[funsec] Aren't emergency messages to cellphones a bad idea?
lcamtuf at dione.ids.pl
Tue Jun 20 12:19:13 CDT 2006
On Tue, 20 Jun 2006, Richard M. Smith wrote:
> Here's a thought experiment. Let's say a teenager blasted out 10,000 fake
> SMS messages to area code 617 warning of an anthrax attack in downtown
> Boston and that everyone should get out of the area at once. How bad would
> be the mess? Do we really want a emergency warning system that anyone can
> use to send out messages of their choice?
On a slightly more serious note...
The thing is, most of emergency broadcast systems are quite vulnerable to
spoofing. The benefits outweight the risks, however, and the abuse is not
common. By making them overly complex and spoof-proof, you're not only
risking a greater chance of critical failure, but your effort is also
quite likely futile. That's because people are quite naive and prone to
scares - no matter how well you protect the integrity of the "official"
channel, an illussion of authority is sufficient to trigger widespread
panic. You can put some lights and decals on your pick-up, grab a
megaphone - and prompt a nice stampede in any crowded place.
There are some deterrents, but most of them boil down to requiring SOME
(not a whole lot) time and effort to mount successful attacks, and
discouraging attackers altogether by imposing stringent consequences for
This channel is probably no different: it takes time, effort and money to
send these messages, the attack can be easily noticed, tracked, and
stopped in its tracks before you've reached enough recipients. It's also
hard to hide with a cell phone, so you're risking a lot.
So yeah, you can do that, and there's a million other ways to subvert
modern society. This method is probably not particularly notable or
effective, as far as my standards for doomsday scenarios go...
More information about the funsec