The scheme, developed by an 18-year-old in Arizona, reportedly affected emergency call centers in at least 12 states and operated as simple Javascript code. Apple’s fix relies on a change in the behavior of certain links in iOS 10.3. Now, tapping that same URL will result in a prompt showing the number and asking the user whether to call, whereas before it would have automatically dialed 911.
Apple told the Journal it is working alongside third-party app developers to ensure the exploit never manifests itself again on iOS in any capacity. While the company’s commitment to resolving the vulnerability is reassuring, it doesn’t change the reality that the wide majority of the United States’ 6,500 emergency call centers are still unprepared for another attack of this magnitude. Just 420 of those stations are equipped with the necessary cybersecurity protections — the rest are as susceptible now as they were last year.
The site in question that housed the malicious link was believed to have seen about 117,000 page views. With many of those clicks each producing a call — sometimes more than one, depending on how many times the user allowed their phone to repeatedly dial 911 before shutting down — the link quickly incapacitated emergency centers across multiple states as it was shared and retweeted. A Washington Post report that narrowly predated the attack speculated it could take as few as 200,000 devices, evenly distributed across the country, to “significantly disrupt 911 services around the nation,” based on findings from a team of researchers in Israel.
Editors' Recommendations
- U.S. carriers want to ruin your Android lock screen with advertisements
- Nothing Phone 1: Everything we know about Carl Pei’s next phone
- iOS 16’s new Lockdown Mode takes iPhone security to the max
- Apple may be forced to change iMessage forever, thanks to new EU ruling
- Apple reusing old chips on iPhone 14 and iPhone 15 might actually be a good thing
