Sign in / up

back to article Infected Android phones could flood America's 911 with DDoS attacks

A research trio has shown how thousands of malware-infected phones could launch automated distributed denial of service attacks to cripple the US emergency phone system "for days". The attacks are a new area of research and exploit the need for emergency call services to accept all calls regardless of origin. The theoretical …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Lee D Silver badge

    I imagine there are any number of methods of swamping 911 if you really want to.

    If history is any guide, any large disaster will jam the switchboards solid and make it almost impossible to get emergency services. 9/11. The July bus bombings. All sorts has brought emergency lines to a grinding halt.

    Because, as you'd expect, there's never going to be enough trained people on the end of a phone to handle the number of people who could call in from a large city. Even with immediate "That's not an emergency" and hanging up.

    And if 911 stops, that's not your real problem. The real problem is what else is going on? And that you'll find out from internal emergency and radio systems instead of random people phoning in.

    The real problem here is why would it be so difficult to block on device number (IMEI), especially unknown or unregistered device numbers, in an emergency like that, from a telco's point of view? Surely they are doing that all day long from stolen phones or faked IMEI, no?

    But even without using the cellular networks, Skype will let you dial 911, VoIP trunk providers, hacked businesses, etc. Would you really be able to find and block them all in the space of time that someone TRYING to disable emergency service response would need to make a headline? The answer's no, I would say.

    2 1 Reply
    1. JetSetJim
      Reply Icon

      >The real problem here is why would it be so difficult to block on device number (IMEI), especially unknown or unregistered device numbers, in an emergency like that, from a telco's point of view? Surely they are doing that all day long from stolen phones or faked IMEI, no?

      Checking IMEI slows things down as it's an in-sequence check performed between UE and an EIR. In the case of checking it's stolen or not, that needs to go to the separate register of stolen devices, and even so - why would you be wanting to block a registered stolen phone from dialling the emergency services?

      Networks have an obligation to connect all emergency calls, even from phones registered to another network.

      The problem here is that a relatively small number of devices can untraceably be used to jam the emergency call centres - although you would need to distribute these phones in quite wide geographic areas to ensure either the cellular network is jammed with the attempts (limited call capacity per cell) and that you hit the target number of emergency call centres.

      3 0 Reply
    2. energystar
      Reply Icon
      Linux

      Yet another attention call...

      On the abysmal state of 'backbone', 'stream comm' architecture security.

      0 0 Reply
      1. energystar
        Reply Icon
        Boffin

        Re: Diversify NOW...

        Best immediate workaround is diversification. Land line. Two or three small internet providers instead of one big one. Alternative access trough different social platforms. Access to CB, Police spectra, etc.

        2 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    > The real problem here is why would it be so difficult to block on device number (IMEI), especially unknown or unregistered device numbers, in an emergency like that, from a telco's point of view?

    I think the point is that legally they're not allowed to. Any random phone can be turned on, locked or unlocked, with or without a SIM, and used to place an emergency call - that's intentional, to maximise the reach of emergency help.

    So these rules would have to be tweaked to allow dropping emergency calls from unknown subscribers/devices in the event of a DoS.

    4 0 Reply
    1. Paul Kinsler
      Reply Icon

      rules would have to be tweaked to allow dropping emergency calls from unknown subscribers/devices

      A more minimal tweak might be to allow calls from "known" & "unknown" s/devices to be queued separately, and in the event of capacity problems, to answer each queue alternately. Then, in an anonymized DDos, the two queues would be very different lengths so that "known" calls would be more likely to be answered, but you wouldn't ignore all "unknown" calls.

      2 0 Reply
  3. David Roberts

    Flowchart?

    One of the tests has a NO exit but no YES exit.

    I assume this is a mistake.....

    2 0 Reply
    1. MyffyW Silver badge
      Reply Icon

      Re: Flowchart?

      That's no exit, it's a brexit.

      1 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Flowchart?

      That's because it's not a meteorite!

      Oh, wait, wrong website...

