Teenager arrested for sharing exploit that disrupted the 911 emergency call system
An 18-year-old teen from Arizona was arrested by the local police following a major disruption of 911 emergency systems caused due to one of his iOS exploits that made random blank calls to the emergency number.
The teenager, Meetkumar Hiteshbhai Desai who discovered an iOS vulnerability stands indicted of sharing a link to a Javascript exploit that forced iPhones to repeatedly dial 911, according to a press release published by Maricopa County Sherrif’s Office on Thursday. According to authorities, Desai shared the critical iOS exploit on Twitter with over 12,000 followers, out of which more than 1,849 clicked on that link, activating over 100 ‘hangup calls’ to the 911 dispatch center in Surprise, Arizona, within a matter of minutes.
The Maricopa Sherrif’s Office says that the volume of the calls allegedly put the responders and authorities in “immediate danger of losing service to their switches.” The police have disclosed that the hack affected services in the Phoenix metro area, parts of California and Texas.
The authorities identified Desai as the possible suspect behind the attack against the 911 service and took him into custody late last Wednesday. Desai was arrested on three counts of computer tampering, two of which incorporate class 2 felonies, as the 911 system is considered critical infrastructure. However, he told the Sherrif’s office that he accidentally published a link to an exploit that caused iOS devices to dial 911 and hang up continually.
A press release from the Maricopa County’s Sheriff’s Office said: “The Surprise Police Department received the over (100) hang up 911 phone calls within a matter of minutes due to this cyber-attack and were in immediate danger of losing service to their switches. The Peoria Police Department and the Maricopa County Sheriff’s Office also received a large volume of these repeated 911 hang up calls and had the potential danger of losing service throughout Maricopa County.
“Sheriff’s Detectives were able to identify ‘Meet’ as the suspect behind the 911 disruption and was taken into custody and transported him to the Major Crimes Division for questioning late last night. Meet explained to Sheriff’s detectives that he was interested in programs, bugs, and viruses which he could manipulate and change to later inform Apple about how to fix their bug issues for further iOS updates. He claimed that Apple would pay for information about bugs and viruses and provide that particular programmer with credit for the discovery.”
Desai revealed that he had been provided with the details of the bug by an online friend. He reportedly developed two versions of the said malicious JavaScript code—one which made the phone calls and another that opened popups and executed other “annoying” commands on a phone that accessed it. Desai said that he had intended to share the less-malicious version of the exploit as a kind of prank, but accidentally shared the 911-dialing version instead. The malicious code was published through a Twitter account and a YouTube channel, which were traced back to Meet Desai, and it was hosted on an URL called “The real hackspot”, which was also linked to Meet’s website.
On further interrogation, Desai also admitted, in the Maricopa Sherrif’s words, that he “developed these malicious bugs and viruses to be recognized in the hacker and programming community as someone who was very skilled.” He also claimed that he wanted to report bugs to Apple and get paid.
Source: IB Times
