Sign symbol: iOS denial of service

An unusual bug was detected in the iOS operating system that caused the device to reboot. It is enough to send a special character from the alphabet of the Indian language to Telugu జ్ఞా (“sign”) on the iPhone, after which the device automatically reboots.

One of the symbols of the Telugu language, which is used in some states in India, leads to a restart of the iPhone. If you insert this symbol in the message text and open it, it will come to reboot the device. The application of this symbol will work with Facebook Messenger, iMessage, WhatsApp, Gmail, Outlook.

The original sequence U + 0C1C U + 0C4D U + 0C1E U + 200C U + 0C3E, which is a sequence of Telugu characters, causes the system to reboot, being entered into any system text field. The peculiarity of changing the characters that leads to the collapse of the system lies in the peculiarities of the Telugi and Bengali languages ​​(and possibly other dialects). The transformation of suffix-connecting consonants leads to collapse - when the second consonant joins the first for association without significant change in its shape.


')
This is not the first time that iOS crashes due to strange characters, URLs, or even video. Last month, one link could freeze the iPhone (chaiOS bug), this problem was fixed with the release of iOS 11.2.5. In 2015, a similar vulnerability in iMessage led to a reboot of the device. Also, in 2016, a 5-second video caused the device to “hang”.

Processing specific characters or their sequences refers to the so-called "sms of death".

Such a plan, vulnerabilities are periodically detected both on various platforms and in specific applications. They can lead to a reboot of the device, freeze, “check-in” or to an incorrect interpretation of the text execution context (like a recent RLO bug in a telegram).

These vulnerabilities appeared long before the era of modern smartphones: these kind of bugs were in Nokia phones (TP-UD payloads in so-called flash-sms), the classic% English vulnerability in Siemens phones and many other less known ones.

Typically, such vulnerabilities do not carry a malicious load, but are widely used in pranks and have, as a rule, a sociotechnical vector of propagation.

---

Bonus for linguistic hackers: analysis of syntactic fuzzing of the Bengali dialect, which leads to a similar problem by reference .