Wireless Emergency Alerts (WEA) protocol Use of a Broken or Risky Cryptographic Algorithm Vulnerability


The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). 



























The information has been provided by Gyuhong Lee

The original article can be found at:https://dl.acm.org/citation.cfm?id=3326082



Testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.


Vulnerable Systems:

Wireless Emergency Alerts (WEA) protocol 


CVE Information:



Disclosure Timeline:
Published Date: 11/01/2019