911 Emergency System at Risk from Infected Android Phones


New research has shown that thousands of malware-infected Android phones could launch an automated DDoS attack on the United States emergency phone system with the potential to cripple it “for days”.

A theoretical attack stemming from infected Android phones could exploit the emergency services’ need to accept all calls, regardless of origin.

A research Trio from Negev Ben-Gurion University have underlined a theoretical attack that sees the malware hide a phone’s International Mobile Subscriber Identity (IMSI) while only revealing its International Mobile Station Equipment Identity (IMSEI) number. Essentially, this negates any possibility of caller identification by cloaking the device’s origin.

In their report [PDF], titled 911 DDoS: Threat, Analysis and Mitigation, the researchers wrote:

A rootkit placed within the baseband firmware of a mobile phone can mask and randomise all cellular identifiers, causing the device to have no genuine identification within the cellular network.

Such anonymised phones can issue repeated emergency calls that cannot be blocked by the network or the emergency call centers, technically or legally.

To put their theory to test, the hackers used a discrete event simulator and a number of Samsung phones. The malware was placed in the phone’s baseband which would render the phones into a “no SIM” state. From here on in, only the IMEI number would be exposed, leaving the phones hard to track.

Current Federal Communications Commission regulations dictate that all emergency calls, regardless of the caller’s identifiers, be routed to the system. As a result, tackling the plausible scenario of an army of infected Android phones will prove a tricky proposition.

The researchers deduced that half of all mobile phone emergency callers would give up trying to reach the emergency system with 6,000 infected phones jamming the lines of the public safety answering points (PSAPs). That number rises to 90 percent of all mobile callers when there are 50,000 compromised devices

To sum up the dire outlook of what could come to pass, a fleet of 200,000 infected Android phones could put at risk the entire emergency services system in the United States.

As a means to a solution, the research team suggested that such an attack can be prevented altogether by storing IMSI numbers on a phone’s trusted memory apparatus, such as Android Pay. This would fundamentally prevent any alteration of the device.

Image credit: Pexels.