Industry News

Now Twitter and Snapchat get stung by the iPhone text crash

Over the last few days, pranksters have been having a merry old time annoying the hell out of iPhone users by sending them a specially crafted text message that can cause devices to suddenly crash.

The message, which I’ve decided – in the time-honoured tradition of keeping threats in sane proportion – to call the “iPhone text of doom”, involves a sequence of Unicode characters as you can see in the following YouTube video:

Yes, if you’re unfortunate enough to receive the following text as an iMessage, and have configured your device to show a pop-up notification on receipt of new messages, you’ll find yourself looking at a rebooting iPhone.

iphone-msg

As The Guardian reports, the boobytrapped message can also wreak havoc for users of the official Twitter app, if they have been configured to display notifications of new messages sent via direct message or public mentions.

Additionally, teen favourite Snapchat is also susceptible, with iPhones reportedly crashing when users attempt to read chat messages sent containing the poisoned sequence of characters.

As with the problem affecting iMessage, the nature of the problem is such that just checking your history of chats will result in crashes time and time again as the app attempts to render the message, preventing the user from safely deleting it.

It’s important to understand what this bug is, and what it isn’t. It isn’t a way to infect your iPhone with malware, and it’s not a way to steal your personal information or private photos.

Instead, it’s a way of hitting specific iPhone users with a targeted and limited denial-of-service attack. My guess is that it has been mostly used as a prank or tried by the curious who have read the news reports, but the opportunities for it to be exploited in a way which could make criminals hard cash appear to be remote.

Nonetheless, it’s clear that if received at the wrong time, a prank message like this could do a lot of harm and is no laughing matter. Between consenting friends it probably doesn’t cause any harm, but if you decide to use it against someone without their permission – well, that’s not an acceptable way to behave.

So I was disappointed to see that one chap who probably should know better has already created a website that claims to send the boobytrapped text message on your behalf to iPhone users.

kill-my-iphone

A message on the site says that it only works in the United States, and reminds users (presumably in an attempt to avoid any legal fallout) that it “should only be used on a phone you have permission using it on. The developer takes no responsibility for any damage.”

Frankly I’m unclear why anyone would create a website like this, other than as a blatant attempt to gain some attention. It’s already known that the boobytrapped text messages can cause iPhones to crash, we hardly needed a website that put the power into even the hands of those who were incapable of cutting and pasting the sequence of characters off a social networking site.

You can probably imagine just how many teenagers are merrily sending the message to each other right now, thinking it’s a right laugh. In fact, you don’t have to imagine. John Scammell, a high school math teacher in Edmonton, Alberta, got in touch with me via Twitter hoping that Apple will roll out a proper fix quickly.

While we’re all waiting for Apple to come out with a fix, remember this: Apple has had problems like this before.

In fact, when the Cupertino-based firm released iOS 8.2 earlier this year, one of the security fixes it included was for a vulnerability that could allow attackers to restart your iPhone with a malicious Flash SMS.

And back in August 2013, iOS and OS X were both revealed to be vulnerable to a flaw that saw Arabic characters crashing smartphones and computers.

Apple will surely roll out a fix for this particular bug shortly, and in the meantime has published instructions on how to get things back up and running if you receive the dodgy message.

Amusingly, their advice involves telling Siri to fix it for you:

  1. Ask Siri to “read unread messages.”
  2. Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.
  3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread.

Of course, that doesn’t prevent you from being hit by the problem again if some ne’er-do-well sends you another “iPhone text of doom”. Maybe then, the best advice of all, is to turn off the notifications altogether – and pray that Apple fixes the problem once and for all in its forthcoming update.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment