Exploit that Caused iPhones To Repeatedly Dial 911 Reveals Grave Cybersecurity Threat, Say Experts (9to5mac.com) 71
Ben Lovejoy, writing for 9to5Mac: We reported back in October on an iOS exploit that caused iPhones to repeatedly dial 911 without user intervention. It was said then that the volume of calls meant one 911 center was in 'immediate danger' of losing service, while two other centers had been at risk -- but a full investigation has now concluded that the incident was much more serious than it appeared at the time. It was initially thought that a few hundred calls were generated in a short time, but investigators now believe that one tweeted link that activated the exploit was clicked on 117,502 times, each click triggering a 911 call. The WSJ reports that law-enforcement officials and 911 experts fear that a targeted attack using the same technique could prove devastating. Of the 6,500 911 call centers nationwide, just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack.
Re: (Score:2)
Re:bug bounty (Score:5, Informative)
Ben Lovejoy, the article author, is known for sensationalist journalism. It's a click-bait piece, like everything else he writes.
hasn't apple patched it by now? (Score:5, Insightful)
and since most IOS users are on the latest version how is this still a problem?
Re: (Score:3, Insightful)
Most iOS users are on the latest version that's available for their iPhone model, unless they've heard the latest release will make their current iPhone slower - which happens a lot.
Re: (Score:1)
Re:hasn't apple patched it by now? (Score:4, Informative)
It likely isn't a conspiracy theory. Nvidia seems to do something like this [techspot.com] with graphics drivers [gamespot.com] and old video cards. Where AMD equivalents weren't suffering the same generational loss even with newer drivers. In many cases the AMD cards improve more even further in the cards lifetime. Ex: A 670 is approx to a 7950-7980. Today with the newest drivers it struggles to hold against a 7750, where that same 7950 in some cases is at the level of a 680.
Re: (Score:2)
I guess that's one of the strengths and weaknesses of Android.
You no longer get vendor updates after a year or so but the community help out.
I use a 4 year old handset with a new battery. Thanks to Lineage OS it runs the latest Android as smoothly as it ever did.
Re: (Score:1)
Re:hasn't apple patched it by now? (Score:5, Informative)
Most iOS users are on the latest version that's available for their iPhone model, unless they've heard the latest release will make their current iPhone slower - which happens a lot.
Four-year-old iPhones are still upgradable to the latest version of iOS.
If you're going to claim that there's a huge number of iPhones which are intentionally not being upgraded, you should probably provide some sort of citation.
Re: (Score:2)
Can confirm was running ipad 2 with 6.1.3 now running ipad 4 with 6.1
I hate the iOS 7 and above UI and it's significantly faster at most tasks than newer models that are up to date.
Also in the newer versions the safari JavaScript toggle is in a sub sub menu by itself for no reason.
I'll eventually upgrade to an ipad pro 9.7 or a windows tablet I haven't decided yet the lack of flash suppot on the ipad is still a pita but the on screen keyboard integration of windows is crap then again if I go with windows I
Re: (Score:2)
I am still using an iPhone 4S. :P
Re: (Score:2, Informative)
Oh yeah, I'm going to install iOS 10 on my iPhone 4 - NOT!
Re: (Score:3)
Considering the iPhone 4 was released sometime in ... 2010, it might be worthwhile to upgrade. 7 years of improvements (there's more years ahead of it than behind it - as the first iPhone came out in 2007).
And last I saw, 90% of users were running some form of iOS 10, with 9.5+% using iOS9 The remaining 0.5% were left as "other" (iOS 8 and below).
Re: (Score:2)
That model looks generationally underspecced (512MB) to run a modern OS.
e.g. when MS promised to upgrade all the 8.x Lumias to Windows 10, they revised that to only ones with a gig of RAM.
To that extent, maybe upgrading isn't advisable.
Re: (Score:2)
Are there statistics on this? I know a lot of people who aren't on the most recent release either because they are too worried that their phone will slow down or because they can't clear off enough free space on their phone to undergo the upgrade process.
Re: (Score:1)
Yes there are [apple.com]. 95% on at least the penultimate version, with the vast majority of those on the latest version.
Re: (Score:2)
Yeah, kind of what I expected. It still shows 1 in 5 people aren't on the newest version, which is not insignificant. Probably not anywhere near as bad as Android, but still not as good as I would hope.
Re: (Score:1)
Yes, the Android situation is much different. [android.com] I presume this is carrier indifference more than user indifference. One good thing about the Apple situation is that Apple does not give the carriers any control. And of course the manufacturer control is also not an issue, obviously.
DDOS 911 (Score:2)
Re: (Score:1)
There's not much to sell. It's a single line of HTML. It was fixed in 2008, but somehow briefly resurfaced in iOS 10. Its fixed now.
Re: (Score:2, Insightful)
Re: (Score:1)
Errr...so you are saying they might coordinate a mass pork barbecue attack? Those bastards!!
Re: (Score:3)
It's true that they inherited a good security design from BSD, but they did some of their own thinking and it was one example of where the engineers and architects actually convinced Steve Jobs he was wrong - having a protected Applications folder, and requiring privilege escalation to install software. He thought they were nuts at the time, but in an interview much later he recounted how Avie Tevanian convinced him that it was necessary, and that Jobs was immensely thankful that he did.
Re: (Score:2)
Run an install of a PKG without putting in a password, or run something that you just downloaded from the internet without being prompted about it (unless you specifically disabled that check, in which case you deserve to be exploited.)
Hint: it won't let you.
420 departments? (Score:1)
all in WAshington state and Colorado, I assume
Not an exploit (Score:5, Insightful)
This is not an exploit. It is an app that asks for the user to give it permission to make phone calls, which the user grants. Then the app calls 911.
There is nothing about iOS that is "exploited" to make this happen. The only thing that is exploited is user stupidity, which should come as no surprise given that education is the least important priority in the US.
Re: (Score:2)
The only thing that is exploited is user stupidity, which should come as no surprise given that education is the least important priority in the US.
- Stupid is world wide. It is a human experience. It is not part of American Exceptionalism.
- You can never beat the stupid out of people. Whenever you feel you've made progress, the Universe wops you on the head. Stupid always wins.
- Stupidity and education are orthogonal concepts. You cannot educate your way out of stupidity.
- Murphy was an optimist.
Re: (Score:1)
All hogwash. The fundamental problem is lack of education, which is perpetuated by the entrenchment of white male privilege which serves itself by keeping women and minorities oppressed. White men basically create the undereducated classes that are victims of social exploitation. It's convenient for the white male power class to create a class of victims, blame them for their own victimhood, and then hook them with the promise of delivering them from their victimhood, which that power class created in the f
Re: (Score:2)
What version of Android are you using?
Lineage OS (nougat) has a feature called privacy guard that explicitly asks you when an app wants to access resources.
Not just 911 at risk (Score:1)
Imagine a robo-call-DDOS attack on certain lawmakers' phones during a crucial debate, denying those lawmakers input from consituents?
Imagine an attack on a company, either to force them to spend money they wouldn't have to spend, to embarrass them, or to distract them from doing things that would compete with another company in which you ("you" being a corrupt person, company, or government) has an interest in.
Re: (Score:2)
I had the same problem while trying to call in a wreck on California's SR 17. I gave up trying to call 911 when a volunteer firefighter happened to come upon the scene and after verifying that everybody was okay, called it in on his radio. If you can't rely on critical safety systems to actually work in a real emergency, then what's the point of even having them? From an outsider's perspective, our 911 system appears to be a train wreck and should probably be scrapped outright and replaced with somethin
I have a solution (Score:2)
(This post is a joke btw, just in case you're an idiot)
DDoS protection (Score:2)
just 420 are believed to have implemented a cybersecurity program designed to protect them from this kind of attack
How can they protect against a DDoS? I assume the protection must let legitimate call pass through, but how can they be recognized?