
New Exploit Breaks the iPhone's Messaging App with One Text - pierre-renaux
http://www.tomshardware.com/news/exploit-iphone-message-single-text,33280.html
======
userbinator
The flip side of making things opaque and "just work" per Apple philosophy, is
that when they _don 't_ work, trying to fix it becomes even more difficult.

This is a very unusual "exploit", however --- according to
[https://en.wikipedia.org/wiki/VCard](https://en.wikipedia.org/wiki/VCard)
it's not even a valid .vcf file but looks to be just an RTF with copious
amounts of text (appears to be bytes from PNG images concatenated together,
although I haven't actually tried to read them as such.)

I think there's some sort of hidden quadratic (or higher) algorithm that's
causing this, along the lines of
[https://www.joelonsoftware.com/2001/12/11/back-to-
basics/](https://www.joelonsoftware.com/2001/12/11/back-to-basics/) . As a
datapoint, this 7-year-old machine rendered that file as RTF (in WordPad) in
less than a second. An iPhone doesn't have quite as powerful a CPU, but still
shouldn't be struggling to do it.

~~~
teddyh
> The flip side of making things opaque and "just work" per Apple philosophy,
> is that when they don't work, trying to fix it becomes even more difficult.

“ _The major difference between a thing that might go wrong and a thing that
cannot possibly go wrong is that when a thing that cannot possibly go wrong
goes wrong it usually turns out to be impossible to get at or repair._ ”

— Douglas Adams, _Mostly Harmless_

------
MarcScott
_Still, at least these problems are being revealed to the public alongside
their fixes. It would be far worse if criminal hackers or intelligence
agencies secretly exploited these issues_

This seems overly alarmist given it's an exploit that simply sends the phone
into a crash loop. It's not as if they can launch nukes by whistling into the
microphone.

------
aiur3la
Serious question: this is the third time a exploit of this kind is publicly
revealed for this app. How comes we don't see a global hack outbreak?

I mean, script kiddies would love to break millions of phones. What has
stopped them from doing that so far?

~~~
feld
Even the best script kiddie would get bloody fingers trying to type in every
possible phone number or iCloud address

There's no API. No real way to automate.

~~~
goda90
A robotic auto-dialer could fix that. Perhaps an app on a jailbroken phone
could inject numbers into the input field?

~~~
throwanem
It'd be easier to automate the Messages app on an OS X device.

Another concern would be that Apple is likely to deactivate an ID used to send
this kind of malicious spam at any sort of scale.

~~~
Fnoord
> Another concern would be that Apple is likely to deactivate an ID used to
> send this kind of malicious spam at any sort of scale.

Apple IDs can be easily remade. ProductIDs can be faked on a Hackintosh.

~~~
natch
The part you missed was: "at any sort of scale."

I'm pretty sure you would encounter ever-increasing levels of countermeasures
as you tried more and more tricks at scale.

------
burntwater
Can't say factually it would work here, but this makes me pine for the days of
Blackberry Desktop Manager and its very granular backup/wipe/restore
abilities.

I no longer do IT support for mobile devices, so I'm not sure what the current
abilities are, but when I stopped in ~2012 the only options for both iPhones
and Android were basically full wipes and restores. All or nothing. With the
Blackberry you could backup/wipe/restore only SMS, or only contacts, or only
calendar, etc. Could also easily transfer exactly the data you wanted to a new
phone.

~~~
berberous
Yup. Apple's tech support insisted that the reason my iPhone 6 (not a 6s) shut
off at 30-40% was due to a software issue, not a battery issue. They suggested
I not only wipe my phone, but set it up as a brand new device. It's insane
that this is the only way to fix something they claim to know is a software
issue.

~~~
op00to
This is their default response to everything. Once you go through that step
(and they maybe grab diagnostics to determine you actually started as new),
they will actually push to resolve your issue. It's easy to recover from this
w/ iTunes or iCloud device backups, so a moderately painless hoop to jump
through.

~~~
abduhl
Rofl this is the first time I've ever read something that refers to "wipe your
device" as a "moderately painless hoop to jump throigh".

This is customer service these days?

~~~
op00to
I can backup, wipe my device, do the test, pull the debug logs, and restore
from backup in an hour or so. iTunes and iCloud make it really easy to do
this. It's just not cost effective for Apple to treat every case as a special
snowflake if nuking from orbit fixes the issue. It sucks, but it's not like
you'll get support from anywhere else.

------
cdevs
Annoyance but at least not a backdoor but this will still end up yahoo click
bait sounding more serious than it is for a few weeks since it's Apple
related.

------
dang
Url changed from [http://www.tomshardware.com/news/exploit-iphone-message-
sing...](http://www.tomshardware.com/news/exploit-iphone-message-single-
text,33280.html), which points to this.

~~~
chatmasta
The new URL does not allow viewing unless you disable your ad blocker.

~~~
dang
Ok, changed back from [https://vincedes3.com/crash-message-app-
iphone/](https://vincedes3.com/crash-message-app-iphone/).

------
sschueller
Link I posted from the author of the exploit yesterday:
[https://news.ycombinator.com/item?id=13284872](https://news.ycombinator.com/item?id=13284872)

I guess the ad blocker blocker killed that...

