Search papers, labs, and topics across Lattice.
This paper presents a practical spoofing attack on 5G emergency alert systems by modifying the openairinterface RAN code and using software-defined radio to broadcast forged warnings. The attack reveals vulnerabilities in smartphone handling of alerts, enabling scenarios beyond simple display of fake warnings. To mitigate this, the authors propose and implement a cross-cell verification mechanism where devices compare received alerts with neighboring cell broadcasts to identify suspicious single-source alerts.
5G emergency alert systems are surprisingly vulnerable to spoofing attacks that can do more than just display fake warnings.
Public warning systems (PWS) in cellular networks enable authorities to broadcast emergency alerts to all mobile phones in a geographic region in the event of threats such as earthquakes or severe weather. If an attacker can imitate these alerts and transmit a forged warning containing fake news or phishing links, the impact could range from public panic to user compromise. In this work, we present the first open-source 5G emergency alert spoofing attack, implemented by modifying the openairinterface (OAI) radio access network (RAN) code and executed using a software-defined radio, complemented by a custom network management system to automate network and warning configuration. We conduct a detailed analysis of how different smartphones behave under various conditions. Our findings show that while devices readily display spoofed alerts, the alerting mechanism enables multiple practical attack scenarios beyond simple warning display. Finally, to address this threat, we propose and implement a lightweight cross-cell verification mechanism in OAI, in which the device compares the received warning with neighboring cell broadcasts to flag single-source alerts as suspicious.
