From Spoofing to Trust: Emergency Alerts Spoofing Testbed and Cross-Cell Verification

TL;DR

This paper demonstrates a novel open-source 5G emergency alert spoofing attack and proposes a cross-cell verification method to detect forged alerts, highlighting security vulnerabilities in public warning systems.

Contribution

It introduces the first open-source 5G alert spoofing attack and a cross-cell verification defense mechanism to improve alert authenticity verification.

Findings

Devices display spoofed alerts readily

Spoofing enables multiple attack scenarios

Cross-cell verification can detect forged alerts

Abstract

Public warning systems (PWS) in cellular networks enable authorities to broadcast emergency alerts to all mobile phones in a geographic region in the event of threats such as earthquakes or severe weather. If an attacker can imitate these alerts and transmit a forged warning containing fake news or phishing links, the impact could range from public panic to user compromise. In this work, we present the first open-source 5G emergency alert spoofing attack, implemented by modifying the openairinterface (OAI) radio access network (RAN) code and executed using a software-defined radio, complemented by a custom network management system to automate network and warning configuration. We conduct a detailed analysis of how different smartphones behave under various conditions. Our findings show that while devices readily display spoofed alerts, the alerting mechanism enables multiple practical attack scenarios beyond simple warning display. Finally, to address this threat, we propose and implement a lightweight cross-cell verification mechanism in OAI, in which the device compares the received warning with neighboring cell broadcasts to flag single-source alerts as suspicious.