Apple Tries to Appease China… Ends up Crashing iPhones and Censoring Content
Apple reportedly altered some code to help China not get too angry over its "Taiwanese claim." Since 2017, iOS tried to censor Taiwanese flag emoji when an iPhone was being used in China, making people in the country believe that Taiwan didn't exist at all. [China doesn't recognize Taiwan's independence]
Texts that used the emoji would display a box with a cross over it - a case of missing emoji. However, a side effect of this localized censorship was iPhone crashes and DOS attacks. On the side of the recipient, whenever an app would show the flag emoji, it would end up crashing. If someone with their location set to China would try typing "Taiwan," their iPhone would end up crashing, as well.
Researcher discovers bug introduced by Apple itself to iOS and the "emoji-censorship" that crashed iPhones
Patrick Wardle, one of the popular names in the cybersecurity industry, discovered this issue when a friend contacted him believing that China was trying to hack her phone.
"She claimed that any time she typed the word Taiwan or worse, received a message with a Taiwanese flag (🇹🇼) it would crash the application on her (fully patched) iOS device," Wardle writes.
"Basically, Apple added some code to iOS with the goal that phones in China wouldn't display a Taiwanese flag and there was a bug in that code."
The problem didn't appear for all devices as it affected some edge cases where the iPhone likely "got confused about what region or locale it should be in," Wardle writes.
After two years of not being able to type Taiwan "or being remotely DOS'd anytime her phone received a Taiwanese flag emoji," the fix that she needed was simply to toggle the region from the US to China and then back to the US.
Wardle did report this bug to Apple, which turned out to be the company's attempt at censoring content to placate China. Tracked as CVE-2018-4290, Apple only mentions the following about this bug fix in iOS 11.4.1.
Impact: Processing an emoji under certain configurations may lead to a denial of service
Description: A denial of service issue was addressed with improved memory handling.
So, there you have it. While usually a champion of user security and privacy, the tech giant does appear to be engaging in censorship. However, a flaw in the code hit back since this bug could have been used by anyone to crash a device by simply sending a text message with the Taiwanese flag.
Apple has previously attracted the ire of the United Nations over banning unapproved VPN apps from the Chinese App Store and moving Chinese users' data to servers within the country. The company is yet to apologize or even respond to this current incident.
- For technical details, head over to Wardle's blog post.