Sign Symbol: iOS denial of service

    image

    An unusual bug has been detected in the iOS operating system that leads to a reboot of the device. It is enough to send a special sign from the alphabet of the Indian language Telugu జ్ఞా (“sign”) to the iPhone, after which the device automatically reboots.

    One of the Telugu language characters used in some states in India, the iPhone reboots. If you insert this character in the message text and open it, it will come to reboot the device. Applying this symbol will work with Facebook Messenger, iMessage, WhatsApp, Gmail, Outlook.

    The initial sequence U + 0C1C U + 0C4D U + 0C1E U + 200C U + 0C3E, which is a sequence of Telugu characters, leads to a reboot of the system after being entered into any system text field. The peculiarity of the change of characters leading to the collapse of the system lies in the peculiarities of the Telugu and Bengali languages ​​(and possibly other dialects). The collapse of the transformation of the suffix-connective consonants leads to the collapse - when the second consonant joins the first for combining without significantly changing its shape.

    image

    This is not the first time that iOS crashes due to strange characters, URLs or even videos. Last month, one link could freeze the iPhone (chaiOS bug), this problem was fixed with the release of iOS 11.2.5. In 2015, a similar vulnerability in iMessage led to a reboot of the device. Also, in 2016, a 5-second video caused the device to freeze.

    Processing specific characters or their sequences refers to the so-called "sms of death".

    Such a plan of vulnerability is periodically detected both on various platforms and in specific applications. They can lead to a reboot of the device, freezing, “scorching” or to an incorrect interpretation of the text execution context (like the recent RLO bug in telegram).

    These vulnerabilities appeared long before the era of modern smartphones: such bugs were found in Nokia phones (TP-UD payloads in so-called flash SMS), the classic “% English” vulnerability in Siemens phones, and many other, less well-known.

    Typically, such vulnerabilities do not carry a harmful load, but are widely used in pranks and usually have a sociotechnical distribution vector.



    Bonus for linguistic hackers: parsing the syntax fuzzing of the Bengali dialect, leading to a similar problem by reference .

    Also popular now: