Hey everyone, welcome back to My Weird Prompts. I am Corn, and I am sitting here in our living room in Jerusalem with my brother on this rather chilly February evening. It is February twenty-first, twenty-six, and the city feels a bit quieter than usual tonight, though the hum of the heater is definitely trying to compete with our microphones.
Herman Poppleberry here. It is good to be back at the desk, Corn. There is something about the winter air in Jerusalem that makes you want to dive into deep technical rabbit holes, and the topic we have today is about as deep as it gets when it comes to the intersection of public safety and telecommunications infrastructure.
It really is. We have had a pretty intense few months around here, and Daniel’s prompt today really hits home for anyone living in a high-tension area, or honestly, anyone who lives in a region prone to natural disasters like the wildfires we saw in California last year or the coastal flooding in Europe. Daniel wants to talk about the Red Alert system and the technology behind it, specifically the massive technical divide between app-based alerts and Cell Broadcast systems. Living here, we are all intimately familiar with the Home Front Command app, but Daniel noticed a shift lately toward these direct wireless alerts that pop up on your phone with that bone-chilling sound, regardless of whether you have an app installed or even a data plan.
It is a fascinating shift, Corn, and it is one that has been decades in the making. We have touched on emergency systems in passing before, but the technical divergence between an app-based alert, which relies on the standard internet stack, and a network-level broadcast is huge. It is the difference between a private courier trying to deliver a separate, hand-written letter to every single house in the city simultaneously versus someone just standing on the highest hill with a giant megaphone that everyone can hear at the exact same moment. One is a logistical nightmare during a crisis, and the other is a fundamental property of the environment.
That is a perfect analogy. And Daniel raised some really pointed questions about why we are seeing this shift now, the actual reliability of these systems when the towers are screaming, and whether they are actually as secure as we think they are. I mean, we have all experienced that moment where the physical siren goes off outside, you check your phone, and the app is just spinning or showing a loading icon because the network is jammed, but then this loud, jarring system alert takes over the whole screen and tells you exactly what is happening. It feels like the phone is being hijacked by the government, in a good way.
Exactly. And that lag you mentioned is not just a nuisance or a bug in the app code; it is a fundamental limitation of how the internet works on a cellular network. I have been digging into the latest specifications for Cell Broadcast, which is often called EU-Alert in Europe, or WEA, Wireless Emergency Alerts, in the United States. Technically, this falls under the Public Warning System, or PWS, standards. It is defined under the GSM standards, specifically in the three GPP specifications, primarily TS twenty-three dot zero forty-one. If you want to understand why your phone behaves differently during an alert, you have to look at the difference between the User Plane and the Control Plane.
Okay, you are already getting nerdy on me, Herman. Let us slow down for a second. Why is Cell Broadcast inherently more reliable than an app? I think most people assume that if they can scroll through Instagram or send a WhatsApp message, their emergency apps should work perfectly. But in an emergency, that logic seems to completely break down. Why?
It breaks down because of what engineers call the Mother’s Day effect, or more formally, network congestion. Think about how a standard app works. When an alert needs to go out, a central server at the Home Front Command or a weather service has to send a push notification. That notification goes to Apple’s servers for iPhones or Google’s servers for Android. Then, those servers have to establish a unique, individual connection to millions of specific devices. Even with high-speed fiber and five G, that is a point-to-point communication. The server has to say, okay, I am looking for Corn’s phone, is he online? Yes. Send the packet. Now I am looking for Herman’s phone. Is he online? Yes. Send the packet. Repeat that three million times in three seconds.
And if a million people in the same neighborhood are all receiving that packet at the exact same time, the local cell towers get overwhelmed, right? It is like a digital stampede.
Precisely. The data plane of a cellular network, which is what your apps use, is designed for high throughput, but it is not designed for millions of simultaneous, instantaneous requests to the same geographical area. When everyone’s phone tries to wake up and download the alert data or refresh the map in the app, the tower’s Random Access Channel, or RACH, gets choked. The tower literally cannot handle the number of devices trying to say, hey, I am here, give me my data. It is a bottleneck at the radio access network level. You could have the fastest server in the world, but if the local tower is shouting at ten thousand phones at once, most of those phones are going to be waiting in line.
So how does Cell Broadcast avoid that line? Does it just jump to the front?
It does not even stand in the line. Cell Broadcast does not use the data plane at all. It operates on the control plane. Specifically, it uses a dedicated broadcast channel that is part of the cellular overhead. It is a one-to-many transmission. The cell tower sends out a single signal that contains the alert message, and every mobile device within range of that tower that is listening to that specific frequency will pick it up. The tower does not care if there is one phone or one million phones in its area. It sends the message once, and everyone receives it simultaneously. There is no handshake, no individual session, and no acknowledgement sent back to the tower.
That is incredible. So, it is literally like a radio broadcast. The tower is just shouting the message, and any device with a SIM card is the radio receiver. It does not need to tell the tower it received it.
That is exactly right. And because it does not require an individual session, the latency is almost zero at the network level. In the escalations we saw back in twenty-one and even the more recent events in twenty-four and twenty-five, we saw cases where app-based alerts were lagging by several seconds, sometimes even up to a full minute, because of that server-side queuing and network congestion. In a situation where you only have fifteen or thirty seconds to get to a bomb shelter, a thirty-second lag is not just a delay; it is the difference between being safe and being caught in the open. Cell Broadcast hits the phone almost the exact millisecond the carrier pushes the button.
It also solves a major social problem here in Israel that Daniel mentioned, which is the digital divide. We have a large ultra-orthodox community who often use what we call kosher phones. These are devices that have no data plan, no web browser, and certainly no apps. They are basically just bricks that make phone calls. But they still have a cellular connection.
Right. And since Cell Broadcast is a carrier-level feature baked into the very foundation of GSM, UMTS, and LTE standards, even a basic feature phone from twenty years ago can receive these alerts if the firmware supports the broadcast channel. It does not need an IP address. It does not need an internet service provider. It just needs to be camped on a cell tower. This is why it is the gold standard for universal reach. You do not have to opt-in, you do not have to download anything, and you do not even need a positive balance on your prepaid SIM card.
That actually brings up an interesting point about the Shabbat use case Daniel mentioned. For our listeners who might not know, many observant Jews do not use electronic devices or even touch their phones from Friday sunset to Saturday night. But during times of conflict, the Jewish principle of Pikuach Nefesh, which means saving a life, takes precedence over almost every other religious law. Having a system that can bypass the need for an active, smart interaction and just blast a loud, distinctive siren from a device sitting on a table is a huge safety feature for those households.
It is. And the Home Front Command, along with carriers worldwide, has optimized the system so that these alerts can be set to override silent mode or do not disturb settings. That is something a standard app often struggles with because of operating system restrictions. Apple and Google are very protective of the user experience, so they limit what an app can do when the phone is locked or silenced. But a carrier-level emergency alert has what I call God mode privileges on your phone’s hardware. It talks directly to the firmware to trigger the maximum volume on the speaker and the specific vibration pattern defined in the wireless emergency alert standard.
Okay, so it is faster, it is more reliable under load, and it reaches people who are offline. But Daniel’s prompt gets a bit darker from here. He asked about the vulnerabilities. Are these systems subject to the same issues as SMS or GSM networks, like jamming or spoofing? We have heard a lot about IMSI catchers and fake cell towers being used in modern electronic warfare. If the system is so open, can it be faked?
This is where we get into the real cyber-security weeds. The short answer is yes, they are vulnerable, but the difficulty level of an attack varies significantly depending on whether the network is running on old legacy standards or modern five G infrastructure.
Let us break that down. Most people think of jamming as just blocking the signal. If someone jams the frequency, no alert gets through, right?
Correct. Jamming is a denial of service attack. If an adversary blasts white noise on the frequencies used by the cell towers, your phone will show no service, and you will not get the alert. This is a very real risk in modern electronic warfare. We have seen reports of GPS jamming and cellular interference in northern Israel and near the borders recently. If you can jam the civilian alerting frequencies right before a strike, you maximize the element of surprise and, unfortunately, the potential for casualties. It is a brutal but effective tactic.
But what about spoofing? Daniel mentioned seeing nonsensical or chaotic alerts during some of the recent barrages. Could an adversary actually send out a fake Red Alert to cause a mass panic? That sounds like a nightmare for a city like Jerusalem or Tel Aviv.
It is the ultimate psychological warfare scenario. In older networks, like two G or even some three G implementations, there was almost no mutual authentication. Your phone would basically trust any tower that claimed to be your provider. An attacker with a powerful enough software-defined radio, or SDR, could set up a fake base station, often called an IMSI catcher or a Stingray, and broadcast a Cell Broadcast message to every phone in a several-block radius.
And the phone would just display it as a legitimate emergency alert? No questions asked?
On those older systems, yes. The phone sees a message coming through the broadcast channel with the Emergency flag set, and it triggers the siren. Now, in four G LTE and five G, the standards have improved significantly. There are digital signatures and authentication mechanisms designed to prevent exactly this. The network is supposed to sign the broadcast message, and the phone is supposed to verify that signature before displaying the alert.
But is that actually implemented everywhere? I feel like we have seen cases where these security features are bypassed or just not turned on because the carriers are worried about compatibility.
You hit the nail on the head, Corn. Security is often sacrificed for the sake of backward compatibility. If a carrier wants to make sure that even the oldest, cheapest phones on their network can receive an alert, they might fall back to a less secure broadcast method that does not require complex cryptographic verification. Also, there have been some really eye-opening research papers lately. One from the University of Colorado a few years back showed how you could still spoof these alerts on four G networks by exploiting the way phones listen for System Information Blocks, or SIBs.
