It’s never fun when your browser crashes, but it’s especially annoying when you get tricked to go to a site like CrashSafari.com that overwhelms your system.
The Guardian is reporting that people are sending a link to Apple’s Safari browser users that crashes their Macs and iPhones. The link is www.crashsafari.com, which would seem to give its victims at least some clue what could happen if they decide to click. Nevertheless, it seems some are clicking on it to their own demise.
“Hello world. Let the pranking begin,” according to a Twitter post from Crash Safari. The prank is making headlines in tech and consumer news. Security company F-Secure said the link has been clicked more than 100,000 times as of yesterday.
Here’s how it works: The CrashSafari.com link floods the browser with an automatically generated string of text that fills in the address bar. Reportedly, it only takes about 20 seconds for the iPhone to reboot on its own.
That forced reboot can be more than a little inconvenient if you are having a conversation. Making matters worse, the prank heats up the smartphone as it tries to wade through the instructions.
Getting to the Root
We checked in with Craig Young, security researcher at advanced threat detection firm Tripwire, for his thoughts on the news. He explained to us in greater detail the inner workings of the prank.
“The CrashSafari.com site runs a script within the browser that repeatedly adds entries to the browser’s history listing,” Young said. That’s easy enough to understand. What’s more difficult is getting to the root of the issue within the Mac operating systems and guarding against potential security issues that could follow this pesky prank.
“It is unclear at this point what in the device’s design is allowing this to happen, but the possibility that this technique can be used to install a malicious program cannot be ruled out,” Young said. “Last year security researchers demonstrated how a network packet or an SMS message could trigger an iPhone or iPad to reboot but neither of these issues had security implications beyond inconveniencing the user.”
Who’s Laughing?
Matthew Bryant, 22, has taken responsibility for creating CrashSafari.com, which also crashes iPads and Android devices. The Guardian reported that the site also causes Chrome running on a Mac or a PC to become sluggish.
Once the device reboots the problem is solved, unless of course you visit the site again. Bryant could not immediately be reached for comment.
However, Bryant told Wired that, “In my spare time I often test how browsers will handle odd code that gets thrown at them.” He found the bug independently, and launched the crash site as a joke, he said. It’s now gone viral with Twitter users sending out the link to people on their friend lists. But its victims are not laughing.