      2 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    In theory

    Just how easy is it to get a malware rootkit into the baseband of a phone?

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: In theory

      On almost all hardware, it must be signed by the manufacturer. There are exceptions for developer devices (i.e. Nexus devices) where this signing check can be turned off - in the interest of allowing developers to run unsigned OSs. A little padlock is displayed on boot when disabled. The process of disabling the signature check requires physical access to the phone (last I checked).

      0 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    DDoS 911 infected Android phones

    How does this malware get onto the phones in the first place?

    1 0 Reply
    1. allthecoolshortnamesweretaken
      Reply Icon

      Re: DDoS 911 infected Android phones

      Well, one possible scenario would be someone with deep pockets who, for reasons of his own, wants to disrupt* emergency services in a specific area at a specific time. With a budget large enough, he could procure a couple of thousand cheap phones, install the software and have them switched on. He could even distribute them to the unsuspecting public via a bogus lottery or something like that.

      1 0 Reply
    2. NonSSL-Login
      Reply Icon

      Re: DDoS 911 infected Android phones

      Dodgy app in the play store or drive by exploit for a start. Chains of exploits have been used to jailbreak iPhones from a web page before and the same is possible with android phones too. So as well as infecting they have got root access.

      As to jumping to the baseband from there is difficult but no doubt it can be done.

      Personally I wouldn't mind full access to my baseband to fiddle with the things you can do with the modifications.

      1 0 Reply
  6. Hans Neeson-Bumpsadese Silver badge

    Open vs closed source

    Just thinking out loud here...

    As a couple of commenters have noted, getting the malware onto the phone(s) is a challenge in itself, but I'm thinking about the challenge of crafting the malware itself. Given that there is a lot of Open Source code in the mix, does that give the malware author a bit of a leg-up in figuring out how to get the malware to do what they want? How much harder would it be if the everything was closed source?

    (I'm not looking for an argument of open vs closed source....like I say, just pondering out loud)

    0 0 Reply
    1. Captain Queeg
      Reply Icon

      Re: Open vs closed source

      >(I'm not looking for an argument of open vs closed source....like I say, just pondering out loud)

      That was my thought when I was reading the article, I can't see what the Android angle is - malware on any mobile device would surely achieve the same result as I imagine a spurious dialler app or remote desktop type app would without being in the baseband*.

      Equally it would surely be the same with a bad VOIP client on a laptop or desktop?

      The story is interesting but i'm not sure where the Android reference (except as clickbait) plays into this?

      * Disclaimer: This is my layman supposition, if I'm wrong I'm sure y'all will let me know. :o)

      0 0 Reply
      1. Paul Kinsler
        Reply Icon

        Re: I can't see what the Android angle is

        "The hackers used a discrete event simulator (DES) and a handful of Samsung phones to test their work" ... presumably android ones, since that's what the majority of Samsung smartphones are?

        0 2 Reply
        1. NonSSL-Login
          Reply Icon
          Holmes

          Re: I can't see what the Android angle is

          Well I have never seen a Samsung iPhone...

          0 1 Reply
          1. Anonymous Coward
            Reply Icon
            Anonymous Coward

            Re: I can't see what the Android angle is

            "Well I have never seen a Samsung iPhone..."

            Perhaps you haven't been paying attention:

            http://i-cdn.phonearena.com/images/reviews/70927-image/Samsung-Galaxy-S-Review-Design-002.jpg

            *Runs, fast, really fast*

            0 0 Reply
        2. energystar
          Reply Icon
          Boffin

          Re: I can't see what the Android angle is

          Neither I, except for being the default target [cheap?].

          0 0 Reply
    2. hayzoos
      Reply Icon

      Re: Open vs closed source

      The baseband is where the cell radio "firmware" is located. That may be closed source. This attack uses the baseband approach to achieve the semi-anonymous IMEI only calls.

      It is done on closed source, and possibly may need to be signed. So this is not an easy attack on many levels, but that does not mean impossible. Once the steps are defined, as much as possible can be scripted and it becomes a lot more feasible.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like