Desai has fewer than 1,200 Twitter followers, but the attack spread as other users reposted it, saying it was a link to new Drake music or other trolly things like that. The malware received its biggest exposure when it was posted by @duhitzmark, a social media celebrity with 463,000 Twitter followers. More than a few of his fans fell for the trap: Investigators say the link was clicked 117,502 times.
Since most emergency call centers are landline-based, they're not as vulnerable to technological attacks as the VoIP systems that many large businesses use. However, even this type of attack could be dangerous if there's malicious intent behind it. "If this was a nation-state actor that wanted to damage or disable 911 systems during an attack, they could have succeeded spectacularly," Trey Forgety, director of government affairs at the National Emergency Number Association, told the Journal. "This was a serious wake-up call."
Apple isn't taking the issue lightly: It's already implementing measures to make sure this type of attack can't happen again on its platform. A forthcoming iOS update will cause a window with the options "cancel" and "call" to pop up on the iPhone screen when calls are made, Apple told the Journal. In order to initiate a call, users will have to tap the "call" button before the number is dialed. It's also working with third-party developers to bring similar security standards to their apps.
Desai claimed he wanted to submit the iOS vulnerability to Apple as part of its bug bounty program, but Apple said he was not part of it. Regardless of his intent, Desai has been charged with four felony counts of computer tampering and faces up to 12 and a half years in prison.