Wait, explain that. What is a SIB? It sounds like something out of a sci-fi movie.
SIB stands for System Information Block. It is how a cell tower tells your phone all the basic info it needs to connect, like what the network name is, what the country code is, and what frequencies to use. SIB type twelve is specifically reserved for the Commercial Mobile Alert System. The researchers found that because phones need to be able to read this info very quickly, even before they are fully authenticated or logged into the network, an attacker could inject a fake SIB twelve into a broadcast and trigger an alert on the device. Essentially, you are tricking the phone into thinking the tower is telling it there is an emergency before the phone even has a chance to ask the tower for its ID.
So, you could literally create a phantom air raid siren over a whole neighborhood just with a laptop, an SDR, and a decent antenna?
Theoretically, yes. And imagine the chaos that causes. If you do that in the middle of a busy city, everyone rushes to the shelters, traffic stops, people might get injured in the rush, and the emergency services get flooded with calls. It is a very effective tool for sowing discord. When Daniel mentioned nonsensical alerts, it could have been a few things. It could have been the actual system glitching under the pressure of thousands of incoming projectiles, or it could have been a targeted spoofing attempt to degrade public trust in the system.
That trust factor is so important. If people start getting fake alerts, they might start ignoring the real ones. It is the Boy Who Cried Wolf but on a national security scale. If I get three fake alerts in a week, am I going to run to the shelter on the fourth one? Maybe not.
Exactly. That is why the move toward five G Standalone networks is so critical. Five G introduces much more robust Secondary Authentication and better protection for broadcast messages. But as long as we have legacy support for older standards like two G and three G, that vulnerability window stays open. Attackers can use what is called a downgrade attack, where they jam the five G signal and force your phone to connect to their fake two G tower, which then sends the fake alert.
Let us move to the third part of Daniel’s prompt, which I think is really cool for the digital preppers out there. He asked if IoT devices with SIM cards can receive these alerts and if there is a way to use them for direct integration without the internet. He mentioned buying an IoT SIM for location tracking in his car. Could that car know there is an air raid siren and maybe even react to it?
This is a brilliant question, and it is where the DIY community can really shine. The answer is a resounding maybe, depending entirely on the hardware you are using. Most IoT devices use cellular modems, like those made by Quectel, u-blox, or SIMCom. These modems are essentially the same as the ones in your phone, but they are controlled via AT commands from a microcontroller like an Arduino, an ESP-thirty-two, or a Raspberry Pi.
So, can you just tell the modem to listen for Cell Broadcast messages? Is there a command for that?
Yes, there is. There is a specific AT command, usually AT plus CSCB, which stands for Select Cell Broadcast Message Types. If the modem and the firmware support it, you can configure the device to monitor the broadcast channel for specific message IDs. For example, in the United States, message ID four thousand three hundred seventy is the one for Presidential Alerts or Extreme Threats. In Israel, there are specific IDs for different regions.
So, you could build a device that sits in your house, has no Wi-Fi, no ethernet, just a cheap IoT SIM card, and it could trigger a physical siren or turn on your lights the second it hears that broadcast?
Absolutely. And that is where the meaningful redundancy Daniel mentioned comes in. If your home internet goes down because a fiber line was cut, or if the cellular data network is congested like we talked about earlier, your little IoT siren would still work because it is listening to that low-level broadcast channel on the control plane. It is a completely independent path from the cloud. You are not waiting for a server in Virginia to tell your smart home hub in Jerusalem to turn on the lights. You are getting the signal directly from the tower down the street.
I love that. It is like having a private, hardware-level connection to the national warning system. You are cutting out three or four potential points of failure. No DNS issues, no cloud outages, no app crashes.
You are cutting out the entire internet, Corn. That is the beauty of it. You are communicating directly with the radio tower. If I were building a redundant system, I would have my main alerts coming through the official app because it gives you more detail, like maps and specific instructions, but I would definitely have an offline backup using a cellular modem that triggers a physical alarm or a strobe light. For someone who is hard of hearing, for example, having a dedicated IoT device that flashes a bright red light the moment a Cell Broadcast is detected could be a literal lifesaver.
Could you use this for industrial applications? Like, if there is a red alert, can you automatically shut down a factory line or open the gates to a public shelter?
You could, and many places already do. In fact, many of the public sirens you hear in the streets are actually triggered by these types of radio or cellular broadcast systems. They do not rely on a guy sitting in a room pressing a button that sends an email. It is a high-priority, authenticated broadcast that triggers the hardware directly. For a small business or a community center, you could easily build a system using something like an ESP-thirty-two and a SIM-seven-thousand-six-hundred modem. You program it to listen for the Cell Broadcast, and when it hits, you trigger a relay that opens the electronic locks on a bomb shelter.
