Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Malware, Governance, Risk and Compliance, Critical Infrastructure Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Paper: Only 200K mobile bots needed to impair U.S. 911 system with DDoS attack

A few as 200,000 mobile bots working in concert would be enough to launch a successful distributed denial of service (DDoS) attack against the U.S.'s 911 telecommunications infrastructure, significantly disrupting service nationwide, warns a new research paper, released Thursday by Ben-Gurion University.

In the document, researchers Mordechai Guri, Yisroel Mirsky and Yuval Elovici warn that bad actor could potentially access a phone's baseband firmware and install a rootkit that hides, masks or spoofs its numerical identifiers. The botmaster can then command the anonymous bot to inundate the system with repeated calls without being identified and blacklisted.

After simulating such attacks, the researchers also determined that only 6,000 mobile bots would be needed to substantially hamper North Carolina's 911 system, blocking 50 percent of wireless callers and 20 percent of wireline callers over multiple attempts. Meanwhile, those who do get through would experience a potentially life-threatening 40 percent rise in service time. With 50,000 bots (only 0.0054 percent of its population), 90 percent of the state's wireless users calling 911 would not get through, the report continues.

While the research paper exposes important vulnerabilities in the 911 infrastructure that should be fixed, there is no reason to believe that the threat presented within is imminent, said Rebekah Brown, threat intelligence lead at Rapid7, in comments emailed to "There is the potential that someone could execute this attack, but it would take time and effort, and a flood of calls after a natural disaster could have the same impact," said Brown.

The paper does suggest several methods for detecting or mitigating a DDoS attack by anonymous mobile bots. Among them is Trusted Device Identification, whereby a device "is forced to send a trusted unaltered identifier to the network. The identifier... must be stored in a trusted memory region... so it cannot be changed by malware at any level," the report explains.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.