Back in October, 18-year old Meetkumar Desai was arrested after software he allegedly wrote—which allowed iPhones to continuously call 911 over and over again—resulted in attacks that overwhelmed 911 call centers across a dozen states.
This was possible due to a flaw in iOS that would allow users to tap a phone number and immediately dial it. Desai’s software allegedly utilized this flaw—if one clicked on a malicious link from Twitter, they would dial 911 without even realizing. When weaponized, this could allow callers to repeatedly dial 911 without knowing, clogging up call centers and putting lives at risk.
Obviously, this was very bad. As a result, there is now a change in iOS 10.3 that requires users to always hit a confirmation before dialing a call can take place.
Apple says it initially worked with app developers to fix the vulnerability, and this update will now prevent it from happening even on apps that hadn’t already fixed the issue.
Mobile carriers and phone makers are having to grapple with various attacks targeting the 911 system. Earlier this month, “ghost calls” made from T-Mobile phones flooded 911 call centers in Texas. That attack has been linked with two deaths; the cause of those attacks still isn’t known. AT&T customers also faced 911 outages in more than a dozen states this month.
The iOS update obviously fixes this specific problem, but larger infrastructural problems with the 911 system (and the lack of security to prevent automated attacks) still exist. The Journal reports that the Department of Homeland Security is working on ways to identify and block calls aimed at taking down the 911 system.