What about the SIM card itself? Daniel mentioned his IoT SIM. Does it need a special plan? Do you have to pay for the data used by the broadcast?
Usually, no. Cell Broadcast is free to receive. You do not even need an active data plan. As long as the SIM is registered on the network and the tower sees it, the device can listen to the broadcast channel. You could even use an expired SIM in some cases, although that is a bit more hit-or-miss depending on how the carrier handles unauthenticated devices. But for a few dollars a month, an IoT SIM gives you that peace of mind that the device is always connected and ready to listen.
So, if you are a digital prepper, you could get a bunch of cheap, low-power cellular modems, scatter them around your property or your community, and have a decentralized warning system that works even if the fiber lines are cut and the power is out, provided you have battery backups.
Precisely. And if you want to get really nerdy, you can use a modem that supports multiple carriers. That way, if one carrier’s tower is jammed or goes offline, your device can switch to another carrier and still listen for the same broadcast message. That is true redundancy. You are not just relying on one provider; you are relying on the entire cellular infrastructure of the country.
This really changes how I think about my phone. We usually see it as this window to the internet, this thing that needs a constant stream of data to be useful. But in these moments, it is actually a sophisticated radio receiver that is part of a massive, national-scale broadcast network. It is more like a high-tech walkie-talkie than a computer.
It is. And it is a reminder that sometimes, the old way of doing things, broadcasting a signal to everyone at once, is actually far more advanced and reliable than the new way of sending individual packets over the web. We have spent the last twenty years trying to make everything point-to-point and personalized, but in an emergency, personalization is the enemy of speed and scale. You want the message to be universal.
I think about the people who live in the Gaza Envelope or up north near the Lebanese border. For them, every second counts. If this technology gives them an extra five seconds because it avoids an internet bottleneck, that is a massive achievement of engineering. It is easy to complain about the loud, annoying sound the phone makes, but that sound is the result of thousands of pages of telecommunications standards all working together to save your life.
It really is. And I think we are going to see more of this. As we move into an era of more frequent climate disasters, like the hurricanes or tsunamis Daniel mentioned, these internet-independent systems are going to become the backbone of civil defense. We cannot rely on the cloud when the cell towers are the only things left standing. We need systems that are resilient at the physical and link layers of the network.
It is also a call to action for hardware and software developers. We need to make sure that emergency alerts are not just an afterthought in a menu somewhere. They should be a core feature of every connected device, from your car to your smart home system. Imagine if your car’s infotainment system automatically switched to the local emergency broadcast frequency the moment it received a Cell Broadcast alert.
I agree, though I am not sure I want my fridge screaming at me in the middle of the night. But my car? Absolutely. If I am driving at sixty miles an hour and an alert goes out, I want the car to tell me immediately, maybe even pull over or navigate me to the nearest public shelter using its offline maps. That is the kind of integration that actually makes a city smart.
That is the future of smart cities, I guess. Not just better traffic lights or faster public Wi-Fi, but a city that can shout to all its components simultaneously when things go wrong. A city that has a nervous system that does not fail when things get hectic.
And it all goes back to that fundamental engineering choice: broadcast versus point-to-point. In an emergency, you want the megaphone, not the telephone. You want the system that was designed to work when everything else is failing.
Well, I think we have covered a lot of ground here. We have looked at why Cell Broadcast is the king of reliability, the cyber risks of spoofing and jamming on legacy networks, and how you can actually build your own redundant systems using IoT hardware and some basic AT commands.
It has been a great deep dive. And it makes me feel a bit better knowing that even if the internet goes sideways, these radio waves are still out there, keeping us informed. It is a bit of invisible infrastructure that we often take for granted until we really need it.
Definitely. And hey, if you are listening and you have been enjoying My Weird Prompts, we would really appreciate it if you could leave us a review on your podcast app. Whether it is Spotify or Apple Podcasts, those ratings really help more people find the show and join our weird little community of tech enthusiasts and digital preppers.
Yeah, it genuinely makes a difference. We love seeing the feedback and the questions you guys send in. It keeps us on our toes and gives us an excuse to read through three GPP specifications on a Tuesday night.
You can find us at myweirdprompts dot com. We have an RSS feed there if you want to subscribe directly, and a contact form if you want to reach out with your own prompts. You can also email us at show at myweirdprompts dot com. We are always looking for new topics that bridge the gap between everyday life and deep technical weirdness.
We are available pretty much everywhere you listen to podcasts. So, thanks for tuning in to episode seven hundred thirty-three. It has been a pleasure as always.
Thanks for the prompt, Daniel. It was a very timely one for us here in Jerusalem. Stay safe out there, everyone, and maybe take a second to check your phone’s emergency alert settings tonight.
Until next time!
Goodbye!
