What You Need To Know About The Bug That Freezes Your IPhone
Here's how to protect yourself until there's a more permanent fix.
Chelsea Davis 2018-01-22I don’t know about you, but having my iPhone crash repeatedly is one of my worst tech nightmares. But that’s exactly what will happen if this link is texted to you over iMessage.
Abraham Masri, a software developer and researcher, told BuzzFeed News that he discovered this harmful bug while “fuzzing with the operating system. (For us non-techies, that means he was hacking the operating system by typing lots of random characters into the internal code.) With this particular bug, someone can freeze your iPhone by simply sending a link with the disastrous code. The scary part? You don’t even need to open it for it to do its damage. Without any action on your part, it will still cause iMessage to crash repeatedly, slow down Safari and drain your battery.
Masri claims he reported the bug, which he named chaiOS, on Jan. 15, but Apple didn’t seem keen on fixing the issue immediately. So, like any good tech vigilante, he posted the bug on GitHub, a web-based hosting service for managing source code, and shared a link to that GitHub page on Twitter on January 16.
👋 Effective Power is back, baby!
chaiOS bug:
Text the link below, it will freeze the recipient's device, and possibly restart it. https://t.co/Ln93XN51Kq⚠️ Do not use it for bad stuff.
—-
thanks to @aaronp613 @garnerlogan65 @lepidusdev @brensalsa for testing!— Abraham Masri (@cheesecakeufo) January 16, 2018
“Text the link below, it will freeze the recipient’s device, and possibly restart it,” Masri tweeted, adding, “Do not use it for bad stuff.”
He wanted to get Apple’s attention and he did. “My intention is not to do bad things,” Masri told BuzzFeed News. “I always report the bug before releasing something.”
The bug I released was to get @Apple's attention. It's just an html file.@Github always hosted jailbreaks (even .ipa files) that might've included malware. I don't understand why you'd ban my account.
Btw, I always report bugs before releasing them.— Abraham Masri (@cheesecakeufo) January 17, 2018
So how does it work? Someone texts you a link, which often shows up in your messages with an image preview and text (the URL and a brief title of the link). This preview is created by customized code, which a developer puts into their website’s HTML. In Masri’s case, he used thousands of random characters in the link, instead of just a few, which most likely caused the Messages app to crash.
GitHub temporarily suspended his account after he shared the malicious code publically on Twitter. Masri tweeted, however, that he’d never intended to rehost the code elsewhere but, rather, to push Apple to “take such bugs more seriously.”
No, I'm not going to re-upload it. I made my point. Apple needs to take such bugs more seriously.
— Abraham Masri (@cheesecakeufo) January 17, 2018
So what do you do if you receive the link? Try deleting the message thread. If this doesn’t work, try restoring your device to its factory settings. Keep in mind, however, that this will erase all photos and saved data on your phone.
In the event that the bug is reposted on GitHub, one Twitter user, @eric_rmrz, suggests blocking the domain on your phone.
To do this, head to Safari’s Settings app > General > Restrictions > Enable Restrictions > Websites > Limit Adult Content > Never Allow > GitHub.io.
How to protect yourself: block the domain in safari restrictions, iPhone wont overload even if you get the link pic.twitter.com/lHrrczTuWS
— Eric Ramírez (@eric_rmrz) January 17, 2018
However, this will only work if the bug is being hosted on GitHub. It won’t help if someone posts the code on to their own server.
All in all, the best advice is to keep your device updated with the most recent version of iOS. Apple usually releases operating systems to handle new bugs as they arise. And according to Bustle, Apple confirmed a fix is coming in a software update within the week.