Security

New iOS 'text bomb' cyberattack can crash, restart your iPhone

While it may only be an annoyance, this isn't the first time a text bomb has taken out iPhones, which begs the question of a more serious flaw.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • A newly discovered text-related bug in iOS can crash the operating system with little more than an HTML link.
  • This is the third such bug to hit iOS in the past few years, raising concerns that Apple is simply treating symptoms in iOS and not solving problems. —TechRepublic

Software developer Abraham Masri recently released an interesting iOS bug into the world.

It turns out just a simple chunk of HTML code, when sent as a link in a text message, has the power to leave iOS gasping for air. Masri says the bug, which he calls ChaiOS, "causes device to freeze, respring, drains battery, and/or sometimes panic." The recipient doesn't even need to open the link—simply receiving it is enough.

Masri also said that ChaiOS may be annoying but it's nothing to be worried about. That may be true, but it isn't the first time simple bits of text have crashed iOS devices.

These particular bugs are simple and irritating, not something that's going to compromise your device or endanger your personal information. A continued pattern, however, is cause for concern.

Continuing a trend

Masri has since taken the code for ChaiOS down, and he has no plans to republish it. "I made my point," Masri said. "Apple needs to take such bugs more seriously."

ChaiOS is just another in a string of similar iOS bugs, making it seem that Apple may be failing to do so. While the company has responded with patches that fix its OS flaws, the fact that similar issues continue to be discovered suggests the company is slapping band aids on problems rather than investigating underlying causes that need to be fixed.

Forrester security and risk analyst Jeff Pollard said that while iOS bugs happen less often and generally with less severity than Android ones, the repetitive nature of bugs like ChaiOS should, and does, raise questions.

SEE: Research: Defenses, response plans, and greatest concerns about cybersecurity in an IoT and mobile world (Tech Pro Research)

Harmless as it may be, ChaiOS reflects poorly on Apple and the stability and security of iOS. It would be one thing if this were the first device-crashing text bomb encountered on an iOS device, but it isn't.

There's a problem somewhere in iOS that isn't being fixed, and I hope patches for more serious things like Meltdown and Spectre are treating the disease rather than the symptom.

"If Apple continues to stress that privacy and security are important to them - and I hope they do - then discovering vulnerabilities like this one as early as possible and responding to them is a must," Pollard said.

And there needs to be more than just a "patch-and-forget" response. If consumers and businesses are going to continue to have faith in Apple, and Google, they need to be sure that repetitive problems aren't symptoms of a deeper disease in their mobile OSes.

We're lucky that ChaiOS isn't a serious security flaw. It's just an annoyance this time ... right?

sad-at-phone.jpg
Image: iStock/AntonioGuillem

Also see

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox