Emergency call
A teen who hacked the 911 system in Phoenix was sentenced to three years of probation. Paul Brennan/Public Domain Pictures

A 19-year-old was sentenced to three years of probation for discovering and exploiting a security flaw that resulted in a significant disruption for 911 emergency operating systems in several major cities in Arizona.

The teenager pled guilty to one count of computer tampering for his actions, which interrupted the 911 call centers in Phoenix, Scottsdale, Glendale and Mesa, Arizona nearly one year ago. As part of the probation sentence, law enforcement will be able to monitor the teen’s computer activity.

What resulted in the three-year probation began as something much more innocent. The teen, who was originally identified as an iPhone app developer by law enforcement, was interested in how applications and computer programs worked.

In particular, the teen was interested in working for Apple and had imagined discovering and reporting security flaws to the tech giant. Apple often provides credit for the discovery of flaws and other vulnerabilities in the documentation of its updates, and the teen wanted to responsible for solving a problem for Apple.

It’s not clear if that was in the back of his mind when he and a friend came across a flaw in iOS that would allow him to, according to the police report from the Maricopa County Sheriff’s Office (MCSO), “add annoying pop ups, commands to open email, and activate the telephone dialing feature on iOS cell phones by utilizing a JavaScript code that he created.”

While the teen claimed he wanted to use the flaw in a way that would be annoying but “non-harmful,” he ended up leaving the territory of prank and entering the territory of felony when he included a 911 phone number in his script.

The teen claimed the addition of the 911 number was an accident but the result was rather serious. The bug created hundreds of ghost calls that would dial 911 and hang up upon the operator answering. At one point, the code crafted by the teen made 100 calls in just 25 minutes.

As a result, 911 operations in a number of cities throughout Maricopa County, Arizona and the surrounding regions were flooded with calls and unable to carry on standard operations. The issue plagued cities for as long as two days, between October 24 and October 26, 2016.

Law enforcement relatively quickly tracked down the teen responsible for the apparently accidental attack, as the code was hosted directly on his website.

The teen had spread the link across a number of social media platforms, including several Twitter accounts and in the description of a YouTube video. Whenever a person would click the link, the script would run and the police would receive a hang up call.

Despite the attack being made public, the teen claimed he never intended for it to be exploited in such a way. Arizona Attorney General’s office said the teen “cooperated with authorities, expressed remorse and had never been in trouble before.”