Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specific text auto-replicates on older iPhone models leading to local DoS #4582

Closed
3 tasks done
arrigo opened this issue Oct 7, 2020 · 3 comments
Closed
3 tasks done

Comments

@arrigo
Copy link

arrigo commented Oct 7, 2020

  • I have searched open and closed issues for duplicates
  • I am submitting a bug report for existing functionality that does not work as intended
  • This isn't a feature request or a discussion topic

Bug description

On specific iPhone models entering the string ¯\_(ツ)_/¯‬ in a Signal conversation causes it to multiply by four once sent, and then the message to replicate itself by four each time the conversation is re-opened.

Steps to reproduce

Tested on the following models, all running iOS 14:

  • iPhone 8 and 8plus
  • iPhone 7
  • iPhone 6s
    known not to affect iPhone 11 (all models), iPhone SE (2020).
  • Open Signal
  • Open a Signal conversation
  • Enter the text ¯\_(ツ)_/¯
  • Send the text
  • The displayed text in the conversation is expanded by repeating the above text four times
  • (optional) exit the conversation
  • (optional) re-enter the conversation
  • (optional) the displayed text above is multiplied by four again (i.e. sixteen entries)
  • each time the above steps are repeated the display expands until opening the conversation takes an extremely long time
  • deleting the message fixes the issue.

The second screenshot shows that it appears to be related to a particular set of Unicode, possibly linked to the parenthesis.

Actual result: multiplying text out of control.

Expected result: text is displayed once only.

Screenshots

image
image

Device info

Device: iPhone 8plus, iPhone 8, iPhone 7, iPhone 6s

iOS version: 14.0.1

Signal version: 3.17.6 and 3.18.0.9

Link to debug log

https://debuglogs.org/07a5db3286f8e3ef68b450ad25ff96595861df9bc88512d1721a2b3699c926a2.zip

@arrigo
Copy link
Author

arrigo commented Oct 7, 2020

Some additional notes which might be relevant:

  • the ¯\_(ツ)_/¯‬ is a keyboard expansion on my phone but it was tested by doing a c&p from iMessage on a separate phone and the result was the same,
  • iMessage and Wire are both unaffected on the same device,
  • if the text is pasted in a group conversation the multiplication effect is much faster, it appears to be 4x per member of the group,
  • if both the sender and the recipient are on a vulnerable iPhone this multiplies much faster as it appears to multiply on both the sender's and the recipient's iPhone,
  • the multiplication on leaving and returning to the conversation requires the recipient to have received the message, otherwise you only get the "local" multiplication (i.e. send message, get 4x in the conversation. Leave conversation and re-enter before it is delivered to the other party - no change in display. Leave conversation and re-enter after it has been delivered to the other party - multiplies again "spontaneously")
  • even if the message has reached the point (see screenshots) of going to "Read More" because of length it appears to be always possible to delete it as long as you wait for the interface to respond.

@leophys
Copy link

leophys commented Oct 7, 2020

Please, tell me this is some sort of easter egg 😂

@charlesmchen-signal
Copy link
Contributor

@arrigo This issue will be fixed in the next release, v3.19.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants