Researchers have shown that a theoretical botnet requiring a limited number of resources could potentially disable the ability to access the 911 emergency services network. Though this type of attack has yet to be seen, it could have catastrophic consequences were it ever carried out.
The research was conducted by experts at the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel.
When anyone anywhere in the U.S. calls 911, the call is is automatically connected to the enhanced 911 (e911) network. The call is then routed to the nearest public answering point that dispatches police, firefighters, and EMTs.
In the scenario described by researchers, a network of phones infected with a specific type of malware would be triggered to automatically call 911 on repeat. The volume of calls would quickly overwhelm one or multiple public answering points and essentially make it impossible for anyone else to contact emergency responders to request assistance.
Several features of this kind of distributed denial of service (DDoS) attack exacerbate the threat. First and foremost is the relatively small number of phones required to mount the attack. The researchers estimate that it would only take 6,000 infected phones to seriously disrupt services state wide in an area the size of North Carolina. It would only take an estimated 200,000 phones to disrupt the entire nationwide network.
Recognizing and stopping this type of attack is a challenge due to specific FCC regulations that require wireless carriers to automatically forward 911 calls without first identifying the caller and verifying their subscription status. It is also possible to integrate audio into the malware so that dispatchers don’t immediately know if a call is real or fake. As a result, it is very difficult to blacklist phones determined to be infected.
Finally, the particular type of malware used resides in the phone’s baseband processor. This makes it especially difficult to detect and remove. Anyone willing to carry out this type of attack could begin systematically infecting phones with little risk of being caught.
This is not the first time this type of attack has been acknowledged, and some experts are quick to point out that while it is possible, it is neither eminent nor likely. Motivated attackers would need to carry out a coordinated long-term strategy in order to make it viable.
However, the risk is great enough that the Department of Homeland Security awarded the University of Houston a $2.6 million grant last year to develop technology designed to insulate emergency responder networks from DDoS attacks.