A simple text message that can crash Apple devices has been sent as a prank by more than a quarter of a million people in the past 24 hours.
The Short Message Service (SMS) text combines two English words “effective. Power” and a string of mostly Arabic script. Because of a vulnerability in the way the iOS operating system handles the encoded characters in notifications, the string crashes Apple iPhones that display the message.
More than 1 million of the SMS texts have been sent in the past 24 hours, according to mobile-security firm AdaptiveMobile. While any vulnerability that allows a system crash holds the potential to be exploitable, no researchers have yet demonstrated that capability.
“While the vast majority of these are probably pranksters, one security concern here is that a hacker can leverage this issue to execute immediate denial-of-service attacks, and that any business with a heavy reliance on iOS could be targeted and blocked from their own devices within a matter of seconds,” Cathal McDaid, head of data intelligence and analytics at AdaptiveMobile, stated in a May 27 blog post.
This is not the first time the iPhone has fallen prey to an attack coming through SMS. In 2009, security researchers Charlie Miller and Colin Mulliner demonstrated an attack on the iPhone 3 that allowed them to take full control of the device by sending special code snippets through SMS.
The current attack, apparently first reported by Reddit users, is caused by a flaw in the way the operating system handles Unicode.
“Basically, the problem arises when they can’t process a specific string of characters; this bug is uninterpretable and because the operating system cannot understand and decide how to decode it, it simply shuts down,” McDaid stated in the blog post.
An Apple spokesperson said, “We are aware of an iMessage issue caused by a specific series of Unicode characters, and we will make a fix available in a software update.”
iPhone users on Reddit have reported that the issue affects any notification with the text appearing on an iPhone, iPod, iPad and even the Apple Watch. eWEEK confirmed that the text message does indeed shut down an up-to-date iPhone.
In some cases, the message will continue to crash the device until another message is sent from the same user. While the SMS message is currently making the rounds, notifications from other apps, such as Twitter, can also reportedly cause devices to crash.
“Due to the volumes and impact on end users, it is likely that Apple will implement change to prevent this happening very soon,” McDaid said.
Until Apple releases a fix for the issues, users should turn off lock-screen notifications for Messages and other apps that display notifications, security experts said.