iPhone users have been duped to click on a link that causes their devices to reboot while it can also cause Android and PC browsers to crash.
The site, crashsafari.com, has been making rounds on social media sites. Twitter users are posting the shortened version of the links, which could fool users thinking it's a legit website.
Other users are also posting it on Facebook. Some claim that the link directs to unreleased albums or leaked photos of celebrities.
With the use of free URL shorteners on the web, unsuspecting users can't really tell whether they are being redirected to a real website or just to crashsafari.com.
Crashing and Reboots on iOS Devices
The site was made for iPhones and iPads. When visited using an iOS device, most probably through the Safari browser, the site causes the devices to reboot. Users can't stop the script from doing its thing once the page is loaded.
Crashsafari.com uses a JavaScript exploit that allows the site to fill up the browser with useless data. The flood of information causes the browsers to crash and iOS devices to reboot.
Android and PC users aren't safe as well. Visiting the site on either platform causes the browsers to crash. However, it doesn't reboot the operating system unlike on the iOS platform.
The Google Chrome browser crashed after about five minutes when it visits crashsafari.com. Once it loads the site, the user will not be able to switch tabs or to refresh the page.
Chrome's window is still movable, but there isn't anything the user can actually do to stop the hang. They can open the Task Manager on Windows PCs to end the Chrome task.
Interestingly, the site causes Chrome to use more than 3.5GB of memory even with just one tab. It also causes the computer to use up to 46 percent of the CPU load on just the browser.
After a few minutes, Chrome crashes. Users can even see the title bar flooded with a bunch of random numbers. Apparently, the script fills up the browser's address bar with an endless string of text, according to SlashGear.
The Trouble With Shortened Links
Shortened links don't offer any clue as to where they would go. Users should be vigilant if they do not want their iPhones to reboot unexpectedly.
If the description that comes with the link is too good to be true, then it would most likely be just a fake description. For instance, a Twitter user could be trying to fool people by tweeting that the link leads to a free Spotify premium subscription for a year.
Trying to view the site's HTML code via free page source code viewer sites on Google just returns a blank slate. It could be because the code viewer's own servers cannot handle the site's buggy code
CrashSafari Is Just a Joke
Crashsafari was created by a 22-year-old named Matthew Bryant, who works in application security somewhere in San Francisco. He told WIRED that he made the crashing site as a joke and not to deliberately cause harm to other people's devices.
"In my spare time I often test how browsers will handle odd code that gets thrown at them," said Bryant.
There aren't any permanent damages done to iOS devices being rebooted when they visit the site. PC and Android browsers will also be unharmed.
Of course, there could potentially be harm if a user was typing something long on a separate tab. If the user has not copied the text to the clipboard, it will be lost. For instance, a user could be filling up a long form for registration on something and it would be lost once crashsafari.com is loaded on another tab.
At its core, the crashsafari.com site is basically a small scale denial of service (DoS) attack. Hackers often use larger DDoS attacks on websites and servers using botnets and other methods.
Other users have reported that visiting the site on Internet Explorer 11 barely dented the browser. Visiting the site on the Microsoft Edge browser doesn't even crash it. It shows "What were you expecting?" and the address bar is filled with 2059 random number and letter characters after the site URL itself.
Tips On How to Not Be Fooled By Shortened Links
- Think about the description – some media sites already use clickbait titles to lure people into clicking them. The same methods could be used to fool users into clicking on such links. For instance, a user could tell that the link leads to the secret to six-pack abs.
- Only click links from trusted sources – while friends would try and prank each other using the link, reputable social media accounts would highly unlikely dupe their loyal fanbase into crashing their browsers. If the link also comes from a stranger or an unknown source, it would be better to just leave the link alone. This also applies to links sent through suspicious emails.
- Just Google it – if the link is claimed to direct to leaks of a movie, game or music album, it would be better to check Google first if it is true. Many scam sites have already tried fooling users by posting fake links claiming that a celebrity has died or a new movie is coming out.
- Turn down speaker or headphone volume – before clickbaits and these fake crashing links, people often sent each other links to screamer websites. This were sites that tried to terrify and shock users by loading a short, loud and scary movie clip. Most of them were from horror movies, but some are just scary pictures with a very loud screaming sound.
- Don't click on shortened links at all – just to be a hundred percent sure, users should just not trust shortened links. They are often used for convenience of sharing, but it has been abused by both hackers and scammers on the web
The exploit on the Safari browser and the iOS platform demonstrated by crashsafari.com would still need to be fixed through constant updates. Apple did not comment if they are already aware of the issue and if they are planning to do something as a remedy.
0 comments:
Post a Comment