Apple + Recommended + Software & Apps

Watch Out! This Boobytrapped Text Message Will Turn Off Your iPhone

Posted on May 27th, 2015 by

Watch out! This boobytrapped text message will turn off your iPhone

If you send a specific string of symbols and Arabic characters to another iPhone user, you can really ruin their day.

The problem, which occurs when you receive a notification of a new iMessage either on a locked iPhone or as a drop-down iOS notification, causes iPhones to restart, and is preventing some users from accessing other legitimate messages that have been sent to them.

The sequence of characters needed to remotely reboot an iPhone was posted on Reddit, and — for understandable reasons — has spread like wildfire across the Internet via social networking iPhone users.

Twitter users share the malicious iPhone text message

The following YouTube video shows you what happens (so you don't have to try it for yourself):

The problem appears to be associated with how iOS's banner notifications and Messages app handle the Unicode characters in the boobytrapped message. Clearly, your poor little iPhone has a brainstorm, not knowing how to handle the display of the non-alphabetical characters properly and decides the best policy is to quietly fall over, restarting your "smartphone."

If Apple's engineers had properly handled the exception error caused by the clearly unexpected unicode characters, then things would have been a whole lot more graceful.

For anyone who is having trouble getting their iPhone to work again properly, MacRumors has some suggestions on how to get back into your Messages app. Of course, there's nothing stopping someone from sending you the message again. Sigh...

However, if your iPhone is getting bombarded with the new Unicode crash message, security guru Mikko Hypponen tweeted this recommendation:

This is a salutary reminder that all complex code contains bugs and flaws — some more serious than others — and even a shiny new Apple device may have lurking within it undiscovered vulnerabilities that others could exploit if they were so minded.

According to some reports, the current "message of death" has been present since iOS 6.0. Now, of course, the onus is on Apple's engineers to release a security update as quickly as possible — before too many people start pranking each other by remotely rebooting iPhones through malicious messages.

If nothing else, as this Twitter user commented, at least it gives everyone who doesn't own an iPhone a reason not to feel envious of their Apple-loving friends.

Tweet from a non-iPhone user

What makes this somewhat embarrassing for Apple is that it has been bedevilled in the past with problems associated with — yes, you guessed it — Arabic characters crashing devices. In fact, back in August 2013, both iOS and OS X had been vulnerable to just such a flaw.

More recently, Apple released iOS 8.2 earlier this year, fixing another vulnerability that allowed attackers to restart your iPhone with a malicious Flash SMS.

It seems to me that Apple's team needs to spend a little more time recognising that they have failed to properly handle these kind of flaws, and that they keep cropping up. Clearly it needs to be more diligent in the future to prevent reoccurrences.

Apple is surely aware of this latest incarnation of the problem, so don't be surprised if a security update is rolled out in the near future. But I wonder if it's the last we've heard of this kind of bug?

Update, July 1: Apple rolled out a security update with the release of iOS 8.4, fixing this bug, as well as a wide range of other issues affecting iOS devices. For more details, see: iOS 8.4 Update Fixes Text Message Bug Causing iPhones to Restart.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • SRM5

    I had this sent to my iPhone and it did absolutely nothing to my phone. Unless it has to look exactly like the example above with the same spacing my seems to have no problem.

    • Joshuha Owen

      Yes it has to have the line breaks exactly right or it won’t work. I had some friends volunteer and until I got the line breaks right it didn’t work.

  • Nicnacnic

    Solution: Ban Arabic.

    No, not really.

  • jonzey231

    I just wanna copy and paste this so I can send it to my mom lol.

  • India Foster

    Power
    لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ

    • Randy Portillo

      How can I prevent this ? I send it to my self how can I get ride of it ?

      • http://www.intego.com Intego

        Apple just posted an advisory with a set of instructions to temporarily solve the bug. https://support.apple.com/en-us/HT204897

        If Messages crashes after receiving the malicious message, Apple’s temporary workaround (until they make a fix available in a software update) is as follows:

        1. Ask Siri to “read unread messages.”

        2. Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.

        3. If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread.

      • 10K3R-EQ LB

        Yoy can do this to fix you phone it work for me Go to settings messages on message history select 30 days and delete old messages and go change ur date and time manual 1 month or two faward and go to ur messages delete ur masages and ur done

        • TC(Krystal❤️)

          It’s not working please help

  • Olivier Morneau

    I’m puzzled as to why, after this became one of the top trending things on the Internet, this particular string of characters isn’t blocked both on the mobile service provider level and in the iMessage app server at Apple??

  • Daddy Pls

    never been happier to have an iPhone 4 😀

  • BMG4ME

    I wonder why Apple isn’t getting the same negative publicity about this that Lenovo got about the System Update issue?

  • Nimsi

    So there’s no way to find out who sent the code to you?

    • abby

      you will receive it from the person when you turn ur phone back on

  • Idk

    Aperently it doesn’t work for android

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}