Making Emergency Calls More Secure
“We’ve been doing this type of work for more than 10 years — finding problems in networks and coordinating with companies,” Tu said. “If we find vulnerabilities, they will pay attention and work to find remedies.”
“Our work has been recognized by AT&T, and we hope other operators also will make efforts to address the vulnerabilities,” Xiao said, referencing the AT&T security award this work has earned. “Meanwhile, we want people to realize that 911 calls are not always secure and to think about backup solutions if a 911 call does not go through.”
The MobiCom conference, hosted by the Association for Computing Machinery, also awarded the team a best community paper runner-up honor for contributions to the research community. Joining the MSU research group on the MobiCom project were researchers from Purdue University, the University of California, Los Angeles and National Yang Ming Chiao Tung University in Taiwan.
Earlier this month, NSF announced the $1.2 million award that will enable MSU and Purdue University to continue their work in identifying and remedying security loopholes. MSU is the lead institute. Tu will lead the MSU team with co-investigators Xiao and Jiliang Tang, an MSU Research Foundation Professor. Chunyi Peng, an associate professor of computer science, will lead Purdue’s cohort.
The Road to Hacks Is Paved with Good Intentions
In the U.S., the Federal Communications Commission has enacted regulations to make it as easy as possible for anyone with a cellphone to contact 911 in an emergency.
Even if you haven’t needed to make an emergency call before, you may have some familiarity with this. Folks may have noticed “Emergency Calls Only” or similar text on their phone screens even when they can’t make other calls.
“This regulation significantly improves the availability of 911 service in the U.S.,” Tu said. “For example, if you’re a cellular user and you cannot receive cellular signals from your network in the suburbs, you are still allowed to dial a 911 call through other cellular networks, even if your network operator does not have a roaming agreement with them.”
This got Tu and his team interested in how U.S. cellphone services are designed to comply with regulations. What they found is that adhering to the rules can come at the cost of security. For example, companies can’t apply encryption and integrity protection as they would on nonemergency calls.
“Basically, 911 calls can open a back door,” Tu said.
With the door open, Tu’s team showed that attackers could anonymously steal cellular data from providers or spam cellular devices, resulting in data overage charges for customers.
The researchers also showed that attackers can obtain, copy and transmit information from a legitimate 911 call, enabling them to launch a variety of denial of 911 service attacks.
For example, using what’s called a phone-detaching attack, bad actors can make it look like two identical calls are coming in from the perspective of a cellular network. To resolve this, the network may reject or terminate the real call while accepting the fake call.
In revealing these security issues and how they can be exploited, the team provided insights to companies to better protect themselves and their customers. But Tu also hopes that his team’s research will inspire regulators to keep cybersecurity in mind going forward.
“We discovered these vulnerabilities exist because international cellular emergency service standards haven’t been carefully reviewed for security when U.S. regulations must be supported,” Tu said. “Our research is not to show the weaknesses of these standards. Our point is that we can do more. We can have cellular availability anytime, anywhere, but we can do it safer.”
With this new NSF grant, Tu and his collaborators will be able to start doing more now.
Matthew Davenport is a strategic science storyteller at Michigan State University.