Emergency presidential alert texts could be faked, researchers say

Fake presidential alerts could be sent to tens of thousands of phones, according to a report out of the University of Colorado Boulder.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News, mobile, broadband, 5G, home tech, streaming services, entertainment, AI, policy, business, politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert
2 min read

Presidential alerts could be faked.


US presidential alerts sent out as nationwide emergency text messages could be vulnerable to hacks, according to researchers at the University of Colorado Boulder. The university has already alerted US government officials to the security problem.

Wireless Emergency Alerts (WEA) are geographically targeted messages that alert mobile users in the US about missing children (via Amber Alerts), severe weather and presidential announcements of national emergencies.

In a test of the presidential alert messaging system, the Federal Emergency Management Agency (FEMA) famously sent out a message nationwide from President Donald Trump in Oct. 2018. Hawaii was the victim of a false alert about an incoming ballistic missile in January of last year.

Now CU Boulder is saying presidential alert messages could be spoofed. Researchers say they found a backdoor that let them mimic alerts and blast fake messages to people confined to a small area, such as a city block or a sports stadium.

"Sending the emergency alert from the government to the cell towers is reasonably secure," said Sangtae Ha, assistant professor in the Department of Computer Science and co-author of the research report. "But there are huge vulnerabilities between the cell tower and the users."

Watch this: 5G and your health

The researchers developed software mimicking the presidential alert format and then used commercially available wireless transmitters to send the messages to phones within their radius. The team had a success rate of hitting 90% of all phones in the area it tested.

"We only need to broadcast that message into the right channel, and the smartphone will pick it up and display it," Ha said, adding that it could be sent to tens of thousands of phones.

The researchers tested across both the Apple iPhone X and Samsung Galaxy S8 .

FEMA didn't immediately respond to a request for comment.

From Apple to Samsung: 5G phones available right now

See all photos