Report: U.S. 911 Emergency Response System Susceptible to Cyber Attacks

September 9, 2016

The nation’s 911 emergency response phone system is vulnerable to cyber attacks that could disable call centers throughout an entire state for a protracted period of time, according to researchers.

Hackers could "easily" launch an attack against call centers across the U.S. by infiltrating mobile phones to make them automatically call 911 without the user’s knowledge, which would effectively congest emergency phone lines and prevent actual victims from reaching emergency services, the Washington Post reported Friday.

The TDoS attack, or telephony denial-of-service attack, has the capability to impact 911 call centers across the U.S.

The researchers at Ben Gurion University in Israel recently alerted the Department of Homeland Security of their findings. They warned that hackers would only need to infect 6,000 smartphones in a geographical area to launch an attack large enough to interrupt the entire 911 response system in the state of North Carolina.

It would only take 200,000 infected phones nationwide to disrupt 911 services across the U.S.

"Under these circumstances, an attacker can cause 33 percent of the nation’s legitimate callers to give up in reaching 911," the researchers wrote in the paper, which was released to the public Friday.

Trey Forgety, director of government affairs for the National Emergency Number Association, told the Post the researchers "accurately characterized the problem" with the nation’s emergency response system.

"We actually believe that the vulnerability is in fact worse than [the researchers] have calculated," Forgety said.

Hackers could protract attacks against 911 systems for days by deploying tactics that would block authorities from interfering with the fake phone calls, according to the researchers.

Many 911 systems use just three to five circuits to process all emergency calls, which Forgety said he could do "with a pocketful of cellphones.

About 70 percent of the more than 240 million calls Americans make annually to 911 call centers come from mobile phones, according the Post.

The FBI and DHS issued warnings in 2013 to states across the U.S. alerting emergency services of TDoS attacks against administrative lines connected to 911 call centers. Though the perpetrators did not target emergency lines, federal officials said they "launched a high volume of calls against the target network, tying up the system from receiving legitimate calls" after authorities blocked extortion attempts.