Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Text Message Can Crash An iPhone and Force It To Reboot

Posted by Soulskill on from the easy-way-to-get-your-kids-to-put-the-phone-down dept.

DavidGilbert99 writes with news that a bug in iOS has made it so anyone can crash an iPhone by simply sending it a text message containing certain characters. "When the text message is displayed by a banner alert or notification on the lockscreen, the system attempts to abbreviate the text with an ellipsis. If the ellipsis is placed in the middle of a set of non-Latin script characters, including Arabic, Marathi and Chinese, it causes the system to crash and the phone to reboot." The text string is specific enough that it's unlikely to happen by accident, and users can disable text notification banners to protect themselves from being affected. However, if a user receives the crash-inducing text, they won't be able to access the Messages app without causing another crash. A similar bug crashed applications in OS X a few years ago.

9 of 248 comments (clear)

  1. Re:Lol by Anonymous Coward · · Score: 5, Insightful

    it's a parsing bug, what difference would sanitizing user input make...

  2. Re:I am amazed by phishybongwaters · · Score: 4, Informative

    Yes, technically there is a way to execute phone specific code with specially crafted text messages. This is not doing that. It's not executing a program. The system is trying to abbreviate the contents of the message to display in a notification banner or on the lock screen through a widget (or whatever apple calls them). The system is doing something it's designed to do, but due to lack of foresight or just shoddy development, they never bothered testing this with special characters. And some clown obviously found the bug. This is actually pretty big. So in the past few months I've learned about 3 important issues with IOS devices, even those running the current release: 1)They are still including a chinese root cert that has been delisted for handing out forged google certs, and who knows what else. 2)A specially crafted access point being in range of your IOS device can cause it to become unstable and eventually crash, even if you have not connected to that network 3)A specially crafted text message can crash your phone upon receiving it. Lets be clear, I'm not saying Android doesn't have some major issues as well, so don't try to fanboy me. But this is not what I expect from Apple. This is just bad. Lack of sanity testing? Keeping their users at risk seemingly just to say FU to google?

  3. My friend knows about this... by ThatsDrDangerToYou · · Score: 4, Funny
    His name is Bobby Tables.

    https://xkcd.com/327/

    I still laugh at this... am I an idiot? Don't answer that.

  4. Re:Lol by omnichad · · Score: 4, Insightful

    Sanitize a language people use for actual communication? The text shouldn't have to change. This is a case of bad coding and nothing more.

  5. Re:Is it 2013 again? by hippo · · Score: 4, Interesting

    No, it's 1985 again. Or even earlier. 1985 was when I found out an escape sequence that would reboot the HP100 portable computer my boss used to access the message system on the HP 3000 minicomputer. Cue me sending an email with it in the subject. The reboot took so long the messaging system logged you off and handily when you log in it prints the subjects of your unread emails and around you go again.

    This kind of stuff never gets old.

  6. Re:But Macs "just work", right? by RavenLrD20k · · Score: 4, Insightful

    Never. Ever. Do. That. Again.
    Or I will mark you as a troll if I have mod points. And frankly, I hope somebody does that to this one.

    If you're going to post an informative link from Wikipedia, go straight to Wikipedia; not that wikiwand crap. Using that link to a site pushing a formatting extension that changes the way wikipedia's UI format looks is trolling for users to hijack with a MitM attack. This is fucking /. The general population knows better than to install random extensions from unverified sources. Go pedal your crapware on reddit.

  7. Re: Lol by Anonymous Coward · · Score: 5, Informative

    It's not a special character that needs escaping. It's a character that needs multiple bytes to specify the code point. The parser just isn't handling the fact that you can't just crop a character mid code point - it's operating at the byte level when it should be operating at the code point level during a crop operation.

  8. Re:I am amazed by Rei · · Score: 5, Interesting

    It's not that NSString itself is broken, it's that the fact that 99.99% of the time an NSString is one 16-bit code unit per glyph that apps using it rarely test the use case where it's two code units per glyph. So a person goes in and writes an app that inserts a new character at a particular byte offset and it works 99.99% of the time, but if it happens to get stuck in the middle of a multi-code-unit glyph, the program breaks.

    The documentation is no help. First off, it lies:

    Conceptually, a CFString object represents an array of Unicode characters (UniChar) along with a count of the number of characters. The [Unicode] standard defines a universal, uniform encoding scheme that is 16 bits per character.

    As we all should know, that's simply not true. Unfortunately, a lot of people don't know better. Unicode is not a universal, uniform encoding scheme that is 16 bits per character. Even UTF-16 isn't that.

    A string object presents itself as an array of Unicode characters . You can determine how many characters a string object contains with the length method and can retrieve a specific character with the characterAtIndex: method. These two “primitive” methods provide basic access to a string object.

    characterAtIndex returns a 16-bit integer. So obviously it has no way to actually represent wider unicode characters. The length method is not the number of characters on the screen, but the number of code units, which is different, but highly misleading to programmers. They're, again, the same thing 99.99% of the time, but those rare cases where they're not generally slip through testing. And this is why UTF-16 is such a hazardous encoding to use.

    Yes, NSString is old. And that's part of the problem. It was made at a time where many thought that unicode was only going to be 16 bits. It hasn't aged well. And it's caused a lot of bugs over its time. And now I'd bet that it or something similar has created a brand new iPhone-equivalent of Winnuke.

    Programmers really need two types of strings, and only two, for the lion's share of tasks. One, binary strings, where a char is always 8 bytes and operations can be optimized to heck and back. And two, unicode strings, where a char always represents a whole unicode character that you would display, and the count of characters represents the count of display characters and so forth. None of this "99.99% of the time it's one thing, but every so often it's another...". That's asking for bugs.

    --
    POTUS Witch Hunt tracker: 75 charges filed against 19 witches, 4 witches cooperating and 5 witches have pled guilty.
  9. Re:Did they already fix this? by Just+Some+Guy · · Score: 4, Funny

    I immediately tried to crash every phone of every coworker who has an iPhone within earshot of me and it didn't work.

    I too enjoy getting fired over stupid shit. Do you have any other suggestions I might try?

    --
    Dewey, what part of this looks like authorities should be involved?