Articles Blog

How “Crash Safari” Reboots Your Phone

How “Crash Safari” Reboots Your Phone


Crashing a web page is actually really easy. You create a bit of code that says “go into
an infinite loop”, and the page goes into an infinite loop. The only reason people don’t do it more often
is there’s not much point to it. There have been pages that’ll crash your browser
— deliberately or accidentally — for years and years and years, but the web these days is all about sharable,
viral content, and if you can’t see it, if it crashes your
browser, you can’t share it. As well as that, browsers have been getting
smarter lately. If you run Chrome, each browser tab is a separate
process on your machine, so if someone puts an infinite loop in one
page, all it’s going to do is grind that tab to
a halt while everything else continues. Firefox doesn’t
have that, but it will detect when something’s wrong,
and after a few seconds it’ll ask if you want to stop the script that’s
causing the problem. Now, it is possible to get around these and
crash things if you really want to be malicious, sure, but all you’re going to do is annoy a few
people before your site fades into obscurity. So well done to Mandatory, who came up with
crashsafari.com in April 2015. And after months of not much traffic, someone posted it to a site called Hacker
News a week ago, and as I record this, a few days later, it had percolated around the internet enough
to finally go viral and be picked up by click-hungry tech news
reporters — because as soon as one of them posted an article
about it, the rest realised they might get some clicks
from a story like that too and hurriedly bashed out a headline and a
few hundred words. None of them actually tracked it back to the
source, and one even called the page “new”. Journalism! So why did this particular site become successful? ‘Cos you don’t need to click on it to know
what it does. That’s why. Crash Safari, dot com. I mean, they also have Crash Chrome dot com,
and Crash Firefox dot com, which do exactly the same thing. That’s a really tempting link, isn’t it? You can type it easily into a tweet, you can send it on to other people. But there’s another reason as well: on an
iPhone, it doesn’t just crash your browser: it actually restarts your phone. Now that shouldn’t happen. Safari, the browser
on iPhone, has a few defenses against web pages who do
that, it’ll notice if memory usage gets too high
or it’s in an infinite loop, and it’ll just reload or close the tab. So you can’t just create a web page that loops
forever and hope it’s going to crash phones: you’ve got to actually break out of that little
sandbox that it puts you in and cause a problem in the browser itself, somewhere where the engineers didn’t see the
problem coming. Which is why Crash Safari dot com isn’t quite
your standard infinite loop. Let’s have a look at the code: The first line just creates a string called
“total”. Just somewhere to store text. Then it starts a loop: this line here, this
means, do everything between these brackets 100,000
times, and store whichever count you’re on in this
variable: i. Then we go into the loop. Add the current number of the loop — so,
we start with 0, then 1, all the way up to 100,000 — as text, to the end of that string called “total”. So that string just gets bigger and bigger
and bigger on each loop. And then, each time we go round, push that string into the browser’s history. And that push is where the problem is. ‘Cos manipulating the browser’s history is
a fairly new addition to what web pages can do, and like a lot of those recent additions, the security aspects haven’t really been thought
through properly. In the old days, if you had a single page
web app, something like Gmail, then the back button would break it. The user would click an email, their email would pop up on the same web page,
just get loaded in, and then the user would, logically, click the back button to go back. Except the web page address hadn’t changed:
it was still the same page. So Gmail would promptly unload, and you’d go back to whichever web site you
were browsing earlier. That “pushState” command — that gets around
that. It’s the web page saying, “hey, “my user’s just switched to something else
within me. “When they click ‘back’, “don’t actually go back to the page just before, “just tell me about it, I’ll deal with it.
It’s fine.” But unlike regular web addresses, those push-states can be as long as you want. And you can add as many as you want as quickly
as you can. The browser keeps track of it all. It keeps track of every time the web page
sends one of those commands, to add it to the back button history. And
remember that loop? This page is going to send 100,000 entries
to the browser’s history, and each one is going to be longer and longer
and longer: by the end, each individual entry will be about half a
megabyte long. Now I haven’t done the exact maths, but at
a rough guess, that is somewhere around 25GB of history data. And the iPhone only has 1GB of RAM to store
that data in. It gives up almost instantly, realises that something is desperately wrong, and just reboots to sort it out. So should there be a check for this? Of course
there should. Will there be in the next version of iOS?
Maybe. And in the worst case, if conditions are perfect, an exploit like this can convince a computer,
or a phone, to run any code and do anything. But that is unlikely. And ultimately crashing
someone’s phone, while it’s annoying, isn’t usually the sort of prank that gets
traffic to your site — but it might get you some clicks on your news
article. Or your YouTube video about it. Sorry. [Translating these subtitles? Add your name here!]

100 thoughts on “How “Crash Safari” Reboots Your Phone”

  1. If something happens in one tab in Chrome it will crash all the other tabs. It will even crash separate windows. Sometimes when Chrome crashes, even if I close down everything, when I open up chrome again it will crash immediately on the new tab.

  2. You really should just go work at Google or Apple, seeing how you know about all of these exploits and how they work.

  3. If you click the back button over ad over again when on one of these sites it fixes the problem because the script has no time to run, while programming a game I came across a similar problem and fixing it was a bit harder then I thought it would be.

  4. Visited Crash Chrome on Android (Samsung S7 Edge). Had to quickly close Chrome because it was bogging everything down!

  5. There is something very satisfying about 1 short string of code completely overloading and shutting down a piece of tech like that.
    I can't beat a computer at chess, but i can simply whisper something in it's ear so mind blowing that it literally passes out.

