Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.
JesterCapWhat?! Something about this article seems odd? Maybe you should read it again carefully, or double-check the date it was published...

Text Vulnerability Discovered in iPhone and iPad

A security researcher today released details of a new vulnerability with serious implications for users of nearly all Apple products, but especially the iPhone and iPad. The flaw affects users of all versions of iOS and Mac OS X; and thus all Macs and iOS devices, including the latest MacBook Air and MacBook Pro models. The flaw also appears to affect the Amazon Kindle and many other ebook readers. The Apple TV is not affected.

According to the researcher, Carl Noevil of Applied Conceptual Defense, any device capable of displaying the written word is vulnerable to social engineering attacks that could seriously affect its users. Once the device has been exploited, the attack self-propagates through all copies of the affected materials. Applied Conceptual Defense sells various filtering technologies that protect against the newly discovered vulnerability. Their security advisory states:

“This is one of the most serious vulnerabilities we’ve discovered. The flaw affects nearly all Apple products and we’ve notified Apple, yet Apple has yet to provide any patches or notifications to their customers. We decided to release our findings so users can protect themselves until a fix is available. Current users of our products are fully protected.”

When we queried Noevil for additional information via email, he wrote:

“We couldn’t believe all the potential vectors we found. We were able to completely exploit almost every device and system we attempted to attack. While we mostly focused on Apple, we also proved that the vulnerability affects any device capable of displaying text, and it was trivial to create cross-platform attacks. Considering the severity of this vulnerability, we can’t believe Apple isn’t better protecting their customers. It’s completely irresponsible.”

With maliciously structured combinations of characters, the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. In extreme cases, an attack could create a disabling cognitive dissonance. That form of the attack has been correlated to actual physical injury if the user has their text display device activated while operating a motor vehicle.

Unlike most security vulnerabilities, these attacks have been correlated to massive damage in the physical world, and they can propagate through both traditional and modern digital communication media. In a blog post the researchers state:

“We’re still analyzing the historical research, but from what we can tell this vulnerability has been around for a very long time. We’ve found cases where it resulted in everything from poor decision making and emotional distress to political upheavals. The entire American Revolutionary War was the result of a variant of this vulnerability, for instance, and our investigations indicate that it may have played a role in the lead-up to the Bolshevik Revolution as well. There are also indications that WikiLeaks is actually a bot designed to exploit this vulnerability, but we haven’t yet finished decompiling all the code.”

The researchers said they focused on Apple due to the popularity and proliferation of Apple products, and plan on releasing further research about the Amazon Kindle, Barnes & Noble Nook, and other trendy products that easily garner press attention. Aside from electronic devices, the vulnerability reportedly also affects printed books, magazines, newspapers, and even billboards.

According to Applied Conceptual Defense, users of their ViewBlock textual filtering technology are not affected, and we’ve seen online comments that wearers of the Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses are also protected.

Apple did not respond to requests for comments.


Try productivity tools from Smile that will make your job easier!
PDFpen: PDF toolkit for busy pros on Mac, iPhone, and iPad.
TextExpander: Your shortcut to accurate writing on Mac, Windows,
and iOS. Free trials and friendly support. <>

Comments about Text Vulnerability Discovered in iPhone and iPad
(Comments are closed.)

April Fools!
0104fool  2011-04-01 04:21
A good effort, shows lots of thought and nicely plays to the Mac users vulnerabilities
Excellent! Had me until "the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. "
eccparis  2011-04-01 07:09
me, too! On the floor here, excellent piece for April Fools or "poisson d'avril" (April... fish!) as we say in France!
werkingman  2011-04-01 06:31
I've been watching too much Dr Who...almost got me.
Perfect April Fools. Good laugh, made my day.
Paulus  2011-04-01 10:01
Bring up the next April 1-scare!
Carl No-Evil did it for me
Adam Engst  An apple icon for a TidBITS Staffer 2011-04-01 16:06
Couldn't resist the C. No Evil construction. :-)
marikavs  2011-04-01 10:58
Bob Stewart  2011-04-01 11:46
Excellent! I got to about the middle of the piece before I realized what day this was. I actually bought the "Lioness" piece and the "Word 5.1" piece. D'oh!
Jeff Carlson  An apple icon for a TidBITS Staffer 2011-04-01 15:37
Did you see that the Lioness app is real? Many Tricks actually wrote it after I sent them the article to see if they'd mind being named in the piece. Download it and see!
Rey Carr  2011-04-01 12:21
Apple did respond to my email about this vulnerability. They were mostly concerned that an Apple product might have changed the outcome of the Revolutionary War. Their engineers did come up with a fix, however: turn off the power at the source coming in to your house. Then use a candle, quill, and birch bark to continue your work.
Norman D. Lawson  2011-04-01 12:26
As I began to read this article it didn't take me long to wonder about its verity. The title 'Applied Conceptual Defense' seemed fishy and then it struck me today is April 1. Really nice job, guys!
John Wiederholt  2011-04-01 13:56
This had April Fool written all over it from line one. Still, it gave me a smile
senortim  2011-04-01 14:26
I was on to you in a couple of grafs! But I was primed last night (yes, before 4/1 -- oops!) by a local political spoof that was even more complicated and diabolical than yours. Glad so many have gotten into the spirit this year!
Davis Newman  2011-04-01 15:04
I have just deleted All my news feeds for today. I'll just start over tomorrow. Any thing that's true will resurface. ;-)
Jeff Carlson  An apple icon for a TidBITS Staffer 2011-04-01 15:36
If you delete the feeds now, they shall become more powerful than you can possibly imagine tomorrow.
robmorrison  2011-04-01 18:32
When will people stop thinking that April Fools stories are a good idea? They ceased to be funny when I turned 10. Oh well, maybe I am just a cranky old curmudgeon.
Derek Currie  2011-04-01 19:22
April Fools?! Frack! Just when I perfected the disinformation feedback loop on my tin foil protective beanie and was going to let everyone know how to DIY it. Now I'm not going to tell you, so you'll never know, you humor hobbled bastards!