crash, Information Security, text bomb, Top News, WhatsApp

The WhatsApp text bomb – no, it won’t destroy your phone!

You’ve probably seen the news already: there’s a text message going around that can cause WhatsApp to freeze or crash (if those aren’t essentially the same thing).

Just how alarmed you are depends on where you’ve looked.

Some articles have been hedging their bets by urging you to watch out for “the text bomb that could destroy your phone“, which is dramatic without actually being definitive. (After all, you could win the lottery tomorrow, but you won’t.)

Other articles have insisted that the damage is more than just theoretical – the Birmingham Mail, for instance, headlined its article to state unequivocally that “this WhatsApp text bomb is destroying recipient’s phones“.

Fortunately, the article itself is a bit more conciliatory, noting that:

If you receive [the text bomb], your phone – whether it’s an iPhone or Android – could become unresponsive, forcing you to restart it.

As far as we know, that’s about as bad as it gets, and after restarting, you should be able to delete the offending message so it doesn’t disrupt you again.

At this point, you’re probably wondering how something as simple as a text message can cause problems for modern software.

Playing live video streams; performing Bitcoin transactions; encrypting files; rendering complex, interactive web pages; recognising fingerprints and faces; displaying ever-changing 3D maps for real-time satellite navigation…

…now those are hard problems that need lots of processing power and RAM to perform complex computations on lots of data.

But how hard can it be do display some text?

The latest WhatApp text bomb, for instance, is even publicly available so you can download it for your own, ahem, experiments, and it looks very simple at first sight:

As we’ve highlighted in the image above, however, the message is actually well over 100 kilobytes, because it’s crammed with characters that are there to tell you how to display the text, rather than to tell you what text to display.

In this case, there are thousands of pairs of marker characters in sequence that say, “from now on, write from left-to-right, as is usual in English”, followed immediately by, “changed my mind, now go right-to-left, Hebrew style”.

And so it goes, with the file telling any app that loads it to keep swapping direction, even though there’s nothing to display between each direction switch.

The just-a-jump-to-the-left-and-then-step-to-the-right markers are jammed in as UnICOde characters between the laugh-till-you-cry emoji and the final quote mark:

You might think that text direction wouldn’t need its own special character, if you assume that the direction setting always applies to entire documents.

But many languages that write from right to left, such as Arabic and Hebrew, commonly write numbers in Indian numerals, just as we do in English when we write a phrase such as “there are 63,360 inches in a mile”.

So texts in those languages routinely need to typeset text from the right, then to jump ahead and set numerals backwards from the left towards the text just printed out, then to switch back again, skipping over the “backwards” numerals and setting text from right to left.

Likewise, text editing and word processing apps need to know how to leap the cursor back and forth along a line as the editing point in the file moves between different text directions.

There are also many other sorts of non-printable character commonly used in UnICOde text, such those used to compose multiple characters into a compound form in which they are usually displayed.

Compounding characters into different forms often sounds weird to English speakers. But consider that in English it used to be common to write the word THE with the letters TH combined into a form that looked a bit like a modern Y, but wasn’t. Today, we give the impression of antiquity by writing things like “Ye Olde Gift Shoppe”, but the word that nowadays looks like “Ye” is, in fact, an alternative way of writing “the” (and it’s pronounced “the”, by the way, not “ye”).

So rendering plain old text messages isn’t quite as plain as just reading bytes one by one and displaying them one after another – as Apple found recently when a single Telugu character, consisting of several subcomponents combined in a special way, could crash iOS.

What to do?

  • Don’t panic – reports about “destroyed” phones are exaggerations.
  • Reboot your phone if you need to.
  • Delete any prank messages.
  • Watch for an update to WhatsApp – they’re sure to be working on this if it’s not fixed already.
  • Don’t send “text bomb” messages to your friends – it’s feels like a joke, but it’s not funny.

Remember that last point especially.

Cybersecurity jokes are ten a penny – it’s easy to send fake virus popups in emails to friends; to have a laugh by sending annoying-rather-than-actively-dangerous text bomb messages; to set silly calendar items into a colleague’s diary while their computer is unlocked and their back is turned.

But please don’t do it.

Cybersecurity is enough of a battle to fight without trying to use it as a source of irritating or embarrassing jokes…

…plus a lot of these “jokes” are illegal, anyway, so don’t expect sympathy if you get caught!


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend