People are trolling iPhone users with the ‘killer symbol’ that crashes their apps

Surprise! Assorted jerks on the internet have weaponized the Unicode-based bug we reported yesterday to insta-crash apps running on an iPhone or a Mac. The result is somewhere between the old Alt + F4 trick and a script kiddie stunt, and it ranges from being annoying to rendering a device unusable, depending on the tenacity of the troll.

The bug causes many iOS and Mac apps to crash when rendering two characters in Telugu, a south Indian language. While anyone can avoid viewing the symbols themselves, problems arise when someone ill-intentioned starts spamming out the symbols or sending them directly to devices where they will be received as a notification.

Droves of Twitter users have taken to tweeting the symbols out over the last day with messages like “read this to log off instantly” and “retweet this to crash anyone using an Apple device,” though luckily most of them don’t have many followers. Still, if the symbol shows up in your @ replies or in the handle of someone who likes one of your tweets, then it’s game over for whatever app you have open (Motherboard writer Joseph Cox learned this the hard way). From what we’ve observed, the only way to get an app working again is to reinstall it from scratch — a time-consuming process, especially if a troll just crashes it all over again.

As captured on Twitter, one security researcher added one of the symbols to his Uber handle as an experiment. “I suspect a crashed phone means you get routed to the next driver… who gets crashed too. Like an Uber routing worm,” he wrote. We reached out to Uber to see if they’re aware of the issue and will update when we hear back.

For now, most of the trolling seems to be on Twitter. A search on both Facebook and Reddit yielded conspicuously few signs of Telugu trolling, so it appears that those platforms may have taken steps to limit the fallout from the iPhone-killing Unicode symbols.

Meanwhile, a thorough blog post by Mozilla engineer Manish Goregaokar suggests that the scope of the Unicode bug could be broader than the two symbols we know. “… From some experimentation, this bug seemed to occur for any pair of Telugu consonants with a vowel, as long as the vowel is not ై (ai),” he wrote. His findings so far:

So, ultimately, the full set of cases that cause the crash are:

Any sequence <consonant1, virama, consonant2, ZWNJ, vowel> in Devanagari, Bengali, and Telugu, where:

consonant2 is suffix-joining – i.e. र, র, য, and all Telugu consonants
If consonant2 is र or র, consonant1 is not the same letter (or a variant, like ৰ)
vowel is not ై or ৌ

TechCrunch has reached out to Twitter, Facebook and Reddit to see how those platforms are handling the bug, which is particularly destructive when blasted out on an open social network. We’ve also been in touch with Apple and they’ve confirmed that there is a “dot update” fix coming soon, though declined to confirm if it would be iOS 11.2.6. Apple noted that the bug is fixed in current betas of iOS, tvOS, macOS and watchOS.

Comments

The EHang 184 Is A Human-Sized Drone Taking Off At CES

We’ve seen some pretty cool stuff on day 1 of CES 2016, but probably nothing more eye-catching than the EHang 184, a human-sized drone built by the Chinese UAV company EHang . Yes you heard right — a giant autonomous drone that fits a human. It’s basically what you would expect to see if someone shrunk you down to the size of a LEGO and stuck you next to a DJI Inspire. Except no one was shrunk, and the giant flying machine was sitting smack in the middle of the CES drone section. EHang, which was founded in 2014 and has raised about $50M in venture fundingto date, was pretty gung-ho about telling everyone at CES that the 184 was the future of personal transport. And for the most part, people were too in awe to question them. But the reality is that the company probably was using the 184 as more of a marketing tool for their standard-sized drones like the Ghost . Not that we’re saying that the 184 will never be a real thing, just that it probably isn’t co...

Western Union Brings Money Transfer And Its Tricky Fees To Chat Apps

Remittance has always been a shady business. Migrant workers need to send money they earn home to their families, but get hit with fine print fees so less cash comes out the other side than they might assume. Remittance companies earn extra by keeping the margin between their own made up exchange rate and the real one. Western Union is the best known remittance company, with 500,000 brick-and-mortar locations around the world. But tech startups like TransferWise, Azimo, and WorldRemit are gunning for the business. They hope to increase convenience and reduce fees to lure customers away from Western Union, Moneygram, and other old-school remittance providers. So Western Union is going digital thanks to partnerships with big messaging apps. It launched its Western Union Connect system in October last year, followed by a partnership with WeChat for sending up to $100. Now it’s getting into bed with Viber , which has over 664 million “unique” users, thou...

Following Patent Deal, Every Time Apple Sells An iPhone, Ericsson Gets A Bit Of Money

Telecommunications infrastructure company Ericsson just announced that it has reached an agreement with Apple over an ongoing patent dispute. For the next seven years, Apple will pay a fraction of its iPhone and iPad profit to Ericsson in royalties. Back in February, Ericsson filed suits in many different jurisdictions for patent infringement (the International Trade Commission, the U.S. District Court for the Eastern District of Texas, the U.S. District Court for the Northern District of California, as well as courts in the U.K., Germany and the Netherlands). According to the Swedish company, Apple has been violating 41 patents over the past few years with its iPhone and iPad, in particular patents related to GSM, UMTS and LTE technologies. As expected, the two companies have reached an agreement and Ericsson is dropping all of its lawsuits. Today’s news isn’t particularly surprising as Ericsson holds more than 35,000 patents. Many of them are related to wireles...

Google Calls Out EFF Over Bogus Claims That It Snoops On Students With Its Chromebooks

The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in the education sector, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students’ personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. "EFF bases this petition on evidence that Google is engaged in collecting, maintaining, using, and sharing student personal information in violation of the 'K-12 School Service Provider Pledge to Safeguard Student Privacy' (Student Privacy Pledge), of which it is a signatory,” alleged the EFF in its initial FTC complaint. Google takes such allegations very seriously, and has thus responded to every claim brought forth by the EFF. “While we appreciate the EFF’s focus on student data privacy, we are confid...

NVBOTS Wants To Make 3D Printers As Easy As Toasters

Right now 3D printing curriculums, if they exist, are fairly sparse. Putting a two thousand dollar machine in front of a grade schooler usually ends up in a lot of 3D printed Yoda heads and not much education while the learning curve for most 3D design tools is steep. That’s what the founders of NVBOTS, AJ Perez, Forrest Pieper, Christopher Haid, and Mateo Peña Doll, are looking to solve. Their product, the NVPRO , is a 3D printer with a few interesting features. The two most interesting are the automatic removal system which pops parts off of the build plate when they are done and a built-in print server that allows you to print from any device. This means you can run large batches of prints from different users with each part popping off as its printed. This means a class of students can send jobs to a printer and then pick them up just as they would a laser printer. The printer also supports a central “admin” who can check jobs before they are printed as and offers a ...

Exciting Technology

Search This Blog