iOS vulnerability causes iPhones to repeatedly call 911 after retrieving malicious link
One Arizona teenager is in a heap of trouble with the Maricopa County Sheriff’s Department over a link on a Twitter page that ended up nearly incapacitating 911 service for the city of Surprise.
18-year-old Meethkumar Hiteshbhai Desai is charged with three counts of felony computer tampering and is alleged to be responsible for hosting a link and, on Tuesday night, distributing it on Twitter. Tapping on it caused “iOS cell phones” to call 911. Over. And over. And over. At least one user reported that they “dialed in” to police 19 times.
According to the Sheriff’s Department, Surprise Police Department took in more than 100 calls in minutes, quick enough for the service to be “in immediate danger of losing service to their switches.” Surrounding police departments and ones in California and Texas also were affected.
After tracing the link to its host site owned by a “Meet Desai,” MCSD tracked the teen’s social media accounts and identified him as the culprit. When questioned, Desai said that one of his friends sent him code that he thought the two could work on with the hopes of exposing an exploit and reporting it to Apple to claim a bounty.
Meet looked at the bug and discovered that he could manipulate the function and add annoying pop ups, commands to open email, and activate the telephone dialing feature on [iPhones] by utilizing a java script (sic) code that he created. Meet claimed that his intention was to make a non-harmful, but annoying bug that he believed was “funny”.
Desai worked one version of the bug to dial 911 among other versions with other phone numbers and tasks. While he knew that pushing that critical bug would make waves and get him in legal trouble, the hacker claimed that he published that link by accident.
That accident could cost him fifteen years in prison, five years per Class 2 Felony count.