Text Vulnerability Discovered in iPhone and iPad

Dwight · ‎2011-04-01

FROM TIDBITS NEWSLETTER Text Vulnerability Discovered in iPhone and iPad [April1, 2011]

by Rich Mogull <rich@tidbits.com>

A security researcher today released details of a new vulnerability with serious implications for users of nearly all Apple products, but especially the iPhone and iPad. The flaw affects users of all versions of iOS and Mac OS X; and thus all Macs and iOS devices, including the latest MacBook Air and MacBook Pro models. The flaw also appears to affect the Amazon Kindle and many other ebook readers. The Apple TV is not affected.

According to the researcher, Carl Noevil of Applied Conceptual Defense, any device capable of displaying the written word is vulnerable to social engineering attacks that could seriously affect its users. Once the device has been exploited, the attack self-propagates through all copies of the affected materials. Applied Conceptual Defense sells various filtering technologies that protect against the newly discovered vulnerability. Their security advisory states:

“This is one of the most serious vulnerabilities we’ve discovered. The flaw affects nearly all Apple products and we’ve notified Apple, yet Apple has yet to provide any patches or notifications to their customers. We decided to release our findings so users can protect themselves until a fix is available. Current users of our products are fully protected.”

When we queried Noevil for additional information via email, he wrote:

“We couldn’t believe all the potential vectors we found. We were able to completely exploit almost every device and system we attempted to attack. While we mostly focused on Apple, we also proved that the vulnerability affects any device capable of displaying text, and it was trivial to create cross-platform attacks. Considering the severity of this vulnerability, we can’t believe Apple isn’t better protecting their customers. It’s completely irresponsible.”

With maliciously structured combinations of characters, the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. In extreme cases, an attack could create a disabling cognitive dissonance. That form of the attack has been correlated to actual physical injury if the user has their text display device activated while operating a motor vehicle.

Unlike most security vulnerabilities, these attacks have been correlated to massive damage in the physical world, and they can propagate through both traditional and modern digital communication media. In a blog post the researchers state:

“We’re still analyzing the historical research, but from what we can tell this vulnerability has been around for a very long time. We’ve found cases where it resulted in everything from poor decision making and emotional distress to political upheavals. The entire American Revolutionary War was the result of a variant of this vulnerability, for instance, and our investigations indicate that it may have played a role in the lead-up to the Bolshevik Revolution as well. There are also indications that WikiLeaks is actually a bot designed to exploit this vulnerability, but we haven’t yet finished decompiling all the code.”

The researchers said they focused on Apple due to the popularity and proliferation of Apple products, and plan on releasing further research about the Amazon Kindle, Barnes & Noble Nook, and other trendy products that easily garner press attention. Aside from electronic devices, the vulnerability reportedly also affects printed books, magazines, newspapers, and even billboards.

According to Applied Conceptual Defense, users of their ViewBlock textual filtering technology are not affected, and we’ve seen online comments that wearers of the Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses are also protected.

Apple did not respond to requests for comments.

Dwight Atkinson

Stress Co_ · ‎2011-04-01

Yes,
I read about that here:
http://tinyurl.com/Ipad-iphone-fails

Marc Corney, Architect
Red Canoe Architecture, P. A.

Mac OS 10.15.7 (Catalina) //// Mac OS 14.5 (Sonoma)
Processor: 3.6 GHz 8-Core Intel Core i9 //// Apple M2 Max
Memory: 48 GB 2667 MHz DDR4 //// 32 GB
Graphics: Radeon Pro 580X 8GB //// 12C CPU, 30C GPU
ArchiCAD 25 (5010 USA Full) //// ArchiCAD 27 (4030 USA Full)

Barry Kelly · ‎2011-04-04

Be careful of what you post.
People might take it seriously - even coming from Canada's funniest Architect.

Barry.

One of the forum moderators.
Versions 6.5 to 27
i7-10700 @ 2.9Ghz, 32GB ram, GeForce RTX 2060 (6GB), Windows 10
Lenovo Thinkpad - i7-1270P 2.20 GHz, 32GB RAM, Nvidia T550, Windows 11

Dwight · ‎2011-04-04

The reason i posted this one is that it is a perfect April Fool.

The absurdity builds to a point where anyone with the intellect to operate Archicad can't miss the joke.

" …the vulnerability reportedly also affects printed books, magazines, newspapers, and even billboards. "

Come on.....

Dwight Atkinson

Anonymous · ‎2011-04-04

Dwight wrote:
The reason i posted this one is that it is a perfect April Fool.

Except here it was April 2nd already.

Anonymous · ‎2011-04-04

go Dwight

Lots of tomfoolery this year particularly in airline websites (eg NZ weight based fares)

Loved the google one - that became reality with a hacked kinetic!!!

no one dared a GS one! maybe next year.....

Dwight · ‎2011-04-04

How much is that in REAL date?

Dwight Atkinson

Text Vulnerability Discovered in iPhone and iPad

Still looking?

Browse more topics

See latest solutions

Start a new discussion!