Back in October, In Arizona, it was reported to police that a teenager named Meeth-Kumar Hiteshbhai Desai created an exploit using some Javascript which in turn could trigger several emergency calls to 911. The volume of calls made to one of the 911 centers put it in immediate danger of losing service. Two other centers were also at risk, but now a detailed investigation reveals that the iOS exploit is a grave cyber security threat.
Initially, it was believed that the exploit resulted in a few hundreds of calls, but the Report now reveals that once this link was clicked, it trigger the iOS calling feature which in turn dialed 911 once. The exploit link was clicked on 117,502 times.
The WSJ reports that the Law enforcement officials and 911 experts fear that any targeted attack using the same technique could prove devastating.
“If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly,” says Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group.
According to the report, this teenager created a link (exploit) and shared it on twitter which caused very severe threat for 911. 18-Year old is now charged with 3 felonies including Computer tampering for creating and exploiting iOS and hosting it on the social media.
420 out of 6,500, 911 call centers have implemented Cyber Security program to protect from any such attack/exploitation.
“I don’t want to be alarmist, but it’s an emerging crisis,” says retired Rear Adm. David Simpson, who oversaw emergency management and cybersecurity at the FCC for about three years during the Obama administration […]
Last year, researchers at Ben-Gurion University in Israel concluded that fewer than 6,000 smartphones infected with malicious software could cripple the 911 systems in an entire state for days.
After the attack was traced and MCSD tracked that this attack was caused by a link tweeted on social media. Hence, they arrested social a/c owner and tagged as the culprit. When interrogated, he claimed that this code(exploit) was just created to expose the apple security flaws and to claim the bounty.
Apple told WSJ that a fix is on the way:
Apple says a forthcoming system update to the iPhone will plug the loophole that made the attack possible. The update will cause a “cancel” or “call” pop-up to appear on the iPhone screen, and users will be required to press “call” before the iPhone will dial, according to Apple.