People are trolling iPhone users with the ‘killer symbol’ that crashes their apps

Surprise! Assorted jerks on the internet have weaponized the Unicode-based bug we reported yesterday to insta-crash apps running on an iPhone or a Mac. The result is somewhere between the old Alt + F4 trick and a script kiddie stunt, and it ranges from being annoying to rendering a device unusable, depending on the tenacity of the troll.

The bug causes many iOS and Mac apps to crash when rendering two characters in Telugu, a south Indian language. While anyone can avoid viewing the symbols themselves, problems arise when someone ill-intentioned starts spamming out the symbols or sending them directly to devices where they will be received as a notification.

Droves of Twitter users have taken to tweeting the symbols out over the last day with messages like “read this to log off instantly” and “retweet this to crash anyone using an Apple device,” though luckily most of them don’t have many followers. Still, if the symbol shows up in your @ replies or in the handle of someone who likes one of your tweets, then it’s game over for whatever app you have open (Motherboard writer Joseph Cox learned this the hard way). From what we’ve observed, the only way to get an app working again is to reinstall it from scratch — a time-consuming process, especially if a troll just crashes it all over again.

As captured on Twitter, one security researcher added one of the symbols to his Uber handle as an experiment. “I suspect a crashed phone means you get routed to the next driver… who gets crashed too. Like an Uber routing worm,” he wrote. We reached out to Uber to see if they’re aware of the issue and will update when we hear back.

For now, most of the trolling seems to be on Twitter. A search on both Facebook and Reddit yielded conspicuously few signs of Telugu trolling, so it appears that those platforms may have taken steps to limit the fallout from the iPhone-killing Unicode symbols.

Meanwhile, a thorough blog post by Mozilla engineer Manish Goregaokar suggests that the scope of the Unicode bug could be broader than the two symbols we know. “… From some experimentation, this bug seemed to occur for any pair of Telugu consonants with a vowel, as long as the vowel is not ై (ai),” he wrote. His findings so far:

So, ultimately, the full set of cases that cause the crash are:

Any sequence <consonant1, virama, consonant2, ZWNJ, vowel> in Devanagari, Bengali, and Telugu, where:

consonant2 is suffix-joining – i.e. र, র, য, and all Telugu consonants
If consonant2 is र or র, consonant1 is not the same letter (or a variant, like ৰ)
vowel is not ై or ৌ

TechCrunch has reached out to Twitter, Facebook and Reddit to see how those platforms are handling the bug, which is particularly destructive when blasted out on an open social network. We’ve also been in touch with Apple and they’ve confirmed that there is a “dot update” fix coming soon, though declined to confirm if it would be iOS 11.2.6. Apple noted that the bug is fixed in current betas of iOS, tvOS, macOS and watchOS.

Comments

Shatterproof screens to protect smartphones

Polymer scientists at the University of Akron in Ohio have developed a transparent electrode that could change the face of smartphones, literally, by making their displays shatterproof. In a recently published paper, researchers show how a transparent layer of nanowire-based electrodes on a polymer surface could be extraordinarily tough and flexible, withstanding repeated scotch tape peeling and bending tests. This could revolutionise and replace conventional touchscreens, according to Yu Zhu, UA assistant professor of polymer science. Currently used coatings made of indium tin oxide (ITO) are more brittle, most likely to shatter, and increasingly costly to manufacture. “These two pronounced factors drive the need to substitute ITO with a cost-effective and flexible conductive transparent film,” Zhu says, adding that the new film provides the same degree of transparency as ITO, yet offers greater conductivity. The novel film retains its shape and functionality after tests i...

Get 56GB of free cloud storage in one folder!

Bring Your Box, Dropbox, Google Drive, & OneDrive All Together In One Folder With odrive! Dropbox gives you up to 16GB free. Google Drive & Gmail give you 15GB. OneDrive gives you 15GB. Box gives you 10GB. odrive brings all your cloud storage apps together in one folder right on your desktop. Just link your Dropbox, Google Drive, Gmail, Box, and OneDrive accounts to odrive and instantly get all your files scattered everywhere in one place! You can even link multiple accounts from each app to get even more! 1. Install odrive. DOWNLOAD It's free! And available for Windows & Mac :) 3.Get all your stuff! 2. Link all your cloud storage accounts. Note: This gives odrive permission to download your files for you. odrive doesn't store anything, we promise! OXYGEN CLOUD, INC., 1600 SEAPORT BLVD, REDWOOD CITY, CA, 94063, UNITED ...

So, when will your device actually get Android Oreo?

Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can. First the good news: If your device was enrolled in the Android Beta Program, you’ll be getting your hands on the final version of the software “soon,” according to Google. Exactly what that means remains to be seen, but rest assured that you’ll be one of of the first people outside of Google to take advantage of picture-in-picture, notification dots and the like. No big surprise, Google handsets will be the first non-beta phones to get the update. The Pixel, Nexus 5X and 6P are at the top of the list, alongside Pixel C tablet and ASUS’s Nexus Player set-top box, which will be receiving the upgrade i...

The Withings Go Is A Cheap Little Activity Tracker

Withings has one more thing up its sleeve, a new activity tracker. This isn’t a new version of the Pulse or Activité. This is a brand new activity tracker. And the best part is that it only costs $69. The Withings Go uses an always-on E Ink display like the one on your Kindle or original Pebble. It’s very power efficient but it’s also a black and white display. But the good thing about this kind of display is that the Withings Go uses a button cell battery and the battery lasts 8 months. This new device tracks your steps, distance, running activity and swimming activity. You can also use it to track your sleep cycles. Compared to other entry-level activity trackers, you can do quite a lot. You don’t have to switch between activities — the device switches automatically. And of course, you can get your data in the Withings Health Mate app on iOS and Android. The Withings Go will be available in Q1 2016. Now the question is whether people want ...

Where does Blue Apron go after Amazon wraps up its Whole Foods deal?

Last week, Amazon said that its massive $13.7 billion deal to acquire Whole Foods is wrapping up on Monday — giving it access to one of the strongest food brands in the United States, as well as hundreds of grocery stores in metropolitan areas. That means it’s going to be easier and easier for people to get access to great ingredients, and there’s been a continued trickle of suggestions that Amazon will be gunning for a massive business that helped Blue Apron go public — a trickle that has since tempered Wall Street’s appetite for that business. All this raises a ton of questions as to what the future of Blue Apron is as Amazon looks primed to bulldoze into its territory in a very Amazon move. But as the specter of Amazon getting into meal-kit delivery looms, let’s review really quickly what Blue Apron has going for it: It has a strong brand in meal-kit delivery. The company wouldn’t have been able to go public, much less sustain unicorn status even as its stock continues to plumme...

Exciting Technology

Search This Blog