{"id":266601,"date":"2016-09-09T22:18:13","date_gmt":"2016-09-09T22:18:13","guid":{"rendered":"http:\/\/rinf.com\/alt-news\/newswire\/911-calls-vulnerable-to-hackers-researchers-find-no-good-way-to-prevent-attacks\/"},"modified":"2016-09-09T22:18:13","modified_gmt":"2016-09-09T22:18:13","slug":"911-calls-vulnerable-to-hackers-researchers-find-no-good-way-to-prevent-attacks","status":"publish","type":"post","link":"http:\/\/rinf.com\/alt-news\/newswire\/911-calls-vulnerable-to-hackers-researchers-find-no-good-way-to-prevent-attacks\/","title":{"rendered":"911 calls vulnerable to hackers; researchers find no good way to prevent attacks"},"content":{"rendered":"

When people call 911, they expect a fast response to their emergencies. Hackers can use networked cellphones to attack and disrupt the 911 system for the entire US, however \u2012 and do it using less than $3.5 million worth of hardware, a new study has found.<\/p>\n

\n

Researchers at Israel\u2019s Ben Gurion University tested just how vulnerable the US 911 system is to anonymized distributed denial of service (DDoS) attacks launched from a mobile phone botnet by launching just such an attack in North Carolina.<\/p>\n

\n

Read more<\/p>\n


\n \"\u00a9\u00a0Yuri
\n <\/a>\n<\/div>\n

\u201cWe found that with less than 6K bots (or $100K hardware), attackers can block emergency services in an entire state (e.g., North Carolina) for days,\u201d <\/em>they wrote in a paper<\/a> that they previously passed to the US Department of Homeland Security and released publicly on Friday. \u201cIn this scenario, a caller would wait an additional 45sec-3min… and call an average of three times to get emergency service.\u201d<\/em><\/p>\n

It wouldn\u2019t take much to go from affecting the state to affecting the entire US, either.<\/p>\n

\u201cAt the country-level, we found that as little as 200,000 bots, distributed across the population of the US, is enough to significantly disrupt 911 services across the US,\u201d<\/em> the researchers wrote. \u201cThis means that an attacker only needs to infect ~0.0006% of the country\u2019s population in order to successfully DDoS emergency services… Under these circumstances, an attacker can cause 33% of the nations\u2019 legitimate callers to give up in reaching 911.\u201d<\/em><\/p>\n

The result would be similar to what the residents of New York City faced during the September 11, 2001 terrorist attacks due to the large volume of calls to 911, they noted, \u201cwhich, in effect, caused the population to generate a DDoS attack on New York City\u2019s telephony network by collectively dialing 911.\u201d<\/em><\/p>\n

In their paper, the researchers discussed ways in which \u201can anonymous, unblockable 911-DDoS attack from mobile phones\u201d<\/em> might be launched. They then proceeded to carry out such an attack \u201con a small cellular network,\u201d<\/em> followed by a simulated attack \u201con a reconstruction of actual E911 infrastructure,\u201d<\/em> which they based on \u201creal call volume statistics, network topologies, and configurations.\u201d<\/em> From there, they analyzed the weaknesses of the current 911 network and measured the number of bots required to accomplish such an attack.<\/p>\n

They also discussed ways in which a DDoS attack might be prevented or, at the very least, its effects lessened. The biggest problems with the current set up \u2012 including rules put in place by the Federal Communications Commission (FCC) \u2012 are that 911 call centers, called public-safety answering points or PSAPs, \u201chave no built-in way of blacklisting callers. Therefore, in the face of a large attack, they would have no choice but to answer each and every call,\u201d<\/em> the researchers wrote. \u201cEven with a blacklisting system in place, the owner of an infected device would be blocked from legitimately receiving emergency services, even in a time of need.\u201d<\/em><\/p>\n

So even if PSAPs had the technology to prevent such an attack, there would be ethical and legal reasons not to do so. People must be able to get through to 911 from their mobile phones, even if their cells are infected with a bot performing a DDoS attack, for instance. Making sure there is a human on the other end by having the caller press certain buttons \u2012 similar to \u2018captcha\u2019, a process used on the internet to make sure a purchaser or commenter isn\u2019t a bot \u2012 is an already-existing preventative measure, but \u201cmay still lead to an overload in the network if there are too many bots.\u201d<\/em><\/p>\n

Of the mitigating measures that the researchers tried, \u201cCall Firewall was the most effective since it minimizes the load on the network and the consumption of PSAP trunks. However, this solution must be implemented in a trusted layer of the mobile phone,\u201d<\/em> they wrote. Other options, like blocking \u201ccallers who abuse 911 (e.g. prank callers) by implementing and enforcing a Blacklist DDoS of Callers\u201d<\/em> won\u2019t work because prank callers can still have legitimate emergencies, while silence detection is problematic for the deaf community or for people in unsafe situations who can\u2019t respond to questions from the call center.<\/p>\n

\u201cAs a last resort, law enforcement can Locate [and] Collect the DDoS Devices,\u201d<\/em> the researchers wrote. \u201cThis approach is not effective because locating a device is a joint effort between the police and the PSAP staff that can take anywhere between 30 minutes and 30 hours requiring a lot of the police and PSAP staff\u2019s time.\u201d<\/em><\/p>\n

In North Carolina alone, they estimated, it would take law enforcement more than a week to capture the majority of an attack based on 6,000 bots.<\/p>\n<\/div>\n

Via RT<\/a>. This piece was reprinted by RINF Alternative News<\/a> with permission or license.<\/p>\n","protected":false},"excerpt":{"rendered":"

When people call 911, they expect a fast response to their emergencies. Hackers can use networked cellphones to attack and disrupt the 911 system for the entire US, however \u2012 and do it using less than $3.5 million worth of hardware, a new study has found. Researchers at Israel\u2019s Ben Gurion University tested just how […]<\/p>\n","protected":false},"author":1,"featured_media":264506,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[519],"tags":[],"class_list":{"0":"post-266601","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-newswire"},"_links":{"self":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts\/266601","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/comments?post=266601"}],"version-history":[{"count":0,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/posts\/266601\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/media\/264506"}],"wp:attachment":[{"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/media?parent=266601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/categories?post=266601"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/rinf.com\/alt-news\/wp-json\/wp\/v2\/tags?post=266601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}