iOS 10.3 fixes bug that enabled 911 ‘cyberattacks’

By

iPhone 911
iPhone users are at risk without this feature.
Photo: Ste Smith/Cult of Mac

Apple’s latest iOS 10.3 update fixes a bug that enabled “cyberattacks” on 911 centers across the United States.

The flaw, which was first discovered by an Arizona teen last October, led to repeated calls to the emergency services with just one tap.

The Wall Street Journal reported the problem in a story titled, “The Night Zombie Smartphones Took Down 911.” It details the vulnerability discovered by 18-year-old Meetkumar Desai, which takes advantage of an iPhone feature that allows users to call a number simply by tapping it.

Desai took advantage of this and wrote a simple piece of code that caused the iPhone to place repeated calls to 911. His code was shared on social media, and unsuspecting iPhone users tapped it. It resulted in thousands of bogus calls to 911.

Centers in at least a dozen states were “overwhelmed” by the deluge, and Desai was later arrested and charged with four felony counts of computer tampering. Now WSJ reports that Apple has made changes to its software to ensure it can’t happen again.

Instead of calling a number automatically when it is tapped, iOS now prompts users for confirmation. It means accidental calls cannot be placed, and there’s no chance the calls can be repeated.

Apple had previously addressed this by working with app developers to eliminate the vulnerability in their own apps. But with this change to iOS, the issue is eliminating entirely at system level, so apps no longer need to be updated.