US 911 Emergency System Can Be Crippled By a Mobile Botnet

An anonymous reader writes: What would it take for attackers to significantly disrupt the 911 emergency system across the US? According to researchers from Ben-Gurion Univerisity of the Negev's Cyber-Security Research Center, as little as 200,000 compromised mobile phones located throughout the country. The phones, made to repeatedly place calls to the 911 service, would effect a denial-of-service attack that would made one third (33%) of legitimate callers give up on reaching it. And if the number of those phones is 800,000, over two thirds (67%) would do the same.

Phones shouldn't be able to auto dial a number

[PrescriptionWarning]

It seems to me the phone OS should require user input to initiate a call or send a text, even from an app, as the way to secure this issue.

They are wrong, it takes far fewer calls

The article is full of errors, due to the researchers not understanding how the 9-1-1 system works. It only takes a handful of calls, perhaps 3-4 to tie up all the trunks from one call source into the switch that handles 9-1-1 (the switch is called a "Selective Router"). By design, the total number of trunks into the 9-1-1 call center (PSAP) is greater than that, so a single call source can't tie up all the trunks. However, all the wireless carriers use the same two companies to connect their networks to the 9-1-1 networks, and the total number of trunks into the PSAP is usually less than the sum of the trunks from each of these sources. As a result, you need far fewer calls to tie up all the call takers. In a large city, these numbers are bigger, but it's still less than 100. Once you have all the call takers on calls, the next call get's a busy indication. When the call taker hangs up, a new call is presented to them. In the scenario given, if the number of TDoS calls is much greater than the number of legitimate calls, then the probability of a legitimate call getting through is small.

There isn't anything magic about running a DDoS/TDoS attack from a mobile network - they just imagined it would be easy to introduce malware into the Android/iOS systems. You could do it by attacking enterprise PBXs, or VoIP phones, or a cable phone network. Just about anywhere that there is a connection between the phone network and the Internet.

There is a redesign of the system, called NG9-1-1, that has mechanisms to address TDoS/DDoS. It's starting to be deployed, but the mechanisms that are defined aren't being implemented very well and they wouldn't be effective even if uniformly implemented well until we get a decent percentage of PSAPs on the new system.

Bet it takes a smaller botnet for Israel

[Righ]

Perhaps it's time for some American 'researchers' to publicise details on how simple it would be to DoS the Israel 100/101/102 emergency services.

Open Season, No Bag Limit

[sycodon]

It really should be Open Season with No Bag Limit on people running botnets of any kind.