An Arizona teenager named Meetkumar Hiteshbhai Desai was arrested by the Cyber Crimes Unit of the Maricopa County Sheriff’s Office, after he shared a link to a Javascript exploit that forced iPhones to call 911 repeatedly. The link was clicked 1,849 times, triggering over 100 ‘hangup calls’ to the 911 dispatch center in Surprise, Arizona, within a matter of minutes. The Maricopa Sherrif’s Office says that put the center in “immediate danger of losing service to their switches.”
Large volumes of fraudulent calls were also directed to the Peoria, Arizona police department and to the Maricopa County Sherrif’s office, also threatening 911 service in those areas. Other fake calls were also reportedly directed to agencies in California and Texas.
Get Data Sheet, Fortune’s technology newsletter.
Desai has been charged with 3 felony counts of computer tampering, though he told the Sherrif’s office that he distributed the exploit accidentally. Desai told investigators in part that he was researching bugs to turn over to Apple as part of its bug bounty program, announced at the Black Hat conference this summer.
Desai told investigators that while working to exploit a bug discovered by an acquaintance online, he developed two versions of the malicious JavaScript code—one that opened popups and executed other annoying commands on a phone that accessed it, and another that commanded the phones to repeatedly dial 911. He told investigators that he had intended to share the less-malicious version of the exploit as a kind of prank, but accidentally shared the 911-dialing version instead.
For more on cybersecurity, watch our video:
However, Desai also admitted, in the Maricopa Sherrif’s words, that he “developed these malicious bugs and viruses to be recognized in the hacker and programming community as someone who was very skilled.”
The incident, while haphazard and small scale, points to a much larger threat. Researchers demonstrated in September that only 6,000 phones affected by a similar hack could cause major disruptions to 911 services across a mid-sized U.S. state. 911 systems are particularly vulnerable because the FCC requires that mobile 911 calls be exempted from certain kinds of service filtering. Some forms of malware can even generate audio content with the calls, making it very difficult for call centers to distinguish between legitimate and fraudulent calls.
