Thursday, May 28, 2015

A text message to reboot your iPhone

Got an iPhone? Have friends (or kids) with a prankster streak? You might want to disable notification previews for SMS messages.
Got an iPhone? Have friends (or kids) with a prankster streak? You might want to disable notification previews for SMS messages.

An individual noticed on Tuesday that his iPhone rebooted after receiving an unusual text message. He posted a question about it on Reddit, and word quickly spread. The British technology publication The Register has a nice write-up on what it actually happening; the simple description is this:

When your iPhone attempts to display certain Unicode text (i.e. text using some international character sets), it triggers a flaw in the text processing library, causing the active app to crash. If that app is a core part of the operating system, that crashes the phone, causing a reboot.

Receiving an SMS message, or possibly a Twitter DM, causes the message to be shown in a "notification," a message preview on the lock screen or the top of the screen. Notifications are part of the operating system core, thus crashing the phone.

It doesn't damage the phone permanently, and it doesn't give an attacker control over your phone, so in the long run it's a pretty mild problem. In the short term though, lots of middle school kids (and middle schoolers at heart!) are pranking one another or their parents by sending an SMS message.

Apple has not released an update to fix this, though they have acknowledged the problem. A temporary solution is to disable notification previews. From the iOS "Settings" menu, select "Notifications", then "Messages," and set "Show Previews" to "Off."

This will prevent iMessages from displaying SMS messages previews in the notifications panel or lock screen and crashing the phone. It won't keep the iMessages app itself from crashing if you open a pranked message though. For that, you'll need the offending sender to send you another message, pushing the exploit string off the top of the list; or send yourself a message from another device or app (i.e. send yourself an image using the photo app instead of the iMessage app).

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.