funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to shut down a city: Fake emergency text alerts to cellphones

From: "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () gmail com>
Date: Sat, 12 Apr 2008 10:33:21 -0500
Well played, sir.  Well played.

On 4/12/08, Joel R. Helgeson <joel () helgeson com> wrote:


 Just once, why can't one of our poorly considered quick fixes work?



*From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On
Behalf Of *John C. A. Bambenek, GCIH, CISSP
*Sent:* Friday, April 11, 2008 12:38 PM
*To:* Richard M. Smith
*Cc:* funsec () linuxbox org
*Subject:* Re: [funsec] How to shut down a city: Fake emergency text
alerts to cellphones



Interestingly enough, my research assistant and I are working on a
research paper on this very subject right now.

On Thu, Apr 10, 2008 at 7:12 AM, Richard M. Smith <
rms () computerbytesman com> wrote:

Just imagine what will happen when a group of 15-year old kids spam out
10,000 text messages to cellphones in the 212 area code saying that a
cropduster anthrax attack is in progress and everyone should leave Manhattan
at once.......



Part of the problem here is that text messages can be sent in
bulk to cellphones via email gateways.   An email address for a cellphone
is very predicatable since it is the same as phone number of the cellphone.
A prankster can send out a fake alert to all phones in single cellphone
exchange with very little effort.



Richard




http://www.nytimes.com/2008/04/10/washington/10alert..html?_r=1&oref=slogin&pagewanted=print<http://www.nytimes.com/2008/04/10/washington/10alert.html?_r=1&oref=slogin&pagewanted=print>



April 10, 2008
Text Alerts to Cellphones in Emergency Are Approved

By THE ASSOCIATED PRESS

WASHINGTON<http://topics.nytimes.com/top/news/national/usstatesterritoriesandpossessions/washingtondc/index.html?inline=nyt-geo>(AP)
 — Federal regulators approved a plan on Wednesday to create a
nationwide emergency alert system using text messages delivered to
cellphones.

Text messages have exploded in popularity, particularly among young
people. The trade group for the wireless industry, CTIA, estimates more than
48 billion text messages are sent each month.

The plan stems from the Warning Alert and Response Network Act, a 2006
federal law that requires upgrades to the emergency alert system. The act
requires the Federal Communications 
Commission<http://topics.nytimes.com/top/reference/timestopics/organizations/f/federal_communications_commission/index.html?inline=nyt-org>to
 develop ways to alert the public about emergencies.

"The ability to deliver accurate and timely warnings and alerts through
cellphones and other mobile services is an important next step in our
efforts to help ensure that the American public has the information they
need to take action to protect themselves and their families prior to, and
during, disasters and other emergencies," the commission chairman, Kevin J.
Martin, said after the plan was approved.

Carriers' participation in the system, which has strong support from the
industry, is voluntary.

Cellphone customers would be able to opt out of the program. They also may
not be charged for receiving alerts.

There would be three types of messages, according to the rules.

The first would be a national alert from the president, probably involving
a terrorist attack or natural disaster.

The second would involve "imminent threats" that could include natural
disasters like 
hurricanes<http://topics.nytimes.com/top/reference/timestopics/subjects/h/hurricanes_and_tropical_storms/index.html?inline=nyt-classifier>,
tornadoes or university shootings.

The third would be reserved for child abductions, so-called Amber alerts..

The alerts would be delivered with a unique audio signature or "vibration
cadence."

The service could be in place by 2010.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: