[sbe-eas] Upcoming FCC changes to EAS rules (September meeting agenda)

[Sean Donelan]

Outside of the Blackhat/DefCon conference?  No.

Its technically possible, and demonstrated to work.  Works best with very 
old phones.  Each new generation 3G/4G/5G/6G improves security.  I haven't 
checked if it would work on 5G (probably would, just haven't checked 
myself).  6G is under development.

Reason why: the WEA standards designed to get alerts to the public, even 
when parts of the network are broken (i.e. the parts that do 
authentication & billing).  Adding more security would slow/break stuff.

The risk assumed limited to a geographic area.  But if you want to see 
what happens, watch the Ukraine and Russia cell companies. A lot of 
theoritical stuff suddenly made practical.


On Fri, 9 Sep 2022, Rob Dale wrote:
> Good find! This one makes me wonder:
> 
> •             Requiring wireless providers to take steps to ensure that only
> valid alerts are displayed on consumer devices.
> 
> 
> Has there ever been a ‘fake WEA’ somehow put on a user’s phone? I can’t even
> begin to imagine how that could be done…