Do you know about the Effective Power bug yet? Usually we keep our eyes more on the vulnerabilities in the enterprise technology sectors but this Apple iPhone and iOS bug that roams by the name ‘Effective Power’ definitely caught our attention. Amit Chowdhry wrote an article on Forbes.com that also first introduced a workaround for the bug.
We did some research and summarized the findings for you below. In general we are very surprised that such an abstract issue was found out about but maybe this helps Apple and their development team to fix text rendering related vulnerabilities for good in future software releases.
Trigger
When someone sends a text message from an iPhone to another iPhone with the content “effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗” the receiving device suffers from the bug and crashes / freezes, when the messages was received while the screen was locked. It is not clear while this characters in particular trigger the issue but it is likely to be related to the mixed unicode characters rather than having a literal meaning to it.
Update: Also appeared on Android to iPhone texts now
Symptoms
When hit by the bug the device loops in a process that it can not resolve and becomes unresponsive for touch input. Users also reported that the device can also reboot due to that loop or possibly unresolvable processes.
Scope
The Effective Power bug appears on iOS devices such as the latest iPhone 6.
Severity
The bug or vulnerability has impact on the responsiveness of an isolated device. The device might even reboot but there are no signs of data leakage or data being manipulated anyhow. Further the issue is not technically of a viral nature but can be manually spread by users.
Fix
As of now there is no patch to fix the Effective Power bug that would prevent the devices from experiencing the aforementioned symptoms. Apple now has released a manual work-around though to assist their users in the meantime.
They advise their users of the following three steps:
- Ask Siri to “read unread messages.”
- Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again.
- If the issue continues, tap and hold the malicious message, tap More, and delete the message from the thread.
Summary
The Effective Power bug is a very curious one. It is unclear how the exactly matching string of characters, that triggers the issue, were made public. While the bug itself seems not to pose a threat to device health nor stored data, the symptoms are highly annoying to users. This is partially leveraged by people now to shut down other people’s devices on purpose.
While the device itself can be recovered by such an ‘attack’ relatively easy, the underlying question now is – would people attack other people’s devices even if it meant damage to their unit or stored data? Unfortunately I think the level of abuse would be proportional to how easy it is to run an attack. And if that was to happen – would Apple compensate the victims anyhow based on a mistake of their development or quality control?
For some people this is just a prank but is it possibly worse than that? Have you encountered an Effective Power attack yet? What do you think would happen if the symptoms were more severe than they are? I would love to hear from you in the comments below.
Photo credit: Héctor García
Source: Forbes / Apple
