Wireless Emergency Alerts (WEA) protocol Use of a Broken or Risky Cryptographic Algorithm Vulnerability
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12).
The information has been provided by Gyuhong Lee
The original article can be found at:https://dl.acm.org/citation.cfm?id=3326082
Testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.
Wireless Emergency Alerts (WEA) protocol
Published Date: 11/01/2019