It will only take a YouTube tutorial and equipment costing around £1,000 to hack into the UK’s new emergency alert system, which is being tested for the first time on Sunday, government sources have admitted.
The Telegraph is reporting that anyone who wanted to have a go — from pranksters or fraudsters to protesters and eco-warriors — could theoretically grab hold of some basic technology to issue fake alerts to smartphones within a certain distance, causing distress or sparking panic in densely populated venues.
According to the article, government sources admitted the system could be vulnerable to hackers through simply using a laptop and transmitter to trick devices into believing a genuine alert has been posted, which is then shared via mobile phone operators.
READ MORE: UK’s emergency alert test will ring out on all phones at 3pm on Sunday
The loophole in the national alert system was first discovered in the US in 2019, and has yet to be fixed. A tutorial was even uploaded to YouTube by computer academics in the United States keen to warn of the system’s shortcomings.
A genuine test alert via the new emergency warning system will be sounded at 3pm on Sunday. It is expected that all smartphones in the UK with 4G or 5G technology that have not been switched off or had the alerts disabled in the settings will sound a siren and display an emergency message.
In this instance the text will explain the reason for the alert and end: “In a real emergency, follow the instructions in the alert to keep yourself and others safe”.
But according to The Telegraph, there is a security flaw that allows hackers to alert those with phones within a kilometre radius of a fake terrorist incident, natural disaster or attack from a foreign country. Tech experts from Colorado Boulder university published a research paper warning “fake alerts in crowded cities or stadiums could potentially result in cascades of panic”.
Academics working on the research added that with just four portable base stations and a small amount of transmit power, a 50,000-seat stadium could be sent “with a 90 per cent success rate” a fake emergency message. They said: “This attack can be done with commercially available software-defined radios costing less than $1,000, and a few modifications to open-source software.”
The university said it had sent its findings to the US government and other agencies. However, it is believed that the British system could be similarly vulnerable.
The National Cyber Security Centre in London, responsible for making the system secure, says a cyber attack is technically possible but unlikely, as that there have been no recorded incidents in the US system since its launch five years ago.
One cyber security expert speaking to The Telegraph anonymously said the Government should use a secure digital system and not analogue signals that rely on phone masts. The system has already come under fire from safety campaigners who fear the alarm could cause accidents, while domestic abuse charities said victims’ hidden “safe” phones could be exposed.
The Royal Society for the Prevention of Accidents issued a general warning to people to stop carrying out risky activities such as DIY with power tools and ladders around the time of the alert on Sunday to prevent injuries caused by the loud emergency signal.
A government spokesman told The Telegraph: “Our emergency alerts system is extremely secure, having been developed in conjunction with government cyber experts. The system will only ever be used in a very limited number of circumstances where there is a risk to life and all alerts will be published on gov.uk at the same time they are broadcast.”
The alert, depending on the exact time it goes out, could disturb TV viewers watching Race Across The World, The Masked Singer US, the London Marathon, World Championship Snooker and Formula E motor racing.