How America’s 911 Emergency System Can Be Hacked
How America’s 911 Emergency System Can Be Hacked
September 7, 2016
The Washington Post — Critical to the success of the 911 emergency phone system, which has saved countless lives since it was first implemented in 1968, is its ability to quickly route calls to emergency responders closest to a caller.
But a group of researchers from BGU’s Cyber Security Research Center (CSRC) have found a way to effectively disable the 911 emergency system across an entire state simply by launching a TDoS attack, or telephony denial-of-service attack, against 911 centers.
Mordechai Guri
“An attacker can cause 33 percent of the nation’s legitimate callers to give up in reaching 911,” the researchers wrote in a paper they recently passed to the U.S. Department of Homeland Security.
A TDoS attack involves infecting mobile phones to cause them to automatically make bogus 911 calls — without their owners’ knowledge — thereby clogging call-center queues and preventing legitimate callers from reaching operators.
The BGU researchers say it would take just 6,000 infected smartphones in a geographical area to launch an attack sufficient to disrupt the 911 system throughout the entire state of North Carolina.
Yisroel Mirsky
“Because call centers and routers around the country often operate at near capacity under normal conditions, increasing the volume of calls by just a small percentage can overwhelm them,” says Mordechai Guri, head of research and development at the CSRC. Guri conducted the work with doctoral candidate Yisroel Mirsky and Prof. Yuval Elovici, head of the Center.
Prof. Yuval Elovici
To test their TDoS attack, the researchers built a simulated cellular network in their lab based on the 911 network in North Carolina. They chose the state because extensive information about its 911 network has been published.
They found that with just 6,000 infected phones, they could prevent more than 50 percent of wireless callers in the state from reaching 911, a feat that would be easily accomplished by sophisticated hackers.
To resolve the problem, the researchers say state authorities should make sure they have redundancy in 911 networks so that a single router can’t become a major point of failure in an attack.
In addition, federal authorities could tell carriers they no longer have to process calls from phones that aren’t attached to a service plan, which are untraceable and already a source of bogus prank 911 calls.
However, many legitimate 911 calls come from phones that are not on a carrier service plan. Domestic violence shelters and retirement centers, for example, often provide non-service phones to battered women so they can make emergency calls.
Whatever they choose to do, the researchers say, authorities need to act soon since it will only be a matter of time before attackers target 911 systems, if they haven’t already.
Read more on The Washington Post website >>
Stories Like This
