Want to keep the TNW Conference vibe going?? Tickets for TNW2022 are available now >>

The heart of tech

This article was published on January 25, 2016

Sending a single link can cause anyone’s smartphone to crash

Sending a single link can cause anyone’s smartphone to crash
Owen Williams
Story by

Owen Williams

Former TNW employee

Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

There’s a link doing the rounds on social media today that can crash almost any smartphone, just by opening it in your browser.

The aptly named crashsafari.com [this will crash your browser — even Chrome] does what it says on the box — it crashes the browser by writing thousands of characters in the address bar every second, exhausting memory.

The attack is just four lines of code, and can cause an iPhone or Android phone to crash both Safari or Chrome, or reboot the entire phone itself. It even works against some desktop browsers, depending on how much RAM and CPU the machine has available.

Screen Shot 2016-01-25 at 3.25.10 PM

It leverages HTML5’s history.pushState, a JavaScript function used by many single page applications to update the address bar, even though the underlying page being viewed doesn’t change.

People are sending the link around on social media disguised by a short URL, to trick others into opening it and cause them to be unable to open their browsers until a reboot is completed.

The bug isn’t exactly malicious — it doesn’t break anything and can be easily rectified, but it is annoying. It’s in the same vein as the ‘effective power’ iPhone bug that allowed users to send a message to friends that would prevent the Messages app from launching.

crashsafari.com [via The Guardian]

Also tagged with