What if hackers could knock off 911 Emergency Telephony Network?

Have you ever wondered what could happen if hackers would block or disrupt 911 emergency call system?

Perhaps you are about to say it’s impossible. However, it would only take 6,000 Smartphones.

According to a recent research, which you can find here, a malicious attacker is able to infect a wide botnet of smartphones located

According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the country to knock the 911 service offline in an entire state for days. The trick is to launch automated TDoS (Telephony Denial of Service) from 6,000 infected smartphones against 911 service in a state by placing simultaneous calls from the botnet devices to the emergency numbers.

In addition, it would be possible to knock the 911 emergency system offline across the entire USA with more or less 200,000 infected mobile phones.

Why a such important call line is not protected enough?
The answer resides in the fact that the US Federal Communications Commission regulations declare that all calls to 911 must immediately be routed to EMS units, without checking the caller’s identity or whether the caller is subscribers to the mobile network.

After all, anyone has the right to call 911…

TDoS attacks: how do they work?
An attacker only requires a mobile botnet to launch TDoS (Telephony Denial of Service) attacks. The attack can be carried out in two ways:

  • By infecting smartphones with malware, or
  • By buying the smartphones needed to launch the TDoS attack.

As we said before, the research about 9-1-1 DDoS: Threat, Analysis and Mitigation reports that an attacker could exploit cellular network protocols by placing a rootkit or persistent, low-level malware within the baseband firmware of a mobile phone.

Or, another way is buying 6,000 or 200,000 smartphones, which cost is around $100,000 or $3.4 Million – a small sum for state-sponsored attackers – to jam 911 emergency system in an entire state or across the whole country. In the end, you dial 9-1-1 and the only information you get would be: “This service is temporarily unvailable”.


This not a strange or rare phoenomenon, since during the terror attack on the Twin Towers in New York City, thousands of legitimate callers dialed 911 at the same time, causing DDoS attacks on both telephony network as well as the emergency reporting system.

Of course, the team did not perform this attack in an actual, nationwide system. It created a small simulated cellular network based on North Carolina’s 911 network and attacked it instead.

The team bot-infected Samsung Galaxy S3, S4 and S5 smartphones running Android 4.4 and 5.x operating system to test their work.

How to prevent such DDoS campaign against Emergency Services?
It is very difficult blocking such attacks, as PSAPs is not able to blacklist fake calls. In addition, a network level blockage is not possible beyond selectively turning off cellular service in bot-infested areas.

However, researchers suggest some countermeasures that can mitigate such attacks:

  • Storing IMEIs and other unique identifiers in a phone’s trusted memory region (like ARM-processor design TrustZone), where malware can not alter them.
  • Implementing a mandatory “Call Firewall” on mobile devices to block DDoS activities like frequent 911 calls.

Such a change, it would require government cooperation, security professionals, cellular service providers, emergency services, and others. This is why it’s hard to expect significant improvements in reality anytime soon.

Author of the original article: Swati Khandelwal. Find it here

Comments are closed.