9-1-1 DDoS: Attacks, Analysis and Mitigation

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Scopus citations


The 911 emergency service belongs to one of the 16 critical infrastructure sectors in the United States. Distributed denial of service (DDoS) attacks launched from a mobile phone botnet pose a significant threat to the availability of this vital service. In this paper we show how attackers can exploit the cellular network protocols in order to launch an anonymized DDoS attack on 911. The current FCC regulations require that all emergency calls be immediately routed regardless of the caller's identifiers (e.g., IMSI and IMEI). A rootkit placed within the baseband firmware of a mobile phone can mask and randomize all cellular identifiers, causing the device to have no genuine identification within the cellular network. Such anonymized phones can issue repeated emergency calls that cannot be blocked by the network or the emergency call centers, technically or legally. We explore the 911 infrastructure and discuss why it is susceptible to this kind of attack. We then implement different forms of the attack and test our implementation on a small cellular network. Finally, we simulate and analyze anonymous attacks on a model of current 911 infrastructure in order to measure the severity of their impact. We found that with less than 6K bots (or $100K hardware), attackers can block emergency services in an entire state (e.g., North Carolina) for days. We believe that this paper will assist the respective organizations, lawmakers, and security professionals in understanding the scope of this issue in order to prevent possible 911-DDoS attacks in the future.

Original languageEnglish
Title of host publicationProceedings - 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017
PublisherInstitute of Electrical and Electronics Engineers
Number of pages15
ISBN (Electronic)9781509057610
StatePublished - 28 Jun 2017
Event2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 - Paris, France
Duration: 26 Apr 201728 Apr 2017

Publication series

NameProceedings - 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017


Conference2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017


  • DDoS
  • PSAP
  • TDoS
  • anonymized attacks
  • baseband
  • botnet
  • cellular
  • e911
  • emergency services
  • smartphone

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Law


Dive into the research topics of '9-1-1 DDoS: Attacks, Analysis and Mitigation'. Together they form a unique fingerprint.

Cite this