Researchers at the University of Colorado Boulder have uncovered critical shortcomings in the Wireless Alert System that can enable threat actors to send fake Presidential Alerts to tens of thousands of people at once.
A research paper[pdf] outlines the attack, which requires the attacker to set up a fake cell tower. Such a tower will force the phones of thousands of people in the proximity to automatically attempt to connect to it. Normally this connection will fail since it requires authentication. However, a phone will wait for five minutes before disconnecting. In that period, threat actors will be able to send a “Presidential Alert Message,” to it, since these do not require an authenticated connection. As a result, thousands of people will receive a fake alert.
Read more: Researchers Show How to Send Fake Presidential Alerts To Your Phone