Lighthouse Technology Solutions Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Archives
    Archives Contains a list of blog posts that were created previously.
Posted by on in Security

Even the 911 Address Database Can Get Hacked

b2ap3_thumbnail_911_gets_hacked_400.jpgPeople dial 911 when they’re in some sort of trouble or in the event of an emergency. If not for the hotline, who knows how many lives could be lost daily. Sometimes, however, help doesn’t come, even when dispatchers have received the call and responded. This generally isn’t the fault of the dispatchers, but rather the criminals who have undermined the rescue efforts thanks to some unorthodox hacking.

WIRED magazine reports that the 911 address database could potentially be susceptible to an online hacking attack. At its time of creation, the 911 system was meant to streamline operations for those who needed immediate emergency assistance, and its security suffered in response. Rather than concentrate on network security, more emphasis was put on training the operators to deal with common problems, like coaching those on the other side of the line how to perform CPR if necessary. So, what happens if someone were to hack the database and mess with its contents?

Complete and total chaos. Hackers can potentially alter the addresses that are contained in the database and make it difficult to administer aid when it’s needed most. Depending on which type of phone is used, there are different ways in which the system works:

  • Landlines: The operators must determine the location of the caller. If they’re using a landline phone, they use a database of addresses which are tied to particular phone numbers.
  • Wireless Phones: A slightly different method is used if the caller is using a cellphone. These phones are equipped with GPS chips which send out coordinates after a cellphone tower processes the call.

In response to these troubling discoveries, ER physician Christian Dameff and pediatric doctor Jeff Tully, both seek to improve the quality of 911’s network. Both were involved in streamlining the system when it was first created. With the help of IT security manager Peter Hefley, the trio hacked into the system itself to look for potential vulnerabilities. In order to create a world where hackers don’t rule the Internet, they presented their findings at the DefCon hackers conference in Las Vegas.

A 911 hack is much different from the type of hack which we normally see in the business world. Ordinarily, a hacker might break into a network in order to find some sort of sensitive information or steal personal credentials. Instead of ruining someone’s credit history, stealing their identity, or charging money to their credit cards, hackers make responding to other crimes much more difficult by swapping addresses around in the database. They can also launch irritating denial of service attacks, which can potentially prevent calls from even reaching the center. Furthermore, operators might be trained to ask the callers for their current address, but they often don’t know where they are. If the addresses in the database aren’t accurate, people in need may not receive aid when they need it most.

Swatting with Landlines
One particular method a hacker tends to use to interfere with emergency deployment is called “swatting.” In essence, it’s basically a fake 911 call. A hacker calls the 911 operator using a fake or stolen phone number or caller ID, then proceeds to report fake home invasions or hostage threats (depending on how creative they’re feeling). What’s worse is that these types of techniques are so simple that even an inexperienced hacker can pull them off.

Furthermore, if the swatter calls a local public safety hotline rather than 911 itself, they can completely bypass the system and simply provide the address of their target. The last thing anyone wants is the police knocking on their door due to nothing but a hoax. While the public safety hotline numbers aren’t generally available to the public, a hacker can find the number through a tone extraction technique on recorded 911 calls.

Swatting Mobile Phones
Thanks to the mobile device using a GPS chip rather than a physical address, you would think that it would be more difficult to pull off a swatting attack. The GPS chip provides both the latitude and longitude rather than the owner’s billing address. This information is stored temporarily in the address database upon making the call, and is then switched over to the public security line.

Thanks to another quirk in the system, it’s simple enough for callers to fool the emergency responders. By using a prepaid phone which isn’t connected to an account, hackers can use the phone without being detected. The issue lies in the fact that phones must, by law, be able to contact 911.

Swatting with VoIP
Voice over Internet Protocol systems can also potentially be tampered with in the event of an emergency. It doesn’t help that the process by which a VoIP user calls 911 is a long process. VoIP users manually place their address in the VoIP system database. They must then configure it to route their calls from 911 to the public safety number. As with any database, if a hacker gets access to it, they can mess with any address on file or steal information from it to use for other tactics.

On a more platonic level, poor security and poor communication can have unfortunate consequences. If someone can’t reach your company’s support when they need to most, you’ll either have an angry client ripping your business practices apart, or a former client hanging up the phone on you. This is one reason why Lighthouse Technology Solutions puts emphasis on security over all else. With our powerful security solutions, you can know your business is equipped to handle both inside and outside threats. Our Unified Threat Management solution can keep your business’s network as secure as can be.

At Lighthouse Technology Solutions, you won’t find your IT emergencies falling on deaf ears. Give us a call at 703-533-LTSI (5874) to learn more.

With over 15 users experience of providing IT solutions and advice. Mixing innovations in technlogy with clients requirements is rewarding and inspiring when we sit down to measure the results.

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Sunday, 21 July 2019

EasyBlog Latest Blogs

Things That Go Bump in the Server Closet
Miscellaneous
Halloween is a time to conjure up things that give people the creeps. Scary sounds are just one way to send shivers up the spine. Sounds like, howling werewolves, zombie groans, chainsaws, and bloodc...
Continue Reading...

Latest News

Our Site Has Launched!

flag

Welcome to Our New Site!
We are proud to announce the unveiling of our new website at Lighthouse Technology Solutions!

Read more...

Contact Us

Learn more about what Lighthouse Technology Solutions can do for your business.

callphone

Call us today
703-533-LTSI (5874)

119 Lounsbury Place
Falls Church, Virginia 22046