A team led by Michigan State University researchers has earned a $1.2 million National Science Foundation grant to continue shoring up the security of cellular 911 calls.
As the nation’s cellular networks and technological infrastructure advance, customers are treated to better coverage and faster service. On the flip side, these changes also can create new opportunities for cybercriminals to exploit unforeseen gaps in security.
Researchers in the College of Engineering at MSU have been particularly interested in what that means for the security of cellular 911 calls.
“The average person isn’t calling 911 a lot, but if they can’t connect, it can lead to some very bad situations,” said Guan-Hua “Scott” Tu, an assistant professor in the Department of Computer Science and Engineering.
“Emergency networks are critical, so it is extremely urgent to ensure security and eliminate any potential negative impacts,” Tu said. “This project aims to advance the technology for safeguarding next-generation services over cellular networks from design to practice.”
This grant will allow Tu and Li Xiao, an MSU professor of computer science and engineering, to continue and expand their work in making cellular 911 calls more secure. In October 2022, Tu and Xiao’s team presented work titled, “Uncovering Insecure Designs of Cellular Emergency Services (911),” at the 28th Annual International Conference on Mobile Computing and Networking, or MobiCom.
This presentation revealed vulnerabilities in the systems the U.S. has in place to enable anyone to easily connect to emergency services from their cellphone. The team showed those vulnerabilities could be exploited to create a variety of problems, such as letting attackers steal cell services, spam customers and even block callers from reaching 911 operators.
“What we’ve shown is that we need to pay more attention to how we’ve designed our services and make sure there are no problems,” Tu said.
“It really surprised me when we found out an attacker can cause a legitimate 911 call to be denied or disconnected,” Xiao said. “However, we are in a computing-centric time and all human activities are supported by wired and wireless networks and data centers. I expect that more security loopholes will be discovered as digital infrastructure in society continues to grow and advance.”
Thanks to the team’s history in the field and its relationships with cellular providers, the researchers were already working with companies to remedy those security issues before their October presentation.
“We’ve been doing this type of work for more than 10 years — finding problems in networks and coordinating with companies,” Tu said. “If we find vulnerabilities, they will pay attention and work to find remedies.”
“Our work has been recognized by AT&T, and we hope other operators also will make efforts to address the vulnerabilities,” Xiao said, referencing the AT&T security award this work has earned. “Meanwhile, we want people to realize that 911 calls are not always secure and to think about backup solutions if a 911 call does not go through.”
The MobiCom conference, hosted by the Association for Computing Machinery, also awarded the team a best community paper runner-up honor for contributions to the research community. Joining the MSU research group on the MobiCom project were researchers from Purdue University, the University of California, Los Angeles and National Yang Ming Chiao Tung University in Taiwan.
Earlier this month, NSF announced the $1.2 million award that will enable MSU and Purdue University to continue their work in identifying and remedying security loopholes. MSU is the lead institute. Tu will lead the MSU team with co-investigators Xiao and Jiliang Tang, an MSU Research Foundation Professor. Chunyi Peng, an associate professor of computer science, will lead Purdue’s cohort.
The road to hacks is paved with good intentions
In the U.S., the Federal Communications Commission has enacted regulations to make it as easy as possible for anyone with a cellphone to contact 911 in an emergency.
Even if you haven’t needed to make an emergency call before, you may have some familiarity with this. Folks may have noticed “Emergency Calls Only” or similar text on their phone screens even when they can’t make other calls.
“This regulation significantly improves the availability of 911 service in the U.S.,” Tu said. “For example, if you’re a cellular user and you cannot receive cellular signals from your network in the suburbs, you are still allowed to dial a 911 call through other cellular networks, even if your network operator does not have a roaming agreement with them.”
This got Tu and his team interested in how U.S. cellphone services are designed to comply with regulations. What they found is that adhering to the rules can come at the cost of security. For example, companies can’t apply encryption and integrity protection as they would on nonemergency calls.
“Basically, 911 calls can open a back door,” Tu said.
With the door open, Tu’s team showed that attackers could anonymously steal cellular data from providers or spam cellular devices, resulting in data overage charges for customers.
The researchers also showed that attackers can obtain, copy and transmit information from a legitimate 911 call, enabling them to launch a variety of denial of 911 service attacks.
For example, using what’s called a phone-detaching attack, bad actors can make it look like two identical calls are coming in from the perspective of a cellular network. To resolve this, the network may reject or terminate the real call while accepting the fake call.
In revealing these security issues and how they can be exploited, the team provided insights to companies to better protect themselves and their customers. But Tu also hopes that his team’s research will inspire regulators to keep cybersecurity in mind going forward.
“We discovered these vulnerabilities exist because international cellular emergency service standards haven’t been carefully reviewed for security when U.S. regulations must be supported,” Tu said. “Our research is not to show the weaknesses of these standards. Our point is that we can do more. We can have cellular availability anytime, anywhere, but we can do it safer.”
With this new NSF grant, Tu and his collaborators will be able to start doing more now.