SoylentNews is people
SoylentNews
Submission Preview
Exploited iOS Flaw Lands Teen in Jail for Accidental Attack on 9-1-1 Systems
from the still-at-that-irresponsible-age dept.
Fortune reports [fortune.com]
[18 year old] Meetkumar Hiteshbhai Desai was arrested [mcso.org][PDF] by the Cyber Crimes Unit of the Maricopa County Sheriff's Office, after he shared [with his 12,000 [softpedia.com] Twitter followers] a link to a JavaScript exploit that forced iPhones to call 911 repeatedly. The link was clicked 1,849 times, triggering over 100 "hangup calls" to the 911 dispatch center in Surprise, Arizona, within a matter of minutes. The Maricopa [Sheriff's] Office says that put the center in "immediate danger of losing service to their switches".
Large volumes of fraudulent calls were also directed to the Peoria, Arizona police department and to the Maricopa County [Sheriff's] office, also threatening 911 service in those areas. Other fake calls were also reportedly directed to agencies in California and Texas.
Desai has been charged with 3 felony counts of computer tampering, though he told the [Sheriff's] office that he distributed the exploit accidentally. Desai told investigators in part that he was researching bugs to turn over to Apple as part of its bug bounty program [softpedia.com], announced at the Black Hat conference this summer.
Desai told investigators that while working to exploit a bug discovered by an acquaintance online, he developed two versions of the malicious JavaScript code--one that opened popups and executed other annoying commands on a phone that accessed it, and another that commanded the phones to repeatedly dial 911. He told investigators that he had intended to share the less-malicious version of the exploit as a kind of prank, but accidentally shared the 911-dialing version instead.
[...]Researchers demonstrated in September [securityweek.com] that only 6,000 phones affected by a similar hack could cause major disruptions to 911 services across a mid-sized U.S. state. 911 systems are particularly vulnerable because the FCC requires that mobile 911 calls be exempted from certain kinds of service filtering. Some forms of malware can even generate audio content with the calls, making it very difficult for call centers to distinguish between legitimate and fraudulent calls.
