Google's Project Zero security research undertaking just revealed what we've already known - that Apple's iMessage can be thrown off
by a simple unorthodox string that could force you to wipe out and restore your handset.
Project Zero is Google's umbrella team of security analysts who have the sole purpose to find zero-day vulnerabilities, or bugs of the type that can be exploited by state-sponsored hackers, intelligence agencies and run-of-the-mill criminals. The iMessage bug was found by one Natalie Silvanovich
, and here's what she has to say about it:
On a Mac, this causes soagent to crash and respawn, but on an iPhone, this code is in Springboard. Receiving this message will case Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input. This condition survives a hard reset, and causes the phone to be unusable as soon as it is unlocked. The only way I could find to fix the phone is to reboot into recovery mode and do a restore. This causes the data on the device to be lost though.
To start using the bricked iPhone again, you can do one of the following, she says:
- Wipe the device with 'Find my iPhone'
- Put the device in recovery mode and update via iTunes (note that this will force an update to the latest version)
- Remove the SIM card and go out of Wifi range and wipe the device in the menu
Fret not, though, as the bug is only made public after the respective party, in this case Apple, has been notified of its existence, and the it has been squashed in the iOS 12.3 update.
Project Zero has a strict 90-day disclosure policy to make the big public which is forcing manufacturers to react swiftly, or risk having the exploit out in the open before it has been patched. Whew.