Apple fixes iOS loophole that overloaded 911 centers last fall
The iPhone's autodial system caused thousands of 911 calls to be placed last October.
Last October, a teenage hacker figured out how to trick some iPhones into calling 911 repeatedly, racking up thousands of bogus calls. That attack took place months ago, but Apple has just now updated iOS to keep such an incident from occurring again. As noted by The Wall Street Journal, iOS 10.3 (which rolled out earlier this week) closes the vulnerability that 18-year-old Meetkumar Hiteshbhai Desai allegedly exploited.
The WSJ detailed exactly how the hack happened back in October. The short explanation is that iOS had a feature that let apps automatically dial a designated telephone number when tapping on a link -- now, iOS 10.3 requires users to confirm they want to dial the number before a call is initiated. In the case of this attack, Desai allegedly wrote a code and posted it on Twitter; 911 was dialed when users tapped the link.
But once the call was started and the user hung up the phone, the phone would automatically dial it back again -- the only way to break the chain was to shut the phone off entirely. Android phones weren't affected by this issue. If you tapped the link while using Android or on the web, you'd instead get directed to a site that simply said "LOLOLOLOLOLOLOL."
Apple may have closed off the issue that caused this specific attack, but 911 systems remain surprisingly vulnerable to brute force overloads. As noted by the WSJ, there are 6,500 911 call centers in the US, but only 420 of them are part of a cybersecurity defense program. The Department of Homeland Security has been working on ways to prevent and defend against these types of brute force attacks, but they haven't come up with a solution just yet. As for Desai, he claims that he released the code by accident, but that doesn't change the very real harm his prank caused.
