alerts has worked in nine out of ten cases ( which is a 90% success rate).
How does it work?
The researchers had managed to demonstrate the spoofing attack method by exploiting a flaw in the LTE network. The vulnerability was abused by creating a malicious cell tower channel using off-the-shelf hardware and open-source software. The malicious cell tower is later used to deploy an exploit.
All the tests were performed in isolated RF shield boxes instead at the real playground.
“We find that with only four malicious portable base stations of a single watt of transmit power each, almost all of a 50,000-seat stadium can be attacked with a 90% success rate,” the researchers wrote.
“The true impact of such an attack would, of course, depend on the density of cell phones in range; fake alerts in crowded cities or stadiums could potentially result in cascades of panic,” they added.
Who are the targets?
The researchers noted that the LTE networks in countries like Europe, the US and South Korea are the potential targets of the attack. The networks in these countries have systems designed with principles similar to that of CMAS.
CMAS refers to the standard WEA (Wireless Emergency Alert) uses to send emergency alerts.
Possible preventative measures
The researchers have suggested adding digital signatures to each broadcast alert to authenticate the messages will make it difficult to send spoofed messages. However, the implementation of this method is not very easy.
Fixing this problem will require a large collaborative effort from mobile carriers, government stakeholders and cell phone manufacturers.