16 matches found
From Spoofing to Trust: Emergency Alerts Spoofing Testbed and Cross-Cell Verification
Public warning systems PWS in cellular networks enable authorities to broadcast emergency alerts to all mobile phones in a geographic region in the event of threats such as earthquakes or severe weather. If an attacker can imitate these alerts and transmit a forged warning containing fake news or...
CVE-2019-18659
The Wireless Emergency Alerts WEA protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 aka SIB12. NOTE: testing inside an RF-isolated shield box suggested that...
Millions at risk after nationwide CodeRED alert system outage and data breach
A nationwide cyberattack against the OnSolve CodeRED emergency notifications system has prompted cities and counties across the US to warn residents and advise them to change their passwords. CodeRED is used by local governments to deliver fast, targeted alerts during severe weather, evacuations,...
EUVD-2020-1938
Malware in sbrugna...
EUVD-2019-8376
Malware in sbrugna...
CVE-2020-0437
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0437
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0437
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-0437
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Design/Logic Flaw
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
ASB-A-162741784
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-18659
The Wireless Emergency Alerts WEA protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 aka SIB12. NOTE: testing inside an RF-isolated shield box suggested that...
CVE-2019-18659
The Wireless Emergency Alerts WEA protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 aka SIB12. NOTE: testing inside an RF-isolated shield box suggested that...
CVE-2019-18659
CVE-2019-18659 concerns the Wireless Emergency Alerts (WEA) protocol, where cryptographic authentication is not used, enabling spoofing of a Presidential Alert as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (SIB12). The connected Red Hat Red Hat advisory reiterates t...
New 4G LTE Network Attacks Let Hackers Spy, Track, Spoof and Spam
Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline. A new research paper PDF recently publish...
CVE-2016-5087
Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations...