Researchers from the Ben-Gurion University have identified an effective mechanism that could cripple the USA emergency phone service.
The 911 Emergency Service Can Be Compromised
The three researchers from the Negev Cyber security center at the Ben-Gurion University in Israel have identified an effective mechanism that could potentially disable the 911 emergency service in the USA. This is one of the 16 critical infrastructure sectors of the country and as such this is a very dangerous exploit.
Their analysis shows that the service can be compromised by launching a massive DDOS attack. The 911 calls are redirected to the nearest public call center distributed over the USA. By standard, all emergency calls have to be accepted by the operators.
The botnet attack can be used with a Trojan malware that can mask the phone’s IMSI (International Mobile Subscriber Identity) to only show the International Mobile Station Equipment Identity (IMSEI) numbers. This is used to cloak the origin of attacks and to counter and blacklists that the public call centers may have placed in their system. An infection with a rootkit like this one can execute repeated phone calls to the emergency service that cannot be blocked by the network.
The public system cannot legally add serious countermeasures against these types of attacks because such an effect would prohibit legitimate calls as well. The statistics show that about 200 thousand infected devices could potentially compromise the emergency service across the entire country. The researchers have used a discrete event simulator (DES) and Samsung phones to test the scenario.
Attacks of this kind can be prevented by storing the IMSI numbers in the trusted memory region of the phone. Such measures can be used to counter malicious modifications.
Research likes this shows that massive botnets could damage even the most critical infrastructure. For more information you can read the research paper titled 911 DDoS: Threat, Analysis and Mitigation.