“We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention,” Ben Lovejoy reports for 9to5Mac. “It was said then that the volume of calls meant one 911 center was in ‘immediate danger’ of losing service, while two other centers had been at risk – but a full investigation has now concluded that the incident was much more serious than it appeared at the time.”
“It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call,” Lovejoy reports. “The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating.”
Read more in the full article here.
“Last year, researchers at Ben-Gurion University in Israel concluded that fewer than 6,000 smartphones infected with malicious software could cripple the 911 systems in an entire state for days,” Ryan Knutson reports for The Wall Street Journal. “By directing phones to call all at once, the 911 systems would be overwhelmed and operators would be unable to answer legitimate calls, according to the researchers.”
“‘If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly,’ says Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group. ‘This was a serious wake-up call,'” Knutson reports. “Investigators believe the Google link [spread via tweets on Twitter] was clicked on 117,502 times. Each click triggered the person’s iPhone to dial 911 numerous times, though callers could press their hang-up button before connecting with a 911 center. Smartphones not made by Apple and personal computers weren’t affected.”
“Hanging up caused the iPhone to dial 911 again, each time a few milliseconds faster than before. The loop could be stopped only by turning off the phone,” Knutson reports. “Apple says a forthcoming system update to the iPhone will plug the loophole that made the attack possible. The update will cause a ‘cancel’ or ‘call’ pop-up to appear on the iPhone screen, and users will be required to press ‘call’ before the iPhone will dial, according to Apple.”
Read more in the full article here.
MacDailyNews Take: Good that this iOS issue been identified and is being corrected without any deaths or serious injuries caused by emergency-response delays during the 911 deluge.
This doesn’t seem to be a current exploit. . . but one that occurred last October and has been fixed. This is a warning about what could occur if such an exploit were repeated to call 911 on a massive scale.
Wonder what the tweet said that made enough people curious enough to click a strange link.
If it happened in October, the most obvious subject would be something to do with one of the candidates for the US election. You only have to look at what happens on MDN if there is any mention of the ‘T’ word in a headline.
We reported back in October on an iOS exploit…
OCTOBER!? And we’re still waiting for Apple to patch the problem.
I’ve been having to use my Apple Prod far too often lately. 😤