Slashdot Mirror

← Back to Stories (view on slashdot.org)

Teenager Accidentally Launches DDoS Attack On 911 Systems (softpedia.com)

Posted by EditorDavid on from the think-different dept.

A Phoenix teenager mistakenly tweeted a link to JavaScript exploit which forced iOS devices to automatically dial and re-dial 911. An anonymous reader quotes Softpedia: The teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups. The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
In September researchers calculated just 6,000 smartphones can take down an entire state's 911 system, while more than 1,849 people clicked on this link, according to the article. Sheriff Joe Arpaio's office searched the teenager's home -- "several items were seized" -- and they've charged him with three felony counts for computer tampering.

5 of 152 comments (clear)

  1. Accidentally? by danhuby · · Score: 5, Insightful

    Accidentally? Seems really unlikely. I'd like to see the code to see how that was possible.

    1. Re:Accidentally? by Anonymous Coward · · Score: 5, Insightful

      The difference between "accidental" and "just for fun" is that the perpetrator didn't think he'd be punished for his prank. Calling 911 in this manner is generally considered a crime.

    2. Re:Accidentally? by 93+Escort+Wagon · · Score: 4, Insightful

      What's supposed to happen (on iOS anyway) is that an attempt to do this triggers a popup asking you to confirm that you wish to dial the number - specifically because of past problems like this.

      So while I doubt his story with regards to "accidentally" doing this - he did deliberately sent out an exploit to 1400 of his dearest friends, just not the one he may have intended to send - he certainly did discover a significant bug.

      On a side note... instead of jumping right to pressing felony charges against the guy - whatever happened to making stupid kids perform lots of community service time as payback for doing stupid things? Two or three hundred hours of working hard would still accomplish "deterrence", and also accomplish some good for the kid's community, without likely screwing up the rest of his life.

      --
      #DeleteChrome
  2. Charge Apple with contributory neglegence? Morris by davidwr · · Score: 5, Informative

    After all, if it weren't for that bug bounty enticing him....

    Seriously, this guy needs a firm slap on the wrist and a year or two of probation, not prison time.

    When it comes to carelessness, this ranks up there with the Robert T. Morris Sendmail worm of 1988. Heck, I'd hold Morris to a higher standard than this guy since he (Morris) was a graduate student at the time and presumably knew what he was doing more than Desai.

    By the way, Morris was elected Fellow of the ACM in 2014.

    References:

    https://scholar.google.com/sch...

    http://awards.acm.org/award_wi...

    And the not-always-reliable reference, Wikipedia:

    https://en.wikipedia.org/w/ind...

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  3. Punishing the wrong person. by Gravis+Zero · · Score: 4, Insightful

    What this teenager did was bring attention to a bug that never should have existed to start with. If they want to blame anyone, they should be blaming Apple for allowing it even be possible. But hey, they didn't hire cops for their intelligence. -_-

    --
    Anons need not reply. Questions end with a question mark.