Re: How to shut down a city: Fake emergency text alerts to cellphones

["Joel R. Helgeson" <joel () helgeson com>]

Just once, why can't one of our poorly considered quick fixes work?

 

From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of John C. A. Bambenek, GCIH, CISSP
Sent: Friday, April 11, 2008 12:38 PM
To: Richard M. Smith
Cc: funsec () linuxbox org
Subject: Re: [funsec] How to shut down a city: Fake emergency text alerts to
cellphones

 

Interestingly enough, my research assistant and I are working on a research
paper on this very subject right now.

On Thu, Apr 10, 2008 at 7:12 AM, Richard M. Smith <rms () computerbytesman com>
wrote:

Just imagine what will happen when a group of 15-year old kids spam out
10,000 text messages to cellphones in the 212 area code saying that a
cropduster anthrax attack is in progress and everyone should leave Manhattan
at once.......

 

Part of the problem here is that text messages can be sent in bulk to
cellphones via email gateways.   An email address for a cellphone is very
predicatable since it is the same as phone number of the cellphone.  A
prankster can send out a fake alert to all phones in single cellphone
exchange with very little effort.

 

Richard

 

http://www.nytimes.com/2008/04/10/washington/10alert..html?_r=1
<http://www.nytimes.com/2008/04/10/washington/10alert.html?_r=1&oref=slogin&;
pagewanted=print> &oref=slogin&pagewanted=print

 

April 10, 2008


Text Alerts to Cellphones in Emergency Are Approved 


By THE ASSOCIATED PRESS

WASHINGTON
<http://topics.nytimes.com/top/news/national/usstatesterritoriesandpossessio
ns/washingtondc/index.html?inline=nyt-geo>  (AP) - Federal regulators
approved a plan on Wednesday to create a nationwide emergency alert system
using text messages delivered to cellphones.

Text messages have exploded in popularity, particularly among young people.
The trade group for the wireless industry, CTIA, estimates more than 48
billion text messages are sent each month.

The plan stems from the Warning Alert and Response Network Act, a 2006
federal law that requires upgrades to the emergency alert system. The act
requires the Federal
<http://topics.nytimes.com/top/reference/timestopics/organizations/f/federal
_communications_commission/index.html?inline=nyt-org>  Communications
Commission to develop ways to alert the public about emergencies.

"The ability to deliver accurate and timely warnings and alerts through
cellphones and other mobile services is an important next step in our
efforts to help ensure that the American public has the information they
need to take action to protect themselves and their families prior to, and
during, disasters and other emergencies," the commission chairman, Kevin J.
Martin, said after the plan was approved.

Carriers' participation in the system, which has strong support from the
industry, is voluntary.

Cellphone customers would be able to opt out of the program. They also may
not be charged for receiving alerts.

There would be three types of messages, according to the rules.

The first would be a national alert from the president, probably involving a
terrorist attack or natural disaster. 

The second would involve "imminent threats" that could include natural
disasters like hurricanes
<http://topics.nytimes.com/top/reference/timestopics/subjects/h/hurricanes_a
nd_tropical_storms/index.html?inline=nyt-classifier> , tornadoes or
university shootings.

The third would be reserved for child abductions, so-called Amber alerts..

The alerts would be delivered with a unique audio signature or "vibration
cadence."

The service could be in place by 2010.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.