funsec mailing list archives
Re: Aren't emergency messages to cellphones a bad idea?
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Tue, 20 Jun 2006 19:19:13 +0200 (CEST)
On Tue, 20 Jun 2006, Richard M. Smith wrote:
Here's a thought experiment. Let's say a teenager blasted out 10,000 fake SMS messages to area code 617 warning of an anthrax attack in downtown Boston and that everyone should get out of the area at once. How bad would be the mess? Do we really want a emergency warning system that anyone can use to send out messages of their choice?
On a slightly more serious note... The thing is, most of emergency broadcast systems are quite vulnerable to spoofing. The benefits outweight the risks, however, and the abuse is not common. By making them overly complex and spoof-proof, you're not only risking a greater chance of critical failure, but your effort is also quite likely futile. That's because people are quite naive and prone to scares - no matter how well you protect the integrity of the "official" channel, an illussion of authority is sufficient to trigger widespread panic. You can put some lights and decals on your pick-up, grab a megaphone - and prompt a nice stampede in any crowded place. There are some deterrents, but most of them boil down to requiring SOME (not a whole lot) time and effort to mount successful attacks, and discouraging attackers altogether by imposing stringent consequences for such vandalism. This channel is probably no different: it takes time, effort and money to send these messages, the attack can be easily noticed, tracked, and stopped in its tracks before you've reached enough recipients. It's also hard to hide with a cell phone, so you're risking a lot. So yeah, you can do that, and there's a million other ways to subvert modern society. This method is probably not particularly notable or effective, as far as my standards for doomsday scenarios go... /mz _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Aren't emergency messages to cellphones a bad idea? Richard M. Smith (Jun 20)
- Re: Aren't emergency messages to cellphones a bad idea? Michal Zalewski (Jun 20)
- Re: Aren't emergency messages to cellphones a bad idea? Michal Zalewski (Jun 20)