Interesting use of the concept of "false alert" -the Hawaii Missile alert was valid, well formed and conformed to protocol in the Layer1 and Layer2 senses. It was a message which was capable of being sent and acted on by software systems.
The problem was, it wasn't initiated through the auspices of the channels which are permitted to approve a message. So, it was "false" in the higher layer senses, not in the actual formal structure, more in the process chains.
Ronald Reagan hot-microphone "I declared war on Russia" as a sound check is a bit more in the "false" space. Or, that txt message Abraham Lincoln sent about trust on the internet.
To me, the falsity begs a layer question. If the lower layers are well formed, the falsity has to lie in the higher layer processes. It was a falsely authorised message. It was sent over the correct channels, injected by the correct endpoints. It just wasn't what had been approved to be sent. (if approved at all) -Thats not "false" thats "unapproved"
The problem is as much with the name, as with the formalisms around sending. If you want this to really be a presidential alert then wire it to some MFA which is bound to the current occupant of the role. If its just that guy getting his guy to call some guy who approves a tech at AT&T sending a message, then it shouldn't have been called a presidential message.
(hats off to the authors of the paper who did some stellar work on spoofing a send event, and show how it would work in a small radius of a transmitter in an event like a football game)
Avoiding such false messages on the human layer is all about interface design and we know how to do that in principle. The problem is just that it isn't done always when it is needed. In case of the Hawaii missle alert there are multiple sources describing the UI as being two similar looking buttons right next to each other: https://www.theguardian.com/technology/2018/jan/15/hawaii-mi...
Just make the actual missle alert button big and red and have users confirm a prompt after clicking.
In Reagans case it is also about the "interface". If footage that leaved the set is not checked, because there is no delay, well then unchecked footage goes out.
Or if you’re asking in earnest there’s a meme of the format:
“You can’t trust quotes on the internet - Abraham Lincoln” - the joke being Lincoln couldn’t have written the joke for the internet was not yet invented at the time of his passing.
(Context: today there was rare a pre-scheduled test of the emergency broadcast system that buzzed every phone and radio in the entire United States. It seems to have generally been successful, and it’s genuinely amazing to think about the sheer scale and reach of this system.)
What weird timing because I just got my first ever "Presidential alert" in Croatia because a plastics factory was burning south of my city. Luckily there was a northernly wind all day.
Right after the IT-alert the quality of my mobile internet connection plummeted for almost an hour, my ping from Italy to Netherlands was between 100 and 600ms (usually it's 30-55ms).
My guess is that some people weren't aware of the test and started calling their relatives asking questions.
same in germany around the 1st. was at a store with friends from the US and china. Everyone one's phones started to ping. Even the US and china ones on roaming (or local sim cards? don't really know)
I guess so, but myself and roughly half the people I've talked to got the audible alert in Spanish but not in English. This doesn't seem quite successful to me, but where do I send my feedback?
I wouldn't mind getting a "nukes in 30 minutes" warning (if it was real) but most of the alerts are useless. What use is an amber alert for "somebody kidnapped a kid (custody dispute) 500 miles away from you, be on the lookout for a white truck"? I left those alerts on for a few years because I felt guilty about turning them off, but none of the alerts were ever actionable.
BOLOs are usually Amber Alerts, which are distinct from National Emergency Broadcasts. You can turn off AAs, I don't think you can turn off the others.
Without rooting or using custom roms. Current phone is stock Oneplus 6T with all alerts disabled. I got none yesterday.
Edit: At first I incorrectly mentioned 7T. 6T is my current phone. I should probably do something about that eventually as it doesn't get updates anymore. I see in the settings something for alerts but it doesn't open. I have no clue how I disabled them but I did.
In a serious note, this will most likely never be patched. SS7 vulnerabilities have been know for even longer but the sheer effort needed to collaborate between every single company, manufacturer and policy makers make it a non starter.
Also having the possibility of making it so all old phones no longer get these messages could also be an accessibility problem that gets whomever tries to run with it kicked out of office.
With current climates being 3/4 years max in office with the possibility the next person will scrap whatever you do... makes it a hard problem to solve.
You could build a more secure version and mandate it’s the only one used for new devices / in all future SW updates for phones.
Over time it would supplant the old one and the vast majority of people would get the secure alert today.
During an emergency you’d send both but spoofs would only be able to hit old phones that don’t receive software updates / don’t support the secure variant.
Securing is also pretty simple since the government could just publish the public key they’ll use for signing these alerts and OS vendors could refresh that key on a regular basis.
> Securing is also pretty simple since the government could just publish the public key they’ll use for signing these alerts and OS vendors could refresh that key on a regular basis.
That would mean hundreds of keys to manage and regularly update, with various entities at various levels of government needing their own keys, etc. It's not impossible, but it certainly wouldn't be pretty simple for OS vendors.
Nope. Just a single pair of keys for one country. Make signing the message the responsibility of the country’s government. If city x needs to generate an alert, it sends the message over secure channels to state Y with the keys internal to them. State Y sends it up to the federal level. Federal signs it. Can even do it with a wrapped chain of trust. Then all you need is to validate 1 key per country with the rest acting like a chain of trust. Think domain names but for governments.
It’s a legitimate issue if the different levels of government are disfunctional / fighting with each other, but it’s better at that point to leave it as a political problem for them to solve.
That's a very simplistic take, and it's not going to work in many places. Like Belgium, I'm pretty sure the various sublevels would just setup their own channels and ignore the federal one.
Belgium isn't going to become unitary again because of a telecommunications standard.
Or French Polynesia, New Caledonia, in case of emergency they're going to send a message to mainland France to sign it and back? That's very impractical and better hope the emergency doesn't involve a problem with long-distance communications.
Key management is challenging when scaled to an entire nation. Also the trust model in broadcasting is not end to end. On cellular networks especially before 4G the phones trust the network implicitly.
The problem was, it wasn't initiated through the auspices of the channels which are permitted to approve a message. So, it was "false" in the higher layer senses, not in the actual formal structure, more in the process chains.
Ronald Reagan hot-microphone "I declared war on Russia" as a sound check is a bit more in the "false" space. Or, that txt message Abraham Lincoln sent about trust on the internet.
To me, the falsity begs a layer question. If the lower layers are well formed, the falsity has to lie in the higher layer processes. It was a falsely authorised message. It was sent over the correct channels, injected by the correct endpoints. It just wasn't what had been approved to be sent. (if approved at all) -Thats not "false" thats "unapproved"
The problem is as much with the name, as with the formalisms around sending. If you want this to really be a presidential alert then wire it to some MFA which is bound to the current occupant of the role. If its just that guy getting his guy to call some guy who approves a tech at AT&T sending a message, then it shouldn't have been called a presidential message.
(hats off to the authors of the paper who did some stellar work on spoofing a send event, and show how it would work in a small radius of a transmitter in an event like a football game)