A three character-long text message can temporarily disable iPhones, a hacker has shown.
On receiving the message, iPhones instantly freeze for around a minute, and sometimes users are forced to restart. Besides blocking the number that the malicious messages come from the victim has no way of preventing the attack, although its effects are temporary and do not work on the most recent version of iOS.
The bug is the latest in a series of strange text-message vulnerabilities that have affected iPhones in recent years. The offending message appears to contain just three characters - a white flag emoji, a “0” and a rainbow emoji. When a text with the three characters is received, an iPhone will become temporarily unusable, with the touchscreen and physical buttons not functioning.
The fault appears to be in the convoluted way that iOS creates the rainbow flag emoji. Because the flag is not an official emoji, Apple creates it by combining the code behind the two white flag and rainbow emoji. The two are joined together by a hidden character known as a VS16. With the troublesome three-character text, the VS16 is there, forcing the iPhone into trying to combine the two emoji, but is unable to because of the zero in the middle.
The bug was revealed on the YouTube account EverythingApplePro, which regularly demonstrates iPhone text-message pranks. While the attack does not work on the latest version of iOS, 10.2, a similar vulnerability does affect the newest operating system. The second attack, which has a similar effect, is a more intricate method that involves the sender sharing a large contact file from the iCloud Drive app.
As mobile operating systems have become more elaborate, it is increasingly common for hackers to find cracks in the software. The so-called “effective power” text, a string of Arabic characters, was found to crash iPhones in 2015, and there have been a spate of similar bugs in recent months. They are typically fixed in software updates relatively soon after they emerge. At worst, the rainbow flag emoji is set to be officially introduced in this year's list of new emoji, negating the need for the current workaround.
How to prevent it
The first bug, in which a string of three characters is sent to the device, can be dealt with simply by upgrading to the latest version of iOS. To do this, go to Settings on your phone, then General, then Software Update. The second bug, which involves the much longer text, may stop the Messages app from working, because every time the app is opened, it tries to reload the most recent text message.
Clicking this link on your iPhone and opening it in Messages should create a new message and allow you to delete the one that causes the bug. If a person keeps sending the message, the only recourse may be to block them. To do this click the “i” button at the top right of a text-message thread, click their name and select “Block this caller”.