  6. On my samsung s6 internet i went on crash safari and i couldnt use the browser as it permensntly froze it and i had to delete all updates to get it working again 😑

  7. I think I explained this forever ago, but the phone doesn't actually restart. It actually causes SpringBoard, the iOS "equivalent" to Android's System UI to crash, and that's why on a phone with MobileSubstrate installed, the phone goes into safe mode. When Substrate detects a crash, all plugins that support Substrate Safe Mode stop working, in order to prevent a crash loop.

  8. Am I the only one who is legitimately freaked out by glitches like this??? Please let me know, because I don't like thinking I'm alone on this…

  9. I did something similar in school but with a mail server, unknowing what would happen. I basically created a rule where any email address that sent a message with the word "school" in it (all of my school email addresses had this word in) would then send it to all the email addresses with the word "school" in it. Basically creating this infinite loop. 💀 I was found out by the IT techs and they told me I had caused over 1million emails to be sent within a few seconds, which obviously then crashed the whole server! Oops..
    I didn't do that again…

  10. This resembles a buffer overflow exploit. It may even be capable of remote code execution by a small chance.

  11. After you said the infinite loop thing I instantly went to localhost (where I am creating a site for a Youtuber) went to inspect element added the crash function made a button and clicked it! Yay!

  12. This would be useful for iphone users who accidently got their iphone itunes logo stuck for the fking rest of their life…now we need to make it open that link and maybe itll reboot back again…

  13. Just tested it on edge for fun, and it dealt with it very well, only the infinite loop froze it (the rest didint work) and even then, the browser didint crash, it asked me if i wanted to recover the page since it wasn't responding

  14. The page now says: what were you expecting. My phone didn't crash, but my browser history now says like a billion links. PHONE REKT THEM

  15. Crashmybrowser (.com) doesn't even do much at all. That is, to Chrome. Worst case scenario is the tab crashes. Two of them don't even do anything. The infinite loop hangs the tab, the heap death crashes the tab, the frog blast doesn't do anything, the fork bomb doesn't do anything either, and the element overflow crashes the tab again. Edit: Just tested the heap death for Firefox. Firefox froze, lagged my laptop, and then I closed Firefox. Edit 2: It lagged my laptop a bit more after closing.

  16. So if we click a link and messes up the phone do i have to connect my phone to my computer look for the code with the problem and delete the push state or how would i approach the problem? This is very interesting

  17. 1:27 Fun fact, nobody's "hurriedly bashing out a few hundred words". That kind of writing is almost entirely automated. Those tech companies are spending at most ten minutes getting that article out there.

  18. Interesting to note the crash chrime version did sloe my phone down incredibly but did not crash it… 6gb of ram is the future I guess… I unfortunately just looked at my history and saw several thousand new entries though damn…

  19. I accidentally made a c++ program that calcuöated factorials and then dispöayed the list with cout but the list got so large it evwntually crashed any computer if you entered a high enough factoriaö

  20. samsung wont allow below 2000 and above 2036 so interesting on that one but apple can st dates below 2000 wait a minute

  21. like the old dutch site klikhierniet.net(doesn't exists anymore). that would keep giving you annoying pop-ups in the browser, due to wich you where unable to x out and either had to spam/keep holding down enter, or go to taskmaanager and close it there. it was funny, but silly

  22. I've developed for both iOS and Android, and in iOS it seems there aren't any system performance protections in place. I've accidentally produced a while(true) loop in an iOS app and it crashed the whole OS. This can't happen in Android. There, you'd only get a warning saying that the app doesn't respond. I always heard that iOS is so stable and smooth, but it seems that just isn't true.

  23. Well on mozzilla Firefox QUANTUM it says if an tab has crashed "Gah. Your tab just crashed" with an option to recover & report and it does NOT affect the other tabs, but it does let see the "unresponsive script" screen still

  24. No joke:
    I was watching this video, and I opened the settings to disable mobile hotspot. My phone froze for a few seconds, turned black, and restarted. I'm running Android 8
    Ironic, isn't it?

  25. What if you have an expensive gaming PC with like 64 GB of RAM or something OP like that (which some people do have)? You mention not having done the calculations, but estimate roughy 25 GB of history data and that iPhone only have 1GB of RAM. Surely 64 GBs of RAM can handle any margin of error you might have had. What would display on Crash Safari dot com if you managed to store all of that data that it is pushing to your history on your device? I am assuming that the web browser would crash but your device would remain on and functioning normally, or something equally unremarkable from a site called Crash Safari dot com.

  26. 0:58 obscurity or obsolence or oblivion? 🙂 i think obsolence, like obsolete but i might be wrong.
    obsolete
    into disuse, grow old, decay”); see obsolesce. obsolete (comparative more obsolete, superlative most obsolete) (of words, equipment, etc.) No longer in use;

  27. I tried it on lynx and it just kind of sits there with the sentence "What were you expecting?" and not doing anything.

  28. Does Gmail actually do that? Maybe that's why i'm so used to it and i keep messing up with the browser integrated versions of discord and other messenger apps.

  29. If you are still looking for this to work on modern ios devices, well it doesnt, maybe apple software engenniers found a way around it, sure it still floods your browsing history, but it doesnt make your iPhone reboot, (tested on a iphone X and a iphone 8+)

  30. Its 2019 and crashfirefox, crashchrome and crashsafari all crash my iPad Air on iOS 12 🙂
    Edit: Not the whole iPad but the safari app

Leave a Reply

Your email address will not be published. Required fields are marked *