President Speaking: Spoofing Alerts in 4G LTE Networks (2019) [pdf]

Interesting use of the concept of &quot;false alert&quot; -the Hawaii Missile alert was valid, well formed and conformed to protocol in the Layer1 and Layer2 senses. It was a message which was capable of being sent and acted on by software systems.<p>The problem was, it wasn&#x27;t initiated through the auspices of the channels which are permitted to approve a message. So, it was &quot;false&quot; in the higher layer senses, not in the actual formal structure, more in the process chains.<p>Ronald Reagan hot-microphone &quot;I declared war on Russia&quot; as a sound check is a bit more in the &quot;false&quot; space. Or, that txt message Abraham Lincoln sent about trust on the internet.<p>To me, the falsity begs a layer question. If the lower layers are well formed, the falsity has to lie in the higher layer processes. It was a falsely authorised message. It was sent over the correct channels, injected by the correct endpoints. It just wasn&#x27;t what had been approved to be sent. (if approved at all) -Thats not &quot;false&quot; thats &quot;unapproved&quot;<p>The problem is as much with the name, as with the formalisms around sending. If you want this to really be a presidential alert then wire it to some MFA which is bound to the current occupant of the role. If its just that guy getting his guy to call some guy who approves a tech at AT&amp;T sending a message, then it shouldn&#x27;t have been called a presidential message.<p>(hats off to the authors of the paper who did some stellar work on spoofing a send event, and show how it would work in a small radius of a transmitter in an event like a football game)

(Context: today there was rare a pre-scheduled test of the emergency broadcast system that buzzed every phone and radio in the entire United States. It seems to have generally been successful, and it’s genuinely amazing to think about the sheer scale and reach of this system.)

&gt; Fixing this problem will require a large collaborative effort between carriers, government stakeholders, and cell phone manufacturers.<p>Do we know if any of this has been patched since the paper in 2019? One could hope…

Summary: <a href="https:&#x2F;&#x2F;pdf2gpt.com&#x2F;?summary=3ade1d183ee74c0aa8fff901e892dc57" rel="nofollow noreferrer">https:&#x2F;&#x2F;pdf2gpt.com&#x2F;?summary=3ade1d183ee74c0aa8fff901e892dc5...</a>

Why on earth are these messages not signed with a key that is distributed to the phones by the carriers?

(PDF)