The Rave Panic Button app, designed to allow businesses to summon emergency services, allows miscreants to easily ‘swat’ targets by making false reports of emergencies says security researcher Randy Westergren. The app, which has a small install base of up to 10,000 users, has shuttered the holes Westergren identified. The vulnerabilities allowed businesses to place a series of rapid 911 calls reporting active shooters, fires and other threats. Because it’s aimed at businesses, the app also sends emergency services building plans and alerts staff to threats. Westergren says the app could therefore cause plans to be sent to unknown parties, and staff spooked by phantom emergencies. Westergren found serious holes in the app that allowed external attackers to lodge false emergency call outs, an act similar to swatting – maliciously summoning SWAT teams – if attackers were to select the app’s active shooter option.
Original source: The Register
View full story