‘911’ iPhone Exploit Put U.S. Call Centres at Risk in Cyber Attack
In October of last year, an iOS exploit caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one U.S. 911 center was in “immediate danger” of losing service, while two other centers had been at risk – but a full investigation has now concluded that the incident was much more serious than it appeared at the time, reads a new report from the Wall Street Journal.
The report notes that for at least 12 hours between Oct. 25 and Oct. 26, 911 call centers in at least a dozen U.S. states experienced “what investigators now believe was the largest-ever cyberattack on the country’s emergency-response system.”
“Federal and state officials have worried that America’s aging 911 system is vulnerable to hackers,” reads the report. “The October cyberattack confirmed those fears and sent investigators scrambling to answer two questions: Who launched it? And why?”
There are 6,500 911 call centers in the United States. Only 420 of these have implemented a cybersecurity program designed to protect them from these type of attacks.
“If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly,” said Trey Forgety, director of government affairs at the National Emergency Number Association, a 911 trade group. “This was a serious wake-up call.”
Apple has since pledged to release an update to fix the bug that caused the issue in the first place. “The update will cause a ‘cancel’ or ‘call’ pop-up to appear on the iPhone screen,” reads the report, “and users will be required to press ‘call’ before the iPhone will dial, according to Apple.”
“The ability to dial and reach a 911 operator quickly is critical to public safety,” Apple said. “The dialing feature in this instance was intentionally misused by some people with no regard for public safety. To prevent further abuse, we’re putting safeguards in place and have also worked with third-party app developers to prevent this behavior in their apps.”
No word on whether this affected any Canadian 911 call centres, but it’s interesting to note another iPhone-only exploit was discovered and finally patched by Apple.