- A malicious actor can send a specially crafted message to iPhones that will brick them immediately.
- The devices enter a denial of service state that makes them completely unresponsive.
- Disabling iMessage or updating your device to iOS 12.3 will address the vulnerability.
If you are running iOS 12.2 and older, a specially crafted message sent through iMessage would be enough to cause a denial of service (DOS) condition on your iPhone device and bring it to a “bricked” state. This is a term that is used to designate irreversible damage to an electronic device, rendering it as useless as a brick. The problem was discovered by security researcher Natalie Silvanovich, who is a member of the Google Project Zero team. The researcher has even developed and shared a proof of concept (PoC) code with Apple, and the issue is considered fixed since the release of iOS 12.3.
While iOS 12.3 was released back in May, there are about 50% of iPhone users who have not upgraded to it, and many of them probably never will due to various reasons. This practically means that half of the iOS devices in existence right now are in risk of getting bricked by receiving a message from a malicious actor, and with the PoC out there, I don’t see how this vulnerable userbase could stay safe from someone with aggressive intentions.
The researcher describes the attack technique as follows: The method -[IMBalloonPluginDataSource individualPreviewSummary] in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not an NSString. This method calls [IMBalloonPluginDataSource _summaryText] which returns the property assuming it is a string, but this is not checked. The calling method then calls -[IMBalloonPluginDataSource _replaceHandleWithContactNameInString:] which calls im_handleIdentifiers on the ‘NSString’ which is really an NSNumber, which throws an exception as the selector does not exist in that class.
On an iPhone, this could cause Springboard to crash and respawn repeatedly and endlessly, causing the user interface to stop responding to the user’s inputs. Even if the user reboots the device, the condition will get repeated as soon as the phone is unlocked. The only way to get around this is by rebooting into recovery mode and perform a system restore, essentially losing all your data. Another way to unbrick the device is to wipe it by using “Find my iPhone”, or to put the device in recovery mode and update to 12.3 via iTunes. All these ways will remove all your data from the device, but at least you’ll get your iPhone’s functionality back.