Quantcast
Connect with us

This shocking report shows hackers can make it impossible for you to dial 911

Published

on

It’s not often that any one of us needs to dial 911, but we know how important it is for it to work when one needs it. It is critical that 911 services always be available – both for the practicality of responding to emergencies, and to give people peace of mind. But a new type of attack has emerged that can knock out 911 access – our research explains how these attacks occur as a result of the system’s vulnerabilities. We show these attacks can create extremely serious repercussions for public safety.

ADVERTISEMENT

In recent years, people have become more aware of a type of cyberattack called “denial-of-service,” in which websites are flooded with traffic – often generated by many computers hijacked by a hacker and acting in concert with each other. This happens all the time, and has affected traffic to financial institutions, entertainment companies, government agencies and even key internet routing services.

A similar attack is possible on 911 call centers. In October, what appears to be the first such attack launched from a smartphone happened in Arizona. An 18-year-old hacker was arrested on charges that he conducted a telephone denial-of-service attack on a local 911 service. If we are to prevent this from happening in more places, we need to understand how 911 systems work, and where the weaknesses lie, both in technology and policy.

Understanding denial of service

Computer networks have capacity limits – they can handle only so much traffic, so many connections, at one time. If they get overloaded, new connections can’t get through. The same thing happens with phone lines – which are mostly computer network connections anyway.

So if an attacker can manage to tie up all the available connections with malicious traffic, no legitimate information – like regular people browsing a website, or calling 911 in a real emergency – can make it through.

This type of attack is most often done by spreading malware to a great many computers, infecting them so that they can be controlled remotely. Smartphones, which are after all just very small computers, can also be hijacked in this way. Then the attacker can tell them to inundate a particular site or phone number with traffic, effectively taking it offline.

ADVERTISEMENT

Many internet companies have taken significant steps to guard against this sort of attack online. For example, Google Shield is a service that protect news sites from attacks by using Google’s massive network of internet servers to filter out attacking traffic while allowing through only legitimate connections. Phone companies, however, have not taken similar action.

Addressing the 911 telephone system

Before 1968, American emergency services had local phone numbers. People had to dial specific numbers to reach the fire, police or ambulance services – or could dial “0” for the operator, who could connect them. But that was inconvenient, and dangerous – people couldn’t remember the right number, or didn’t know it because they were just visiting the area.

The 911 system was created to serve as a more universal and effective system. As it has developed over the years, a 911 caller is connected with a specialized call center – called a public safety answering point – that is responsible for getting information from the caller and dispatching the appropriate emergency services.

ADVERTISEMENT

These call centers are located in communities across the country, and each provides service to specific geographic regions. Some serve individual cities, while others serve wider areas, such as counties. When telephone customers dial 911 on their landlines or mobile phones, the telephone companies’ systems make the connection to the appropriate call center.

To better understand how denial-of-service attacks could affect 911 call systems, we created a detailed computer simulation of North Carolina’s 911 infrastructure, and a general simulation of the entire U.S. emergency-call system.

ADVERTISEMENT

Investigating the impact of an attack

After we set up our simulation, we attacked it to find out how vulnerable it is. We found that it was possible to significantly reduce the availability of 911 service with only 6,000 infected mobile phones – just 0.0006 percent of the state’s population.

Using only that relatively small number of phones, it is possible to effectively block 911 calls from 20 percent of North Carolina landline callers, and half of mobile customers. In our simulation, even people who called back four or five times would not be able to reach a 911 operator to get help.

Nationally, a similar percentage, representing just 200,000 hijacked smartphones, would have a similar effect. But this is, in a certain sense, an optimistic finding. Trey Forgety, the director of government affairs for the National Emergency Number Association, responded to our findings in the Washington Post, saying, “We actually believe that the vulnerability is in fact worse than [the researchers] have calculated.”

ADVERTISEMENT

Policy makes the threat worse

These sorts of attacks could, potentially, be made less effective if malicious calls were identified and blocked at the moment they were placed. Mobile phones have two different kinds of identifying information. The IMSI (International Mobile Subscriber Identity) is the phone number a person must call to reach that phone. The IMEI (International Mobile Station Equipment Identity) is used to track the specific physical device on the network.

A defense system could be set up to identify 911 calls coming from a particular phone that has made more than a certain number of 911 calls in a given period of time – say more than 10 calls in the last two minutes.

