An Arizona teen is facing charges after his proof-of-concept of an iOS exploit caused a number of iPhones to call 911. The Maricopa County Sheriff’s Office reported one police department was “in immediate danger of losing service’ to its 911 center,” while two others were at risk.
According to the Maricopa County Sheriff’s Office, 18-year-old Meetkumar (“Meet”) Hiteshbhai Desai found a vulnerability in Apple’s mobile operating system and crafted a proof-of-concept exploit to prove it. However, that tool wound up flooding an emergency call center with more than 100 hang-up calls within a “matter of minutes” earlier this week, it is alleged.
While victims of the exploit immediately disconnected the 911 calls as soon as they realized what was happening, it is policy that all disconnected 911 calls need to be investigated, in order to make certain the party that initiated the call is OK. This strained call center and police resources.
Desai found a way to use JavaScript to remotely open popup alerts, open apps, and make phone calls . To demonstrate the exploit, he wrote code to cause affected iPhones to call 911. He felt this was the best way to do a proof-of-concept, in order to collect a bounty offered by Apple. He uploaded the exploit code to his own server, and then shared the link via Twitter and his own YouTube channel. (Both links have since been deleted.)
Desai says he never intended the code to go out into the wild, and he had simply tweeted the wrong link.
“Meet stated that although he did add that feature to the bug he had no intention of pushing it out to the public, because he knew it was illegal and people would ‘freak out’,” the office said.
“Meet stated that he may have accidentally pushed the harmful version of the (911) bug out to the Twitter link instead of the less-annoying bug that only caused pop-ups, dialing to make peoples’ devices freeze up and reboot.”
Desai now faces three felony charges of computer tampering. There’s no word on whether he’ll get the bounty offered by Apple.
(Via 9to5Mac)