- Feb 7, 2014
- 1,540
Researchers have demonstrated that a botnet powered by only 6,000 smartphones is enough to cause serious disruption to the 911 emergency services of a U.S. state via what is known as a telephony denial-of-service (TDoS) attack.
When people in the United States dial the 911 emergency number, their telecom provider connects them to the enhanced 911 (E911) network, which routes the call to the nearest public safety answering point (PSAP), the call center responsible for dispatching police, firefighting and ambulance services.
According to researchers of the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel, emergency services can be easily disrupted by malicious actors with a fairly small distributed denial-of-service (DDoS) botnet.
One major problem is that the FCC requires wireless carriers to forward 911 calls to PSAP centers without going through the regular process of identifying callers and determining their subscriber status. This makes TDoS attacks launched from mobile devices more difficult to mitigate as attackers can randomize the phone’s identifiers in an effort to prevent blacklisting.
The attack scenario described by experts involves a botnet of Android phones infected with malware. As recent incidents have demonstrated, it is not difficult for malicious actors to infect even millions of smartphones, while the attack described by researchers only requires a few thousand phones to cause damage.
Once the smartphones are infected, the attackers can instruct the malware via command and control (C&C) servers to continuously call 911 from the compromised devices. There are three types of bots: non-anonymized, anonymized and persistent anonymized. Non-anonymized bots don’t make an effort to disguise the calling device’s IMSI and IMEI identifiers, making attacks more easy to block.
Anonymized and persistent anonymized bots hide IMSI and IMEI information, and they reside in the firmware of the infected device’s baseband processor. This makes the malware more difficult to detect and remove, and the attack more difficult to block. Each type of malware can inject audio content into the 911 calls they make in order to prevent the target from quickly distinguishing legitimate calls from automated ones.
You can catch the rest of this news here: Hackers Can Disrupt 911 Services With Small Smartphone Botnet | SecurityWeek.Com
When people in the United States dial the 911 emergency number, their telecom provider connects them to the enhanced 911 (E911) network, which routes the call to the nearest public safety answering point (PSAP), the call center responsible for dispatching police, firefighting and ambulance services.
According to researchers of the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel, emergency services can be easily disrupted by malicious actors with a fairly small distributed denial-of-service (DDoS) botnet.
One major problem is that the FCC requires wireless carriers to forward 911 calls to PSAP centers without going through the regular process of identifying callers and determining their subscriber status. This makes TDoS attacks launched from mobile devices more difficult to mitigate as attackers can randomize the phone’s identifiers in an effort to prevent blacklisting.
The attack scenario described by experts involves a botnet of Android phones infected with malware. As recent incidents have demonstrated, it is not difficult for malicious actors to infect even millions of smartphones, while the attack described by researchers only requires a few thousand phones to cause damage.
Once the smartphones are infected, the attackers can instruct the malware via command and control (C&C) servers to continuously call 911 from the compromised devices. There are three types of bots: non-anonymized, anonymized and persistent anonymized. Non-anonymized bots don’t make an effort to disguise the calling device’s IMSI and IMEI identifiers, making attacks more easy to block.
Anonymized and persistent anonymized bots hide IMSI and IMEI information, and they reside in the firmware of the infected device’s baseband processor. This makes the malware more difficult to detect and remove, and the attack more difficult to block. Each type of malware can inject audio content into the 911 calls they make in order to prevent the target from quickly distinguishing legitimate calls from automated ones.
You can catch the rest of this news here: Hackers Can Disrupt 911 Services With Small Smartphone Botnet | SecurityWeek.Com
