Incident: "ChaiOS" Message Bomb Freezes iPhones and Macs, Requires Restart

Published Date: 2018-01-18

Postmortem Analysis
Timeline 1. The software failure incident, known as "ChaiOS," happened in January 2018 as reported in Article [67298].
System 1. iOS operating system versions from iOS 10 to the fifth beta version of iOS 11.2.5 [67298] 2. Safari browser on Mac devices [67298]
Responsible Organization 1. The software failure incident, known as "ChaiOS," was caused by a bug in the iOS operating system that allowed a malicious message containing a specific link to freeze and temporarily paralyze iPhones and Mac computers [67298].
Impacted Organization 1. iPhone users 2. Mac users 3. Users of iOS operating system 4. Safari browser users on Mac 5. iMessage users 6. GitHub users 7. Apple as a company [Cited from Article 67298]
Software Causes 1. The software cause of the failure incident was a bug (fallo informático) named "ChaiOS" that was capable of causing damage to iPhones and Mac computers [67298].
Non-software Causes 1. The "ChaiOS" bug was triggered by a specific message containing a malicious link, which could freeze the recipient's device and force a restart, even without clicking on the link [67298].
Impacts 1. The software failure incident, known as "ChaiOS," caused iPhones and Mac computers to be temporarily paralyzed, forcing users to restart their devices even without clicking on the malicious link contained in the message [67298]. 2. The bug could infect almost all models of iPhones and computers using iOS, from iOS 10 to the fifth beta version of iOS 11.2.5 [67298]. 3. When the malicious link was received on a Mac, it could cause Safari, Apple's browser, to crash and experience slowdowns [67298]. 4. The bug resulted in confusion on the device, causing iMessages to close, although it was considered more of a nuisance rather than a serious security threat [67298].
Preventions 1. Regular security audits and testing of the messaging application to identify and fix vulnerabilities before they can be exploited [67298]. 2. Implementing input validation mechanisms to ensure that unexpected inputs, such as the malicious link in the ChaiOS message, are properly handled and do not cause system crashes [67298]. 3. Enforcing stricter controls on the types of links or content that can be shared through the messaging platform to prevent the spread of potentially harmful messages [67298]. 4. Promptly addressing and patching reported software bugs and vulnerabilities to prevent them from being exploited by malicious actors [67298].
Fixes 1. Deleting the conversation containing the malicious link. 2. Using the latest version of iOS. 3. Restoring the device to factory settings if necessary. 4. Installing any security patches released by Apple to address the issue. 5. Blocking GitHub if the issue persists (may not be effective if the code is hosted elsewhere) [67298].
References 1. Developer of software Abraham Masri's Twitter account [67298] 2. Tests conducted by various users [67298] 3. Security expert Graham Cluley's blog [67298] 4. Apple [67298] 5. Medium specialized media outlet Buzzfeed [67298]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) one_organization: The article mentions that this is not the first time such software failures have occurred affecting Apple's customers. In November, Apple had to apologize for an error that allowed access to any Mac computer without needing a password. This indicates a recurring issue with software failures within Apple's products and services [67298]. (b) multiple_organization: The article does not provide information about similar incidents happening at other organizations or with their products and services. Therefore, it is unknown if this specific software failure incident has occurred elsewhere.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase: The incident with the "ChaiOS" bug, as reported in Article 67298, was a software failure related to the design phase. The bug was introduced by a developer named Abraham Masri and circulated through a message containing a malicious link. This bug was capable of causing temporary paralysis in iPhones and Mac computers, even without the recipient clicking on the malicious link. Masri identified and disclosed this bug on Twitter, naming it "ChaiOS" [67298]. (b) The software failure incident related to the operation phase: The incident with the "ChaiOS" bug, as reported in Article 67298, was also a software failure related to the operation phase. Users experienced the effects of this bug when receiving the message through the iMessage app, which led to freezing the device and potentially forcing a restart. Additionally, if the message arrived on a Mac, it could cause Safari, Apple's browser, to crash and slow down. This indicates that the operation of the system, specifically the messaging application and browser, was impacted by the bug [67298].
