911 Exploit Could Have Caused Grave Problems Across the US
Apple promises to fix a 911 exploit soon.
Back in October, an iOS exploit caused thousands of iPhones to dial 911 without user input. The situation got so bad that some U.S. call centers almost went offline. These are the findings of a four-month government investigation, according to The Wall Street Journal.
Under the headline, “The Night Zombie Smartphones Took Down 911,” the report notes that for at least 12 hours between Oct. 25 and Oct. 26, 911 call centers in at least a dozen U.S. states experienced “what investigators now believe was the largest-ever cyberattack on the country’s emergency-response system.”
In total, an exploit found through a Google link clicked on by Twitter users caused 117,502 bogus 911 calls. This problem only happened on iPhones; devices not made by Apple and personal computers weren’t affected.
The report notes:
Federal and state officials have worried that America’s aging 911 system is vulnerable to hackers. The October cyberattack confirmed those fears and sent investigators scrambling to answer two questions: Who launched it? And why?
In the U.S. there are 6,500 911 call centers. Only 420 of these have implemented a cybersecurity program designed to protect them from these type of attacks. As Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group, explains:
If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly. This was a serious wake-up call.
Apple promises to release a software update soon that will eliminate the 911 exploit that caused the issue.
The update will cause a “cancel” or “call” pop-up to appear on the iPhone screen, and users will be required to press “call” before the iPhone will dial, according to Apple.
“The ability to dial and reach a 911 operator quickly is critical to public safety,” the company said. “The dialing feature in this instance was intentionally misused by some people with no regard for public safety. To prevent further abuse, we’re putting safeguards in place and have also worked with third-party app developers to prevent this behavior in their apps.”
While Apple’s decision to push out an update is a step in the right direction, it’s obvious more must be done. At the minimum, it’s time all U.S. call centers implement the cybersecurity program found here.
