While LTE is already getting ready to make way for 5G, a working exploit has found flaws in the Long-Term Evolution (LTE) standard which could cause utter chaos among the public.
According to a research conducted at University of Colorado, the security vulnerabilities in LTE can allow hackers to potentially spoof presidential alerts sent to mobile phones in the event of a national emergency.
It was made possible using customized and open-source software. An alert could be sent to every phone in a 50,000-seat football stadium causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week. Their attack worked in nine out of ten tests, they said.
You could have received a “It might rain today” warning . Similar is a presidential alert but this time it is a red flag sent to every cellphone user in the country with a disaster in sight.
On October 3, 2018, the U.S government agencies ran their first trial for a new national alert system. The users received a text message labelled “Presidential Alert.” The message read: “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”
No system could be perfectly secure but much of the issues over the years have been as a result of human error. LTE network used to transmit the broadcast message could be the biggest weak spot as per researchers.
Because the system uses LTE to send the message and not a traditional text message, each cell tower blasts out an alert on a specific channel to all devices in range. A false alert can be sent to every device in range if that channel is identified. There is no way someone could verify the genuineness of the message.
LTE is widely used. The flaws discovered could have massive implications. Wireless networks that consumers often take for granted aren’t foolproof.
The researchers, who have already reported their results to U.S. Government officials, say that the goal of their study is to work with relevant authorities to prevent such an attack in the future. The team has already come up with a few ways to thwart such an attack and is working with partners in industry and government to determine which mechanisms are most effective.