Messages With Thousands Of Hidden Characters Can Crash Apps, Phones

WhatsApp AH 6 of 11

A user on YouTube and Reddit by the name of toberkel has created a pair of messages that contain a large number of hidden characters and are capable of not only crashing a number of apps like Instagram and WhatsApp, but can even bring your phone to a screeching halt. The messages contain a direction-flipping control character that changes the direction of text from leftward to rightward or vice versa. Faced with such a vast amount of the characters back to back, the program is overwhelmed in its attempt to figure out which way text after the characters should face, and thus crashes. One message says “This is very Interesting!,” along with an emoji, and the other has a tappable black button that triggers the onslaught of special characters.

The first message is the most straightforward, and will work anywhere text can be pasted in an infinite or near infinite capacity. The second one works best with mobile apps such as Instagram. In Android Headlines’ own tests, both messages crashed a Lenovo Moto Z2 Force on T-Mobile running the latest official Android Oreo version, and a Samsung Galaxy S8 on the same network, also running the latest Oreo update. These tests were done on WhatsApp. For reference, the devices both run a Qualcomm Snapdragon 835 processor, the second most powerful currently available. Outside of the Android sphere, a 2016 HP Pavilion laptop with 8GB of RAM and a 6th-generation Intel Core i3 processor, along with a Lenovo ThinkPad X220 with 8GB of RAM and a second-generation Intel Core i5 processor were tested on Lubuntu Linux and Windows 10. The notepad app that the text was pasted into became unresponsive and ate up a good amount of CPU power and RAM, but the computer kept on running, likely owing to their large stores of RAM and powerful CPUs. Phones are more apt to crash in this test due to the relatively smaller number of instructions ARM CPUs can handle compared to x86 CPUs.

These messages are a simple case of overwhelming and overloading a computing device or program by presenting a vast stream of variables, akin to buffer overflow exploits, or even Android root exploits of old such as the zergrush attack. This sort of vulnerability is well-known in the computing world, and will likely continue to be effective well into the age of quantum computers, though it will become much harder to pull off as processors become more powerful.