Emergency 911 systems vulnerable to spoofing
Imagine settling in for bed at night when all of a sudden a helicopter, police dogs and a crack team of SWAT swarm your domicile looking to quell an armed robbery. This is what happened back in March
to a Lake Forest Calif. family last March, according to the Orange County Register
The police were responding to a 911 call. The trouble was, the call was a spoof, from a Washington teenager, who now faces 18 years for the prank. The incoming call looked to the dispatcher like it came from the house.
The police wouldn't reveal how the malicious hacker spoofed the phone number, other than to point out it was a low-tech hack that almost anyone could do.
O.K., so let's count the problems here. One, the police don't want to say how the system was breeched because of worries others will do the same. That's an approach the security community calls security-through-obscurity. It never works
, especially in the age of the Internet.
Number two, fooling a 911 system is evidently so easy that anyone can do it. In fact, a whole underground discipline has grown up around 911 spoofing
, called swatting, and could involve Internet telephony or phone cards that allow users to appear as if they are calling from any number they choose
Problem number three is that this incident wasn't unique. Evidently, the prankster made calls
to responders across the country.
Posted by Joab Jackson on Oct 18, 2007 at 9:39 AM