Teen arrested for sharing exploit that almost brought down 911

He inadvertently flooded emergency services with fake calls.

AP Photo/Ross D. Franklin

An Arizona teen is discovering why you should think very carefully about sharing exploits online: you don't know what people will do with them... or in some cases, that you're sharing the right exploits. Phoenix police have arrested 18-year-old Meetkumar Hitesbhai Desai on computer tampering charges after he publicly posted a version of iOS-based JavaScript attack that he thought would only deliver annoying pop-ups, but actually made bogus 911 calls. In the Phoenix region, there were so many hang-up calls (there were 1,849 link clicks in total) that there was the "potential danger" of emergency phone services going down, the Maricopa County Sheriff's Office says. California and Texas police saw call spikes, too.

Desai tells police he was only trying to find iOS flaws and report them to Apple for the sake of collecting bug bounties and acclaim. Reportedly, he was only trying to prank friends with the public post and slipped up by releasing the wrong code.

It's not certain that a judge and jury will sympathize with Desai's account of events. If this really was a mistake, it still had serious repercussions. What if 911 really had gone down, or had been late to responding to real calls? Whatever the truth may be, the bust emphasizes how fragile emergency phone services can be. As Softpedia observes, researchers have learned that it could take just 6,000 smartphones to completely flood a state's 911 system. Given that it took a relatively mild incident to bring one region's system to its knees, 911 providers will want to beef up their defenses if they expect to survive larger, more deliberate attacks.