There's been a recent test of emergency cell phone alert in the Netherlands -- original article was here -- and while broadcasting supposidly reaches the largest number of people in the surrounding area, timing and countless number of factors also matter :
"Cell phones throughout a downtown hotel beeped simultaneous Tuesday with an alert: there is a suspicious package in the building. It was a drill, run by Dutch authorities testing an emergency "cell broadcasting" system that sends a text message to every mobile phone in a defined area. Representatives from 21 national governments, New York City and the U.S. Federal Emergency Management Agency, or FEMA, watched the signal go out to cell phones throughout the Sofitel hotel in Amsterdam. About half the people in the building then followed instructions and evacuated. "We want to see what worked and what didn't," said David Webb, of FEMA's Urban Search and Rescue Program. "The EU (European Union) is really leading the way with this technology."
What if :
- Even in case that key emergency personal were to use a seperate communication network, radio for instance, broadcasting to anyone accepting could result in significant delays, and even though the message is sent, it doesn't mean it would take advantage of the momentum
- cell phone jammers are often used by hotels to preserve the unique atmosphere and undisturbed conference meetings can prove contradictive, excluding the fact that the parties supposidly plotting the attack don't use one by themselves
- despite the fact that one in five will pick up their mobile during sex, how many obsessively check for newly arrived sms messages?
- how would a tourist know how the successfully authenticate the local authories at the first place, in case of emergencies watch out for an sms from 010101, now I assume you know how easily I can sms you from the same number and impersonate the number
- what should the user be mostly aware of be aware of, mobile malware, SMSishing, or "call this 0 900 or else I won't tell you where's the attack" type of messages
- from a multilingual point of view, will it be using English by default, and how many would be still enjoying their meals while everyone's leaving
Great idea, but it may prove challenging to evaluate the actual results in a timely manner. Sent doesn't mean received or read on time, even actioned upon.
Recommended reading:
SMS disaster alert and warning systems - don't do it !
Revisiting SMS during Disasters
Concept Paper on Emergency Communications during Natural Disasters
Exploiting Open Functionality in SMS- Capable Cellular Networks
The Role of Mobiles in Disasters and Emergencies
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Wednesday, September 13, 2006
Vulnerabilities in Emergency SMS Broadcasting
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment