Repeated calls to the 911 emergency number may be cause for an emergency in and of itself. Last October, an iOS exploit resulted in a number of iPhones dialing 911 over and over again without any user input. For 12 hours on October 25 and October 26, at least 12 states including California, Florida, and Texas saw what is now said to be “the largest-ever cyberattack on the country’s emergency-response system,” according to a new report from The Wall Street Journal.
The 911 system has been in place for nearly five decades, first becoming the official emergency number of the United States in 1968. And with the age of the technology comes fears of its weaknesses, and the October cyberattack served only to underscore those concerns. “I don’t want to be alarmist, but it’s an emerging crisis,” retired Rear Adm. David Simpson told the Journal. For three years, Simpson oversaw emergency management and cybersecurity at the FCC during the Obama administration.
It now appears that the thousands of 911 calls received during that short time frame in October can be traced back to one tweeted link, which set off the iPhone exploit. That tweeted link was clicked on 117,502, and each time someone clicked, it led to a 911 call. Worse still, if users hung up their iPhones, the hack would just force another 911 call — the only way to stop it was to turn off the device completely.
“It was hard for investigators to trace the cyberattack as it cascaded across the country,” the Journal reported. “Twitter users who saw the link shared it with their followers, who shared it with their followers, turning the malware into a runaway virus.” The concern now, of course, is that another more targeted attack using the same technique could present a huge problem.
While there are 6,500 911 call centers across the country, just a small fraction of them (420 to be exact) have a cybersecurity defense that would protect against this sort of hack. Luckily, Apple is working on a fix. “The ability to dial and reach a 911 operator quickly is critical to public safety,” the company said. “The dialing feature in this instance was intentionally misused by some people with no regard for public safety. To prevent further abuse, we’re putting safeguards in place and have also worked with third-party app developers to prevent this behavior in their apps.”
