2 min read

Watching a video can crash and freeze any iPhone

Graham CLULEY

November 25, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Watching a video can crash and freeze any iPhone

When you think of denial-of-service, there’s a good chance you picture the botnet-powered attacks that see attackers bombard websites with so much traffic that they become near-impossible to access.

But denial-of-service describes a much broader range of attacks than that. In its purest form, denial of service means any kind of incident that disrupts usage of a service.

So, if a remote attacker causes your phone to crash and turn itself off that is a denial-of-service.

The point I’m trying to make is that a video that forces your phone to switch off and requires you to do a hard reset is no laughing matter. Although I’m sure many view such an attack as an amusing prank, it’s also a denial of service and could potentially have serious consequences if a victim needed to use their phone urgently, or if somebody was trying to contact them in an emergency.

It’s against this backdrop that I read with interest a report of how a video published on the popular Russian social network, VKontakte, was freezing iPhones.

As YouTuber EverythingApplePro describes in his own (thankfully safe) YouTube video, minutes after watching a seemingly-innocent video an iPhone becomes unusable.

The only thing you can do is force a hard reset on the phone by simultaneously pressing “Home” and “Power” buttons for a few seconds.

If you have an iPhone 7 (which doesn’t have a physical Home button) then you’ll have to press the Power and Volume Down buttons instead.

EverythingApplePro’s video describing the freaky behaviour has been watched over two million times in the last few days, and (predictably) hundreds of thousands of people have clicked on the link to the video that triggers the denial-of-service.

The good news is that the attack does not appear to be permanently harmful. There is clearly something odd about the video’s codec that is causing a bug in iOS’s code to rear its head, and the phone to crash. But that doesn’t mean that the same technique could necessarily be easily used to spread malware, for instance.

And it’s not as though iOS is a complete stranger to denial of service attacks, and there have been comparable incidents in the past.

For instance, last year we described on Hot for Security how a researcher had discovered a way to crash another user’s WhatsApp by sending them a single message containing an “emoji bomb”

Also in 2015, at the RSA Conference, security researchers revealed how malicious hackers could crash any iOS device within range of a Wi-Fi hotspot.

Meanwhile, bug hunters found it was possible to force iPhones to restart just by sending them a carefully-crafted Flash SMS message.

Software is written by programmers. Programmers are (mostly) human, and so they make mistakes. All software of any complexity has bugs, and we’re probably asking too much if we expect a completely bug-free smartphone operating system.

What’s important is that when bugs are found, particularly if they are serious, that they get investigated and fixed in a prompt fashion.

My hope is that soon Apple will release a version of iOS which fixes this particular bug and means that mischief-makers will have to try a little harder to pull pranks on their friends.

And maybe that will also mean that we’re all a little bit safer from suffering a denial-of-service attack on our phones.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read