911, the emergency telephone number for the North American Numbering Plan (NANP) can be hacked through a simple Telephone Denial of Service or TDoS attack — Did you see that coming?

911 is a famous emergency phone system that has saved plenty of lives over the years. It was established in 1968 for the purpose of routing calls as quickly as possible to the nearest emergency responder.

On paper and in theory, this system appears foolproof and secure. However, a group of researchers from Ben-Gurion University, Israel, identified that it was possible to hack this system and disable it within an entire state for a prolonged time span through a simple Telephone Denial of Service or TDoS attack.

According to the research group’s findings, if bogus 911 calls are made through infected mobile phones to clog call center queues, this forces authentic callers to wait. The team believes that only 6,000 infected smartphones can do the trick in any given state while if there are 200,000 infected mobile phones then it would be possible to compromise 911 services in the entire USA. This doesn’t seem like a unachievable task for malicious threat actors or cyber-criminals.

The 911 system is considered to be critically important infrastructure by the federal government along with power grid, dams and water treatment plants. Mobile phones play a key role in the above-mentioned trick and it is a fact that among the 240 million calls made to 911’s 7,000 call centers annually, about 70% come from mobile phones.

The team also identified that the tactics could be used for days with techniques that will prevent authorities from stopping the fake calls. This would make the situation even worse as legitimate callers would find it difficult to get their calls answered. The team stated that:

“Under these circumstances, an attacker can cause 33 percent of the nation’s legitimate callers to give up in reaching 911.”

The research findings were documented by the team in a paper, which has been passed on to the Department of Homeland Security (DHS) and also made public yesterday.

DHS sent a copy of the research paper [PDF] to Trey Forgety, the National Emergency Number Association’s director of government affairs, who stated that:

“We believe the researchers have accurately characterized the problem” pertaining to the 911 system, “we actually believe that the vulnerability is, in fact, worse than [the researchers] have calculated.”

According to Ben-Gurion University’s Cyber Security Center’s R&D head and Morphisec Endpoint Security’s chief scientist, Mordechai Guri, the reason is that call centers and routers within any particular geographic location operate at a particular capacity. If the volume of the calls gets increased even by a small margin, it is possible to disrupt the whole system.

It must be noted that the research has been conducted by Guri in collaboration with the center’s head Prof. Yuval Elovici and Yisroel Mirsky.

The 911 system has an extremely limited call capacity; in some cases, only 3 to 5 circuits are available to process incoming 911 calls for a certain 911 call center.

According to Forgety, any hacker can overwhelm three to five circuits and “I can do it with a pocketful of cellphones.”

To disrupt the 911 system, a hacker needs to create a botnet of phones by infecting mobile phones with the same malware that lets an attacker control the devices. To infect a device, the attacker has to send the malware as an email attachment to text message. The attacker may also embed the malicious code in any application that the users of a mobile phone would feel interested in downloading and installing on their phones.

Afterward, the hacker can send commands to the infected mobile phones via the internet or through secret text messages asking the device to repeatedly call 911. Since the firmware is responsible for initiating the calls and not the operating system, therefore, the calls can occur silently in the background and the owner might never notice. The call record will not even appear in the phone’s log.

But a 911 system carrier can stop such an attack by blacklisting phones that repeatedly call 911. This can be done using the International Mobile Subscriber Identity (IMSI) number, which is stored in the SIM card of the phone or via the unique International Mobile Equipment Identity (IMEI) number, which is assigned to every mobile device while it is under production.

However, if the IDs are modified with each call, then the blacklisting method won’t work, opines the research team.

Researchers believe that the problem can be partially resolved by ensuring that there is redundancy in 911 networks. This won’t let a single router become a major point of disruption when such an attack is launched.

Moreover, authorities can ask carriers to not process calls that aren’t linked with a service plan.

The FBI, U.S. Department of Homeland Security, and other federal and state agencies have issued public warnings citing increases levels of TDoS attacks agains public and private organizations, click here to go through all.

ViaTWP

SourceBGU

Research Paper (Pdf)Arvix

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.