For consumers with smartphones, it’s not uncommon to receive emergency alert notifications for bad weather or other similar concerns.
While the government tested its alert system this past October, a recent study conducted by researchers from the University of Colorado Boulder discovered that this communication method could be susceptible to hackers, particularly when a lot of people are confined to one area, such as a sporting event or concert.
“We think this is something the public should be aware of to encourage cell carriers and standards bodies to correct this problem,” said researcher Eric Wustrow. “In the meantime, people should probably still trust the emergency alerts they see on their phones.”
The risk of a hack
The researchers ultimately decided to test national emergency alerts after being inspired by a real-life hack that affected millions of people in Hawaii. In that instance, residents received false emergency alerts that the state was going to be hit by a missile strike.
After doing their homework, the researchers learned that when the government or any national emergency alert is sent out to consumers, it utilizes a special channel that then reaches people in cell tower ranges. According to researcher Sangtae Ha, the group determined that this system is “reasonably secure,” but they also noted that “there are huge vulnerabilities between the cell tower and the users.”
To exploit the insecurities in the system, the researchers created an emergency alert that looked like the ones users typically see on their devices. The team planned to test them on cell towers, also of their own creation.
When put to the test in an area that would reach tens of thousands of people, the researchers’ fake emergency alert successfully made it to over 90 percent of phones. Due to the ease with which they were able to send such malicious messages, the researchers say they will continue to work on solutions to prevent hackers from terrorizing the public.