SoylentNews is people
SoylentNews
from the still-at-that-irresponsible-age dept.
Fortune reports:
[18 year old] Meetkumar Hiteshbhai Desai was arrested[PDF] by the Cyber Crimes Unit of the Maricopa County Sheriff's Office, after he shared [with his 12,000 Twitter followers] a link to a JavaScript exploit that forced iPhones to call 911 repeatedly. The link was clicked 1,849 times, triggering over 100 "hangup calls" to the 911 dispatch center in Surprise, Arizona, within a matter of minutes. The Maricopa [Sheriff's] Office says that put the center in "immediate danger of losing service to their switches".
Large volumes of fraudulent calls were also directed to the Peoria, Arizona police department and to the Maricopa County [Sheriff's] office, also threatening 911 service in those areas. Other fake calls were also reportedly directed to agencies in California and Texas.
Desai has been charged with 3 felony counts of computer tampering, though he told the [Sheriff's] office that he distributed the exploit accidentally. Desai told investigators in part that he was researching bugs to turn over to Apple as part of its bug bounty program, announced at the Black Hat conference this summer.
Desai told investigators that while working to exploit a bug discovered by an acquaintance online, he developed two versions of the malicious JavaScript code--one that opened popups and executed other annoying commands on a phone that accessed it, and another that commanded the phones to repeatedly dial 911. He told investigators that he had intended to share the less-malicious version of the exploit as a kind of prank, but accidentally shared the 911-dialing version instead.
[...] Researchers demonstrated in September that only 6,000 phones affected by a similar hack could cause major disruptions to 911 services across a mid-sized U.S. state. 911 systems are particularly vulnerable because the FCC requires that mobile 911 calls be exempted from certain kinds of service filtering. Some forms of malware can even generate audio content with the calls, making it very difficult for call centers to distinguish between legitimate and fraudulent calls.
(Score: 0) by Anonymous Coward on Monday November 07 2016, @12:06AM
While I mostly agree with your assessment of the situation and your assignment of blame and consequences should seem reasonable enough, I still have to call bullshit. I work on voip systems and I purposely do stupid sh!t to them while testing things. Not once have I ever considered using 911 as a destination! Hell, I don't even use regular customer numbers/phones for testing; I order extra DIDs and setup dedicated test devices for testing because I know how badly things can go. Getting back to the story, it would be severe incompetence if Desai only targeted 911, however, he also targeted the county sheriff's offices. One without the other could be viewed as a mistake, maybe...but together, they demonstrate intent. Yes, we should work to make critical systems more robust and reliable but until that happens, I don't want to die on the floor during my next heart attack because some punk-ass kid thought it would be funny to ddos 911 and the police at the same time.