Computerware Blog
911: “What is Your Emergency?” You: “I’ve Been Hacked!”
Believe it or not, there are horror stories told of innocent people being abandoned by 911 dispatchers when they need help the most. This mainly isn’t due to incompetence on the dispatchers’ part, but because there are malicious forces that aren’t taken into consideration. Often, victims of 911 mishaps are misled by the odd hacker.
According to WIRED magazine, not even the 911 address database is that secure from hackers. Unfortunately, keeping the system safe wasn’t at the top of the priority list when figuring out how to best provide emergency medical assistance to those who called the hotline. Instead, more focus was put on training 911 operators to coach those on the other end of the line how to perform CPR. The phone line might be advertised as 24/7, but what happens when, say, someone hacks into the database and messes with the addresses on file?
Chaos ensues. The emergency call system works two different ways, depending on what type of phone is used:
- Landline Phones: In order to find the caller’s location, first responders need to use a database of addresses tied to phone numbers.
- Wireless phones: these send out coordinations via a GPS chip, and a cell phone tower processes the call.
Christian Dameff and Jeff Tully, an emergency room physician and pediatric doctor, respectively, both sought to better improve the security of 911’s network. The two were also heavily involved in streamlining the 911 system. Together with IT security manager Peter Hefley, they decided to hack the system and discover where vulnerabilities existed. Like many others researching how to keep the world safe from hackers, they presented their findings at the DefCon hacker conference in Las Vegas.
Unlike other types of data breaches, a 911 hack isn’t going to result in someone stealing your identity. They won’t open bank accounts under your name and ruin your credit history. They won’t charge money to your credit cards. What hackers will do is edit the databases and make addresses difficult to find. They can even launch denial-of-service attacks, preventing calls from even reaching the emergency call center. Even though the operators are trained to ask callers for their address, some callers don’t know where they are. Even an outdated database can be the reason that people die from hacking attacks.
Swatters with Landlines
One method which hackers can use to interfere with emergency deployment is “swatting.” This is done by calling a 911 operator under the guise of a fake or stolen phone number or caller ID. These are often fake reports of home invasions or even hostage threats, and are so easy that a 12-year-old kid can pull them off. If a swatter calls their local public safety hotline, they don’t even need to go through 911, and can instead just provide the address of their target. These attacks, to say the least, are disruptive and annoying. Generally, the numbers for these public safety hotlines aren’t available to the general public, but a hacker can find them easily enough by listening in on recorded 911 calls and using a tone extraction technique.
Mobile Swatting
Similar to the landline, a 911 operator needs an address in order to find where the caller is located. However, with a mobile device, the location is provided with a GPS chip, and is given in latitude and longitude, rather than the owner’s billing address. This information is stored temporarily in the address database, and then the call is switched over to the public security phone line.
It has been proven that callers can even fool this system by using a prepaid phone that isn’t connected to an account, the reason being that phones are required by law to be able to call 911. No number is given to track the phone or the user, so it is difficult to find out who is calling and where they are.
VoIP Swatting
Even Voice over Internet Protocol (VoIP) users can potentially have trouble getting through in the event of an emergency. If a VoIP user wants to call 911, they have to go through a long process. VoIP users must manually place their address in a database provided by their VoIP system. They must then configure it to route their calls from 911 to a local the public safety number. And, if the user has access to the database, you can bet that hackers can find a way to access it, too.
As seen by these examples, poor security can lead to poor communication, and even deadly consequences. If your clients cannot reach you when they need you most, you’ll have either an angry customer on your hands or no customer at all. This is why we at Computerware value security above all else. We can outfit your business with security solutions designed to keep you safe from outside threats. With a Unified Threat Management solution, you can be sure that your network is as secure as can be.
If your IT is in distress, give Computerware a call at (703) 821-8200. We’ll resolve your problems quickly and efficiently with minimal incident.
Comments