ChaiOS bug: iPhone flaw means a single text message can completely crash a phone, security researcher claims

It's not the first time that iPhones have been found to be vulnerable to an apparently innocent string of letters

Andrew Griffin
Thursday 18 January 2018 06:20 EST
Comments
(REUTERS)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A "text bomb" can crash any iPhone or Apple computer, according to a security researcher.

All that is required is for a phone to be sent a text message that contains a link to the bug's code, security researchers claim. When that happens, the Mac or iOS device that receives it crashes, and may even need to restart.

It's not the first time that iPhones have been found to be vulnerable to a text message that could cause it to break. While the issue isn't strictly a security problem – it doesn't give access to anything sensitive on the phone, and doesn't break it permanently – it can be annoying and worrying to anyone who receives it.

Software developer Abraham Masri initially posted a link to the code on programming site GitHub but has since removed it, saying: "I made my point. Apple need to take such bugs more seriously."

He said he had reported the bug to Apple before releasing it online, but its removal means malicious messages can no longer be sent linking to it.

The tech giant has not yet commented on the issue.

The flaw has been named ChaiOS - a play on the words chaos and iOS, Apple's mobile operating system - but is regarded by security experts as a "nuisance" rather than dangerous.

Industry expert Graham Cluley said: "Something about the so-called ChaiOS bug's code gives your Apple device a brainstorm. Ashamed about the mess it gets itself in, Messages decides the least embarrassing thing to do is to crash.

"Nasty. But, thankfully, more of a nuisance than something that will lead to data being stolen from your computer or a malicious hacker being able to access your files.

"Don't be surprised if Apple rolls out a security update in the near future to fix this latest example of a text bomb."

The flaw is similar to the Effective Power bug which hit iPhone devices in 2015, when a set of characters sent as a text message could cause an iPhone to reboot.

Additional reporting by Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in