Boundary (Internal/External) within_system (a) within_system: The software failure incident related to the "ChaiOS" bug that affected iPhones and Mac computers was caused by a bug within the system itself. The bug, when received through iMessage, could freeze the recipient's device and force a restart, even without clicking on the malicious link contained in the message. The bug was capable of affecting various models of devices running iOS, including causing Safari to crash on Mac computers [67298]. (b) outside_system: There is no information in the provided article indicating that the software failure incident was caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident related to the "ChaiOS" bug was caused by a non-human action, specifically a bug in the software. The bug was capable of causing damage to iPhones and Mac computers even if the recipient did not open the malicious message containing the bug [67298]. (b) The software failure incident occurring due to human actions: The software failure incident related to the "ChaiOS" bug was not directly caused by human actions. However, the bug was discovered and publicized by a software developer named Abraham Masri, who revealed the bug on Twitter. Masri highlighted the issue to raise awareness, but the bug itself was a non-human action that could freeze devices and force users to restart them [67298].
Dimension (Hardware/Software) hardware, software (a) The article reports a software failure incident related to hardware. The incident involves a bug named "ChaiOS" that can cause damage to iPhones and Mac computers, even if the recipient does not open the malicious message. The bug is capable of freezing the device and forcing a restart, affecting various models of devices using the iOS operating system [67298]. (b) The software failure incident is directly related to software. The bug named "ChaiOS" is a software flaw that can paralyze iPhones and Mac computers temporarily, even without the recipient clicking on the malicious link contained in the message. The bug affects devices using the iOS operating system and can cause Safari, Apple's browser, to crash on Mac computers [67298].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident related to the "ChaiOS" bug can be categorized as malicious. The incident involved a bug that was intentionally created to send a malicious message containing a link that could freeze and temporarily paralyze iPhones and Mac computers, even without the recipient clicking on the malicious link. The bug was circulated through iMessage and had the potential to affect a wide range of devices using iOS, causing disruptions and forcing users to restart their devices [67298].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident related to the "ChaiOS" bug can be categorized under poor_decisions. The incident was caused by a bug discovered by the software developer Abraham Masri, who intentionally revealed it on Twitter. Masri warned that the text message containing the malicious link could freeze the recipient's device and force a restart, even if the recipient did not click on the link. Despite knowing about the bug, Masri chose to disclose it publicly, leading to its circulation and potential harm to users [67298].
Capability (Incompetence/Accidental) accidental (a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. Therefore, it is unknown. (b) The software failure incident related to accidental factors is evident in the article. The incident involving the "ChaiOS" bug that could freeze iPhones and Mac computers was accidental, as it was caused by a bug discovered by the software developer Abraham Masri and not intentionally created for malicious purposes [67298].
Duration temporary The software failure incident related to the "ChaiOS" bug mentioned in Article 67298 can be classified as a temporary failure. The bug caused temporary paralysis and forced users to restart their devices, but it did not result in permanent damage or complete failure of the devices. Users were able to resolve the issue by restarting their devices or restoring them to factory settings if necessary [67298].
Behaviour unknown (a) crash: The software failure incident described in the article is related to a crash. The "ChaiOS" bug is capable of causing iPhones and Mac computers to freeze temporarily, forcing users to restart their devices even without clicking on the malicious link contained in the message. The bug can also cause Safari, Apple's browser, to crash on Mac devices [67298].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human, theoretical_consequence (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident involving the "ChaiOS" bug was capable of causing damage to iPhones and Mac computers, even if the recipient did not open the malicious message containing the bug [67298]. - The bug could temporarily paralyze the devices and force users to restart them, potentially leading to data loss or disruption of normal device functionality [67298]. - The bug could also affect Safari, the Apple browser, causing it to crash and slow down when received on a Mac [67298]. - While the incident was described as more of a nuisance than a serious security threat, it could still result in inconvenience and potential data loss for affected users [67298].
Domain information (a) The software failure incident mentioned in the article is related to the information industry as it involves the use of iPhones, Mac computers, and the iMessage application for communication and data exchange [67298].

Sources

Back to List