The danger of DDoS attacks on PSAPs

Malicious actors could use a mobile phone botnet to launch a devastating denial of service (DDoS) attack on public safety answering points such as Triple Zero in Australia or 911 in the USA.

This is the conclusion of a new paper published by researchers from the Ben-Gurion University of the Negev’s Cyber-Security Research Centre.

“In this paper we show how attackers can exploit the cellular network protocols in order to launch an anonymised DDoS attack on 911,” said Mordechai Guri, Yisroel Mirsky and Yuval Elovici.

“The current FCC regulations require that all emergency calls be immediately routed regardless of the caller’s identifiers (eg, IMSI and IMEI). A rootkit placed within the baseband firmware of a mobile phone can mask and randomise all cellular identifiers, causing the device to have no genuine identification within the cellular network. Such anonymised phones can issue repeated emergency calls that cannot be blocked by the network or the emergency call centres, technically or legally.”

The researchers tested different forms of the attack on a small cellular network and followed that up with a simulation and analysis of anonymous attacks on a model of current 911 infrastructure in order to measure the severity of their impact.

“We found that with less than 6K bots (or $100K hardware), attackers can block emergency services in an entire state (eg, North Carolina) for days,” they said in the paper.

The researchers said that such an attack would affect the PSAP and the client in the following ways:

• Because PSAPs typically have no built-in way of blacklisting callers, in the face of a large attack they would have no choice but to answer every call.
• But even with a blacklisting system in place, the owner of an infected device would be blocked from legitimately calling emergency services in a time of need.

Image courtesy 911.gov