This raises ethical problems – what if there is a real and ongoing emergency, and someone keeps losing phone reception while talking to a dispatcher? If they called back too many times, would their cries for help be blocked? In any case, attackers who take over many phones could circumvent this sort of defense by telling their hijacked phones to call less frequently – and by having more individual phones make the calls.

But federal rules to ensure access to emergency services mean this issue might be moot anyway. A 1996 Federal Communications Commission order requires mobile phone companies to forward all 911 calls directly to emergency dispatchers. Cellphone companies are not allowed to check whether the phone the call is coming from has paid to have an active account in service. They cannot even check whether the phone has a SIM card in place. The FCC rule is simple: If anyone dials 911 on a mobile phone, they must be connected to an emergency call center.

ADVERTISEMENT

The rule makes sense from a public safety perspective: If someone is having (or witnessing) a life-threatening emergency, they shouldn’t be barred from seeking help just because they didn’t pay their cellphone bill, or don’t happen to have an active account.

But the rule opens an vulnerability in the system, which attackers can exploit. A sophisticated attacker could infect a phone in a way that makes it dial 911 but report it does not have a SIM card. This “anonymized” phone reports no identity, no phone number and no information about who owns it. Neither the phone company nor the 911 call center could block this call without possibly blocking a legitimate call for help.

The countermeasures that exist, or are possible, today are difficult and highly flawed. Many of them involve blocking certain devices from calling 911, which carries the risk of preventing a legitimate call for help. But they indicate areas where further inquiry – and collaboration between researchers, telecommunications companies, regulators and emergency personnel – could yield useful breakthroughs.

For example, cellphones might be required to run a monitoring software to block themselves from making fraudulent 911 calls. Or 911 systems could examine identifying information of incoming calls and prioritize those made from phones that are not trying to mask themselves. We must find ways to safeguard the 911 system, which protects us all.

ADVERTISEMENT

The Conversation

By Mordechai Guri, Head of R&D, Cyber Security Research Center; Chief Scientist, Morphisec endpoint security, Ben-Gurion University of the Negev; Yisroel Mirsky, Ph.D. Candidate in Information Systems Engineering, Ben-Gurion University of the Negev, and Yuval Elovici, Professor of Information Systems Engineering, Ben-Gurion University of the Negev

This article was originally published on The Conversation. Read the original article.


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Pelosi claims enough evidence to impeach Trump — but suggests more witnesses may testify

Published

on

House Speaker Nancy Pelosi believes congressional investigators have uncovered enough evidence to impeach President Donald Trump -- but she suggested their inquiry isn't finished.

The California Democrat told reporters Thursday that Trump had obviously abused his office by attempting to pressure Ukraine into investigating political rival Joe Biden.

"The evidence is clear that the president -- the president -- has used his office for his own personal gain," Pelosi said.

Pelosi lamented that "Republicans are in denial about the facts," saying "the sad tragedy of all of this is the behavior of the president and the defense of that behavior by the Republicans.”

Continue Reading

Breaking Banner

Former conservative insider reveals the terrifying right-wing media bubble protecting Trump from impeachment

Published

on

David Frum, a former speechwriter for President George W. Bush and a one-time insider in the conservative movement, explains in his latest column for The Atlantic how President Donald Trump is being saved from impeachment by a right-wing media ecosystem that doesn't allow its viewers to hear any contradictory facts.

In particular, Frum points to Rep. Devin Nunes's (R-CA) bizarre, conspiratorial rants during the impeachment inquiry to demonstrate the astonishing power that right-wing misinformation has on American political discourse.

Continue Reading
 

Breaking Banner

Nearly everyone Trump touches eventually becomes a witness against his crimes: former NY assistant attorney general

Published

on

According to the former assistant attorney general for the state of New York, virtually anyone who comes in close contact with Donald Trump has the potential to be a witness against him one day because, in the long run, he treats everyone poorly.

Writing at the Washington Post, Tristan Snell -- who led the investigation against Trump that eventually led to a $25 million settlement between President Trump and students of his now-shuttered Trump University --  said Trump has a history of leaving disgruntled staffers and aides in his wake.

Continue Reading
 
 

Happy Holidays!

As a special thank you from all of us at Raw, we're offering Raw Story ad-free for 15% off - just $2 per week. Now 'til Dec. 31st.
Offer Expires In:
close-link