911 could face its own emergency: Hackers

Researchers show a state's 911 network could fall to hackers who overwhelm the system.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

A 911 dispatcher answers calls in Washington, DC in 2013.

Jared Soares, The Washington Post/Getty Images

The last sound you want to hear when you dial 911 is a busy signal.

But that's what callers would get if a hackers successfully pulled off an attack outlined Friday by researchers from Ben Gurion University in Israel. Using a network of hacked smartphones, attackers could overwhelm a whole state's 911 system with endless calls, shutting out a huge portion of legitimate callers.

The approach, known as a denial of service attack, "is a significant threat to the availability of 911 service," wrote researchers Mordechai Guri, Yisroel Mirsky and Yuval Elovici in the paper.

The researchers looked at the state of North Carolina and created a model based on its 911 system. In the US, emergency response systems are run at the state or local level. If hackers compromised 6,000 smartphones with malicious software, they could make enough calls to 911 to block out half of all legitimate callers using cell phones in North Carolina.

A network of hacked smartphone, commandeered remotely to call 911 over and over again, may sound farfetched, but the researchers found it plausible based on how much malicious software already exists to target phones. They also point out that repeated phone calls from a hacked phone can't be blocked by the current system.

The researchers shared their findings with the US Department of Homeland Security, according to The Washington Post. DHS did not respond to a request for comment. The agency has previously warned of the dangers of a denial of service attack on emergency response infrastructure.

This isn't the only kind of denial of service attack that could overwhelm a 911 system, said Trey Forgety of the National Emergency Number Association, a nonprofit focused on emergency response technology and policy.

"These kinds of issues have been brought up before," Forgety said.

The solution, he said, is to change 911 phone infrastructure completely. Stop using old-fashioned analog phone switches to route emergency calls, and start using private internet-like networks called managed IP networks.

But to achieve that, the federal government would need to invest in 911, and state and local agencies responsible for emergency response systems have to implement the changes and train everyone involved, Fogerty said.

"It's going to take work at every level of government," he said.