According to researchers at Israel’s Ben-Gurion University, they have discovered a way to disable the emergency system across an entire state for an extended period using a telephony denial of service (TDoS) attack targeting 911 call centers. Since 1968, the emergency infrastructure relies on routing and connecting 911 calls to nearby public call centers, known as public safety answering points (PSAP). However, a hacker could cause mobile phones to call 911 automatically without a user’s knowledge, essentially clogging up the PSAP’s queues and preventing legitimate callers from reaching the service. Discussing possible solution to prevent or minimize the impact of possible attack, researchers said a mandatory “call firewall” could be implemented to identify and block DDoS activities. Another solution would have PSAPs implement “Priority Queues” that would priories callers with more reliable identifiers when connecting someone to a call-taker. However, the biggest issue lies in the current regulations set in place by the FCC.
I found this article interesting because these researchers discovered the issue before the loss happens. It might save millions of lives. Even hackers don’t attack every 911 call centers, if he/she is a criminal who kidnap a person, he/she can attack the nearest center to prevent victim to contact 911. The author also gives explanation of DDos, hackers attempt to overload a website’s connections by sending in data requests from multiple sources. Making a DDoS attack-known as “dosing”-is relatively simple. Botnets are available to hire on websites not reachable via dark web. Therefore, I hope FCC can pay enough attention on this and fix it as soon as possible.
Link: http://www.ibtimes.co.uk/us-911-emergency-phone-system-vulnerable-ddos-attacks-say-researchers-1580674
Mengxue,
Awesome article! I read somewhere before that the 911 systems being used across the country are very outdated and susceptible to attack. I even read that some systems aren’t even able to properly track a caller in dire need unable to give a location! The nature of 911 calls is necessary for the government to think on how to get these systems up to par to today’s technology.
Wow. This is a classic example of how too much or too little security can impact availability of systems. If they implemented all of the blacklisting and dropped callers that are compromised by bots, they could end up dropping callers that are in legitimate need. On the other hand, if you do not defend against the attack, you could be putting many more citizens at risk in the event of an emergency.
Upgraded systems and security is definitely needed here, but it’s extremely important that they do not over secure the solution to the extent that it impacts access to these emergency services.