Last April, while security researcher Patrick Wardle was attending the RSA security conference in San Francisco, a Taiwanese friend who lived in the city asked to meet for coffee, and for his help with what she described as a serious problem: China, she said, was hacking her iPhone.
Wardle, a former NSA staffer and a prominent Apple-focused hacker who founded Digita Security, had heard that request from paranoid friends and acquaintances plenty of times before, making him naturally skeptical. But when he met his friend in person, she showed him something bizarre: Every time the Taiwanese flag emoji appeared on her iPhone for any reason, the app that had displayed it instantly crashed. That meant, essentially, that anyone could crash Wardle's Taiwanese friend's phone at will, simply by sending her any text message that triggered a notification and included the Taiwanese flag. "I could send her a message and this emoji of death would crash her phone," Wardle says.
In the months since, Wardle has worked on and off to deconstruct that emoji mystery. What he found—and helped Apple fix—wasn't the targeted hacking of his friend's iPhone. Instead, it was an unintentional bug in a very intentional censorship feature, one that Apple includes in every iPhone in the world in an apparent attempt to placate the Chinese government. "Basically, Apple added some code to iOS with the goal that phones in China wouldn't display a Taiwanese flag," Wardle says, "and there was a bug in that code."
'I could send her a message and this emoji of death would crash her phone.'
Patrick Wardle, Digita Security
Since at least early 2017, iOS has included that Chinese censorship function: Switch your iPhone's location setting to China, and the Taiwanese flag emoji essentially disappears from your phone, evaporating from its library of emojis and appearing as a "missing" emoji in any text that appears on the screen. That code likely represents a favor from Apple to the Chinese government, which for the last 70 years has maintained that Taiwan is a part of China and has no legitimate independent government. Disappearing Taiwan's flag in China is just one of several concessions Apple has made to the country's dictatorship, such as moving Chinese Apple users' data to servers located in China and removing censorship-skirting VPNs from the App Store there.
But Wardle found that in some edge cases, a bug in the Taiwan-censorship code meant that instead of treating the Taiwan emoji as missing from the phone's library, it instead considered it an invalid input. That caused phones to crash altogether, resulting in what hackers call a denial-of-service attack that would let anyone crash a vulnerable device on command.
Wardle's still not sure how many devices are affected or what caused that bug to be triggered only in some iOS devices and not others, but he believes it has something to do with the phone's location and language settings. "Somehow the phone got confused about what region or locale it should be in," Wardle says.
Wardle warned Apple about the flaw in mid-June, and the company released a patch yesterday, stating only that "a denial-of-service issue was addressed in improved memory handling." The Taiwanese flag censorship feature, of course, remains in place, and Apple didn't respond to WIRED's request for more information about the nature of that censorship or Wardle's bug. "If Apple had never tried to appease the Chinese government, the bug would never have been introduced in the first place," Wardle says.
The Taiwanese-flag-crash attack was never much of a serious security threat, and it's not clear if it affected a significant number of iOS devices. But Wardle points out that it's still an unpleasant reminder of the hidden censorship code in every iOS product and Apple's conflicted interests as it tries to negotiate the demands of repressive governments. Wardle contrasts that censorship concession to Apple's clash with the FBI over encryption in 2016, when it took a strong stance on civil liberties in opposition to government demands.
"They say 'We’re not going to spy on our users.' But if China asks, they'll build censorship into their devices and not really talk about it," Wardle says. "Hypocrisy is the term I would use."