Researchers from Ben-Gurion University of the Negev (BGU) have found that next-generation 911 systems are vulnerable to cyberattacks.
The team evaluated the impact of distributed denial of service attacks (DDoS), which occur when internet-connected devices are flooded with traffic, usually generated by bots, on 911 systems in North Carolina. Throughout the country, 911 systems have been slowly transitioning from circuit-switched 911 infrastructure to packet-switched voice over internet protocol (VoIP) infrastructure. VoIP reportedly improves 911 service because it expands reliability by enabling load balancing between emergency call centers or public safety answering points (PSAPs). It also enables the public to call over VoIP and transmit texts, images, video and data to PSAPs.
Yet, DDoS attacks can tie up all available connections with malicious traffic so no legitimate calls can go through. While internet companies are taking steps to combat bot attacks, telephone companies have yet to follow suit.
To test the system’s weakness, the team created a detailed simulation of North Carolina’s 911 emergency call system and a countrywide system. The team found that 6,000 bots can compromise the availability of a state’s 911 system and 200,000 bots can jeopardize the country's 911 system. Reportedly, 6,000 bots can block 911 calls from 20% of a state’s landline callers and half of mobile callers.
Today’s countermeasures for fighting bots are flawed and difficult to implement. They can block certain devices from calling 911, which is effective but risks blocking legitimate calls.
The team suggests that cellphones should be required to run monitoring software to blacklist or block fraudulent calls. Meanwhile, 911 systems could examine identifying information on incoming calls and block calls that are trying to mask themselves.
A paper on this research was published in IEEE Transactions in Dependable and Secure Computing.
