A bug in Apple’s iOS means that anyone can crash an iPhone by simply sending it a certain string of characters in a message.
The bug – discovered by several Reddit users – means that when the message is received, it instantly crashes the iPhone and causes it to reboot, as long as the recipient is not viewing their message history at the time.
The attack appears to be caused by a glitch in how Apple’s iOS mobile operating system, which runs on the iPhone, iPad, and iPod touch, renders Arabic text.
When a banner alert or notification displays the text message on the lock screen, the system abbreviates the text with an ellipsis. If the ellipsis is placed in the middle of a set of non-Latin script characters, including Arabic, Marathi, and Chinese, it causes the system to crash and the phone to reboot.
The bug requires a particular string of text to be sent within an iMessage or SMS. In attempting to confirm the bug, the Guardian went through 50 variations of the text string before replicating the crash.
A video showing the crash in action.
The text string is particular and is therefore highly unlikely to be replicated by accident. Those worried about being attacked can protect their iPhone from the bug by disabling notification banners. Getting notifications on an Apple Watch also protects the iPhone from the bug. Some users falling victim to the attack have reported that they can no longer access messages. Others have reported that sending a photo to the contact via the Photos app can allow them to access the message history and delete the conversation, clearing the source of the crash.
The bug is being used as a prank, with users taking to Twitter to vent their frustration after crashes. As with any glitch like this, it is possible that hackers could turn the bug into a method of attack beyond simple pranks. This is not the first bug causing similar issues on Apple devices, including apps on Macs, to be exposed.
Bugs within third-party apps have also caused similar problems for iPhone users, including Snapchat, which allowed attackers to flood devices with information causing them to crash.
