SOS sign in road tunnel showing Next Generation 911 systems are vulnerable to DDoS attacks

Next Generation 911 Systems Vulnerable to DDoS Attacks

The Next Generation 911 systems that are being developed still remain vulnerable to DDoS attacks, despite many of the vulnerabilities in question having been identified in as early as 2016.

According to a study—undertaken by cybersecurity researchers Mordechai Guri, Yisroel Mirsky and Yuval Elovici from Ben-Gurion University of the Negev—cybercriminals are able to “exploit the cellular network protocols in order to launch an anonymized DDoS attack on 911.”

In essence, their findings showed that “anonymized phones” are able to “issue repeated emergency calls that cannot be blocked by the network or the emergency call centers, technically or legally.”

“The 911 emergency service belongs to one of the 16 critical infrastructure sectors in the United States,” the researchers explain. “Distributed denial of service (DDoS) attacks launched from a mobile phone botnet pose a significant threat to the availability of this vital service.”

In spite of these findings, however, Next Generation 911 systems—the loose and decentralized initiative aimed at updating the 911 service infrastructure in the United States—have failed to address the vulnerabilities exposed by the researchers.

Updated 911 systems at risk

In the US, 911 systems have been slowly transitioning away from circuit-switched 911 infrastructure in recent years, instead opting in favor of more modern packet-switched voice over internet protocol (VoIP) infrastructure.

The transition to Next Generation 911 systems allegedly improves 911 service due to the fact that it expands its reliability by balancing the load between emergency call centers and public safety answering points. By calling over VoIP, the upgrade also enables the public and send texts, images, video and data to the call centres—a new feature in Next Generation 911 systems.

However, according to the study, DDoS attacks have the capacity to confuse available connections with malicious traffic. In this way, legitimate calls are not able to engage between the caller and the call centre.

To test the weaknesses of the US’ Next Generation 911 systems, the researchers from Ben-Gurion University explored the impact of DDoS attacks—which occur when internet-connected devices are flooded with traffic—on 911 systems in North Carolina.

The researchers created a simulation of North Carolina’s 911 emergency call system, alongside a simulation of the system nationwide. The results indicated that as few as 6,000 bots have the ability to compromise the availability the 911 system in North Carolina for days. Extrapolated countrywide, the results further indicated that 200,000 bots would be able to overwhelm the 911 systems in the entire country.

According to the researchers, 6,000 bots are able to block 911 calls from as much as 20% of landline callers and half of mobile callers in a given state.

The Ben-Gurian University researchers names DDoS attacks of this nature as telephonic denial of service attacks (‘TDoS attack’), and point out that they can be notoriously difficult to tackle.

“The countermeasures that exist, or are possible, today are difficult and highly flawed,” the researchers wrote in an article in The Conversation. “Many of them involve blocking certain devices from calling 911, which carries the risk of preventing a legitimate call for help.”

“But they indicate areas where further inquiry,” the researchers continue, “and collaboration between researchers, telecommunications companies, regulators and emergency personnel – could yield useful breakthroughs.”

DDoS attacks present more of a threat than anticipated

The use of DDoS attacks is becoming increasingly more sophisticated and capable, according to recent reports from a variety of different sectors and industries.

While internet companies, for example, have indeed been faster in taking steps to combat DDoS attacks than have telecommunication companies—the industry nevertheless remains affected.

According to Laura DeNardis, Professor of Communication Studies at the American University School of Communication, as the Internet of Things (IoT) industry expands, so too will the risks of it being targeted by DDoS attacks.

DeNardis points out that such attacks might potentially have an unprecedented effect on public life, from the disruption of political communication, to preventing people from voting and cyberattacks becoming more and more capable.

With respects to its impact on elections, DeNardis points out in a column for The Conversation that “more things than people are now connected to the internet.”

“These connected objects are a new terrain for election interference – and people shouldn’t be surprised if they’re used that way.”

IoT is merely one among many in a slew of other industries and government departments that have reported being increasingly affected by DDoS attacks in recent months, some of which include tourism, national defense, and internet services.