No, Presidential alerts can’t “access […] your phone”

On 2018-10-03, John McAfee tweeted:

This has spread like wildfire, with nearly 30k retweets and 41k likes as of writing. Unfortunately, it’s also completely untrue and does nothing but spread FUD.

While I have issues with the Presidential alert system (something I plan on writing about soon), absolutely none of the claims made in this tweet have even a grain of truth. Let’s break this down.

 There is no E911 chip

Simply put, there’s no such thing as an E911 chip in any phone that has ever or will ever exist. This is one of many things that the baseband of a phone handles, rather than a standalone chip.

 E911 doesn’t provide access to anything but approximate location

There’s no way for an E911 provider – even if Presidential alerts fell under that category (which they don’t) – to access anything but your location as reported by cell towers. McAfee might have been thinking of NG911 (Next Generation 911), which allows for video sharing. This has just started to be implemented by phones, e.g. iPhones on iOS 12. However…

 Presidential alerts are one-way only

Presidential alerts are sent in the same way as AMBER alerts and other types of broadcasts. They don’t involve any two-way communication between your phone and some centralized service, but rather are sent out as a blast to all devices within a region. As such, there’s no way for your phone to send any data whatsoever in response to them.


If this functionality existed, it would be the #1 target for every single security researcher in the world, including myself. Unfortunately for my bank account, and fortunately for cellphone users, McAfee’s claims have zero basis in reality.

Tl;dr: No, Presidential alerts aren’t going to allow the government to do anything to your phone but make it produce an obnoxious sound and a pop-up. There’s no mechanism for it, nor are there plans to make any of this a thing.

 
23
Kudos
 
23
Kudos

Now read this

If I were Bitfi

(Disclaimer: I am with HackerOne’s community team. I don’t want to bury the lede on that in any way, as H1 does come into this story.) If you’ve been on Twitter in the past two months and live in the security world, chances are good that... Continue →