This article was published on January 25, 2016

Sending a single link can cause anyone’s smartphone to crash


Sending a single link can cause anyone’s smartphone to crash

There’s a link doing the rounds on social media today that can crash almost any smartphone, just by opening it in your browser.

The aptly named crashsafari.com [this will crash your browser — even Chrome] does what it says on the box — it crashes the browser by writing thousands of characters in the address bar every second, exhausting memory.

The attack is just four lines of code, and can cause an iPhone or Android phone to crash both Safari or Chrome, or reboot the entire phone itself. It even works against some desktop browsers, depending on how much RAM and CPU the machine has available.

Screen Shot 2016-01-25 at 3.25.10 PM

It leverages HTML5’s history.pushState, a JavaScript function used by many single page applications to update the address bar, even though the underlying page being viewed doesn’t change.

People are sending the link around on social media disguised by a short URL, to trick others into opening it and cause them to be unable to open their browsers until a reboot is completed.

The bug isn’t exactly malicious — it doesn’t break anything and can be easily rectified, but it is annoying. It’s in the same vein as the ‘effective power’ iPhone bug that allowed users to send a message to friends that would prevent the Messages app from launching.

crashsafari.com [via The Guardian]

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with