The flip side of making things opaque and "just work" per Apple philosophy, is that when they don't work, trying to fix it becomes even more difficult.
This is a very unusual "exploit", however --- according to https://en.wikipedia.org/wiki/VCard it's not even a valid .vcf file but looks to be just an RTF with copious amounts of text (appears to be bytes from PNG images concatenated together, although I haven't actually tried to read them as such.)
I think there's some sort of hidden quadratic (or higher) algorithm that's causing this, along the lines of https://www.joelonsoftware.com/2001/12/11/back-to-basics/ . As a datapoint, this 7-year-old machine rendered that file as RTF (in WordPad) in less than a second. An iPhone doesn't have quite as powerful a CPU, but still shouldn't be struggling to do it.
> The flip side of making things opaque and "just work" per Apple philosophy, is that when they don't work, trying to fix it becomes even more difficult.
“The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair.”
Still, at least these problems are being revealed to the public alongside their fixes. It would be far worse if criminal hackers or intelligence agencies secretly exploited these issues
This seems overly alarmist given it's an exploit that simply sends the phone into a crash loop. It's not as if they can launch nukes by whistling into the microphone.
The motivation is pretty weak. If people found a way to make money by doing this, it would be massively exploited. But the reward for breaking a bunch of phones is... self satisfaction? ok.
I don't know that people were seriously making money on most of the script kiddie shit that was going on on the internet back before ransomware and bitcoin and such (other than AV vendors), and yet it was rampant anyway. I imagine there are still people out there who do this sort of thing "for the lulz".
I'm not so sure. Nowadays they can focus their energies on profitable activities like ransomware or adware. If you're going to break the law to cause grief anyway, why not make some money while you're at it?
You can quite easily purchase unlimited outbound SMS from just about any local carrier in any part of the world for less than $20, either one time or monthly.
It would be very easy to mass message this to an entire country in a matter of weeks.
Messages on the mac can be automated with applescript.
tell application "Messages"
send "This is an iMessage" to buddy "foo@bar.com" of (service 1 whose service type is iMessage)
send "This is an SMS" to buddy "+1234567890" of service "SMS"
end tell
Can't say factually it would work here, but this makes me pine for the days of Blackberry Desktop Manager and its very granular backup/wipe/restore abilities.
I no longer do IT support for mobile devices, so I'm not sure what the current abilities are, but when I stopped in ~2012 the only options for both iPhones and Android were basically full wipes and restores. All or nothing. With the Blackberry you could backup/wipe/restore only SMS, or only contacts, or only calendar, etc. Could also easily transfer exactly the data you wanted to a new phone.
Yup. Apple's tech support insisted that the reason my iPhone 6 (not a 6s) shut off at 30-40% was due to a software issue, not a battery issue. They suggested I not only wipe my phone, but set it up as a brand new device. It's insane that this is the only way to fix something they claim to know is a software issue.
This is their default response to everything. Once you go through that step (and they maybe grab diagnostics to determine you actually started as new), they will actually push to resolve your issue. It's easy to recover from this w/ iTunes or iCloud device backups, so a moderately painless hoop to jump through.
I can backup, wipe my device, do the test, pull the debug logs, and restore from backup in an hour or so. iTunes and iCloud make it really easy to do this. It's just not cost effective for Apple to treat every case as a special snowflake if nuking from orbit fixes the issue. It sucks, but it's not like you'll get support from anywhere else.
Annoyance but at least not a backdoor but this will still end up yahoo click bait sounding more serious than it is for a few weeks since it's Apple related.
This is a very unusual "exploit", however --- according to https://en.wikipedia.org/wiki/VCard it's not even a valid .vcf file but looks to be just an RTF with copious amounts of text (appears to be bytes from PNG images concatenated together, although I haven't actually tried to read them as such.)
I think there's some sort of hidden quadratic (or higher) algorithm that's causing this, along the lines of https://www.joelonsoftware.com/2001/12/11/back-to-basics/ . As a datapoint, this 7-year-old machine rendered that file as RTF (in WordPad) in less than a second. An iPhone doesn't have quite as powerful a CPU, but still shouldn't be struggling to do it.