A few weeks ago, a group of researchers from Ben-Gurion University of the Negev’s Cyber-Security Research Center demonstrated how it is possible to significantly disrupt the US’ 911 emergency call system.
An attacker could use a botnet of compromised mobile devices located throughout the country to knock the 911 service offline in an entire state for entire days.
Another possibility for the attackers is to thousands of smartphones that could be used to power a massive TDoS attack.
Such kind of attacks could be very dangerous for the population, due to the interruption of a public service.
News of the day is that an 18-year-old man from Arizona, Meetkumar Hiteshbhai Desai, was arrested this week because he is suspected for the severe disruption of 911 service.
The youngster used one of his iOS exploits to compromise mobile devices to gain full control of them.
“Surprise PD had believed that the calls were coming from smart phones and tablets. A link through Twitter was believed to be the cause of people’s phones dialing 911 over and over and not allowing them to hang up. Cyber Crimes Detectives found a Twitter account with about 12,000 followers which encouraged followers to click on the link to see the latest post” reads a press release from the Cyber Crimes Unit of Maricopa County Sheriff’s Office.
“This webpage domain was hosted out of San Francisco, California and ultimately sheriff’s detectives were able to shut it down to stop the potential immediate threat to the 911 emergency systems which could have possibly been compromised if enough users had clicked on the link.”
After being notified of disruption to the 911 service in the Phoenix area, the police immediately launched an investigation monitoring Meet online activity. Law enforcement discovered the way he powered the attack against the 911 service.
When Meet was arrested, he explained to Sheriff’s detectives that he was trying to find out bugs and malware that could be used to hack into Apple smartphone. He was interested in the bug bounty program of the company.
Desai explained he was uploading a script that simply displayed pop-ups and caused iOS devices to reboot, but he mistakenly published the link to force iOS devices to dial 911 service and hang up continually.
Mobile users clicking on the link triggered the exploit and their mobile devices started calling the 911 service non-stop, in this way the 911 call center was flooded with more than 100 hang-up calls is a few minutes earlier this week.
Desai risks fifteen years in prison, five years per Class 2 Felony count.
(Security Affairs – TDoS , cybercrime)