Apple Exploit Solution(s)

May 28, 2014

Earlier, we were attacked with the Apple exploit, which uses this code to abbreviate the text in a banner or notification with an ellipsis. The ellipsis causes the phone to crash and, in some cases, cycle and render the device useless.

 

 

 

Firstly; it's worth noting that it isn't just Apple that this exploit works with, it's almost any device that displays notifications or abbreviations and can't cope with the result. We've so far tested this on iOS and various instances on Android - further research to come.

We had a number of test devices running different versions of iOS and Android and experienced different results each time. We challenged the devices with various strings, and out of 74; only 2 worked. It rendered one of our personal iPhone 6 completely unusable, causing the phone to cycle from on and off, displaying the Apple logo intermitently, whilst offering no way of fixing the phone!

In the last hour INSINIA's come up with a number of antidotes and defences, which we've listed below for your reference. We've so far not seen anyone else listing these antidotes, but I'm sure Apple are aware and are coming up with a fix.

Apple have so far not offered any fix (as of 22:30 GMT, 28th May 2015), so please do NOT take their preliminary advice of wiping your device! A number of people we've spoken to have taken their device to the Apple store and they've wiped it to resolve, but all this is doing is wiping the message cache, as well as pointlessly erasing all of your other data!

It's unneccessary and there's no need to wipe or reset your device, only upgrade or restore from iTunes as a last resort. Follow all of the steps below (or as many as you can do) before connecting your device to iTunes.

SOLUTIONS:

IF YOU CANNOT ACCESS YOUR PHONE AT ALL (CYCLING / BRICKED):

1. GET THE SENDER TO SEND YOU ANOTHER TEXT MESSAGE
If the person who sent you the message sends you another message; it should offer a quick and easy fix to the problem.

 

2. UPDATE / RESTORE YOUR PHONE ON ITUNES
Plug your phone in to iTunes and download the latest software update.
Update your phone through iTunes.
**NOTE that you will have to unlock your phones pin code before it will connect to iTunes if you wish to make a recent back up. This may be difficult if the phone is cycling. Be patient.

IF YOU STILL HAVE ACCESS TO YOUR PHONE:

1. GET THE SENDER TO SEND YOU ANOTHER TEXT MESSAGE
If the person who sent you the message sends you another message; it should offer a quick and easy fix to the problem.


2. USE SIRI TO TEXT YOURSELF
Save your number in your phone as "me". Then, go to Siri and say "send myself a text message" - enter any message body and tell Siri to send. This will stop you from being locked out of the Messages app.

3. CHANGE YOUR MESSAGE SETTINGS
Go in to Settings > Messages > Filter Unknown Senders and switch ON
Go to the search bar in messages, type the "hackers" name who sent you the malicious message, and delete their message from your phone.

4. CHANGE YOUR NOTIFICATION SETTINGS
Go in to Settings > Notifications > Messages > Allow Notifications and turn OFF
**This will only stop the same attacker from sending you a malicious text repeatedly and will not repair an affected device**

5. CHANGE YOUR DATE AND TIME SETTINGS
Go to Settings > General > Date & Time then change the time to 2 months AHEAD of the date today. Then, go to Settings > Messages go down to Keep Messages > 30 Days. This should erase the malicious text you received.
**NOTE THAT THIS WILL ALSO DELETE ANY OTHER MESSAGES, SO YOU MAY WANT TO BACK UP YOUR PHONE ON ITUNES FIRST**

6. UPDATE YOUR PHONE THROUGH THE SOFTWARE UPDATE
Go to Settings > General > Software Update

7. SEND YOURSELF THE ANTIDOTE
If you find that the above fail, or your Messages app is still crashing then do the following:
Go to Notes and type a note with any message body (any text in the note)
Save the note, go back in to view it, and press the "share" button in the middle at the bottom of the page.
Share the note via iMessage to anyone and everyone who has either sent you the exploit or who you have sent it to.

DEFENSE(S):

1. CHANGE YOUR KEYBOARD SETTINGS
Do not allow your phone to use exotic or foriegn keyboards, and restrict it to use the Apple keyboard only.

2. DISABLE MESSAGE PREVIEW / NOTIFICATIONS
And only open messages from TRUSTED sources!

3. DISABLE ALL OTHER PREVIEWS
Including WhatsApp and any other messaging services.

4. DISABLE UNUSUAL LANGUAGES
Which will stop your phone displaying anything but Latin.
**CURRENTLY ARABIC, CHINESE AND MARATHI ARE VULNERABLE**

5. DO NOT SHOW NOTIFICATIONS ON LOCK SCREEN
Or your device is vulnerable... Even in your pocket!

One of these should work - if you still have issues then e-mail us at weare@insinia.co.uk and we'll be happy to help!

 

 



 

Please reload

Featured Posts

Apple Exploit Solution(s)

May 28, 2014

1/1
Please reload

Recent Posts
Please reload

Follow Us
Please reload

Search By Tags
Please reload

Archive
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square