An iMessage text bomb could brick your iPhone. Here’s how to prevent it.

Close Up Detail Of A Man Holding A Smartphone Over A Kitchen Counter
Neil Godwin / Future Publishing/Shutterstock
Impact
Updated: 
Originally Published: 

A single text message could cause an untimely death for your iPhone. Researchers at Google recently discovered a string of characters that, if opened in iMessage, will brick the device and force the victim to perform a factory reset just to get their phone working again. Before you fly into a panic — or go seeking out the phone-wrecking message so you can pull the world's worst prank on your friends — know that Apple has patched the bug in iOS 12.3.

The way this iMessage bug works is a little wonky, but the gist of it is this: an attacker could send a "malformed" message that targets the framework that iMessage uses to communicate with other services. This manifests differently depending on where you receive the message. If opened in iMessage on your Mac, it can cause your computer to crash and reboot — an annoyance, to be sure, but nothing that can't be dealt with. It's when you open the message on your iPhone when things become a problem.

iMessage for iOS processes the string of characters differently than desktop, as the code is processed by SpringBoard, the application that manages your home screen. As it turns out, the message doesn't play nice with this application and causes SpringBoard to crash and respawn over and over again. This eventually causes the user interface of your iPhone to stop responding, meaning you won't be able to tap or touch anything on the screen. Making matters worse, the issue persists even after a hard reset, meaning your iPhone will still be unusable as soon as it reboots.

With your phone in complete disarray, unable to shake the cycle that the malicious message forces it into, there's only one solution remaining according to Natalie Silvanovich, the researcher who first discovered the bug: completely wipe the phone. "The only way I could find to fix the phone is to reboot into recovery mode and do a restore," she wrote. "This causes the data on the device to be lost though."

This small and surprisingly destructive string of text is one of the worst forms of "text bombs" for iMessage to be discovered, but it certainly isn't the first. Last year, researchers discovered a link that if opened in iMessage, would cause iPhones to freeze up or crash the device. Versions of this type of attack go back several years, including a prominent case in 2015 where a few simple Arabic characters sent iPhones into a reboot.

Luckily, there is a very simple defense against this most recent iMessage text bomb: keep your iPhone up to date. The bug was first discovered by Google back in April and kept under wrap for 90 days, as is standard practice for these types of discoveries. In that time, Apple managed to patch the issue and release an update that blocks the destructive text. That fix is available in iOS 12.3, which was first available to install on May 13. According to Statcounter, as many as one in three iPhones are still running an older and vulnerable version of iOS.

You can check to see if your iPhone is up to date by opening the Settings app. If an update is available, you should see a prompt with a red notification icon just under your profile. You can also check by scrolling to the General menu and selecting About. If you are running a version of iOS earlier than 12.3, navigate to the Software Update section. Your iPhone will automatically look for any updates. Immediately download and install them if they are available. You can also set up your device to automatically download newer versions of iOS when they become available from this menu. Tap on Automatic Updates and make sure to toggle the setting on. Staying up to date is the best defense against these types of attacks.