funsec mailing list archives
Re: How to shut down a city: Fake emergency text alerts to cellphones
From: "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () gmail com>
Date: Sat, 12 Apr 2008 10:33:21 -0500
Well played, sir. Well played. On 4/12/08, Joel R. Helgeson <joel () helgeson com> wrote:
Just once, why can't one of our poorly considered quick fixes work? *From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On Behalf Of *John C. A. Bambenek, GCIH, CISSP *Sent:* Friday, April 11, 2008 12:38 PM *To:* Richard M. Smith *Cc:* funsec () linuxbox org *Subject:* Re: [funsec] How to shut down a city: Fake emergency text alerts to cellphones Interestingly enough, my research assistant and I are working on a research paper on this very subject right now. On Thu, Apr 10, 2008 at 7:12 AM, Richard M. Smith < rms () computerbytesman com> wrote: Just imagine what will happen when a group of 15-year old kids spam out 10,000 text messages to cellphones in the 212 area code saying that a cropduster anthrax attack is in progress and everyone should leave Manhattan at once....... Part of the problem here is that text messages can be sent in bulk to cellphones via email gateways. An email address for a cellphone is very predicatable since it is the same as phone number of the cellphone. A prankster can send out a fake alert to all phones in single cellphone exchange with very little effort. Richard http://www.nytimes.com/2008/04/10/washington/10alert..html?_r=1&oref=slogin&pagewanted=print<http://www.nytimes.com/2008/04/10/washington/10alert.html?_r=1&oref=slogin&pagewanted=print> April 10, 2008 Text Alerts to Cellphones in Emergency Are Approved By THE ASSOCIATED PRESS WASHINGTON<http://topics.nytimes.com/top/news/national/usstatesterritoriesandpossessions/washingtondc/index.html?inline=nyt-geo>(AP) — Federal regulators approved a plan on Wednesday to create a nationwide emergency alert system using text messages delivered to cellphones. Text messages have exploded in popularity, particularly among young people. The trade group for the wireless industry, CTIA, estimates more than 48 billion text messages are sent each month. The plan stems from the Warning Alert and Response Network Act, a 2006 federal law that requires upgrades to the emergency alert system. The act requires the Federal Communications Commission<http://topics.nytimes.com/top/reference/timestopics/organizations/f/federal_communications_commission/index.html?inline=nyt-org>to develop ways to alert the public about emergencies. "The ability to deliver accurate and timely warnings and alerts through cellphones and other mobile services is an important next step in our efforts to help ensure that the American public has the information they need to take action to protect themselves and their families prior to, and during, disasters and other emergencies," the commission chairman, Kevin J. Martin, said after the plan was approved. Carriers' participation in the system, which has strong support from the industry, is voluntary. Cellphone customers would be able to opt out of the program. They also may not be charged for receiving alerts. There would be three types of messages, according to the rules. The first would be a national alert from the president, probably involving a terrorist attack or natural disaster. The second would involve "imminent threats" that could include natural disasters like hurricanes<http://topics.nytimes.com/top/reference/timestopics/subjects/h/hurricanes_and_tropical_storms/index.html?inline=nyt-classifier>, tornadoes or university shootings. The third would be reserved for child abductions, so-called Amber alerts.. The alerts would be delivered with a unique audio signature or "vibration cadence." The service could be in place by 2010. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- How to shut down a city: Fake emergency text alerts to cellphones Richard M. Smith (Apr 10)
- Re: How to shut down a city: Fake emergency text alerts to cellphones Nick FitzGerald (Apr 10)
- Re: How to shut down a city: Fake emergency text alerts to cellphones Rich Kulawiec (Apr 10)
- Re: How to shut down a city: Fake emergency text alerts to cellphones John C. A. Bambenek, GCIH, CISSP (Apr 11)
- Re: How to shut down a city: Fake emergency text alerts to cellphones Joel R. Helgeson (Apr 12)
- Re: How to shut down a city: Fake emergency text alerts to cellphones Rich Kulawiec (Apr 12)
- Re: How to shut down a city: Fake emergency text alerts to cellphones John C. A. Bambenek, GCIH, CISSP (Apr 12)
- Re: How to shut down a city: Fake emergency text alerts to cellphones Joel R. Helgeson (Apr 12)