Crafted MMS Payloads - Can anyone explain how they work?

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115
I'm a computing science student, so I'm rather interested in the intimates of this. No, I don't need it so intimate that I could replicate it, just some sort of explanation like, say, how Heartbleed was shown in the press.

I base it on a recurring issue with both Android and IOS phones, (and seemingly MacOS too) where a certain character can crash or severely break functionality on either the OS or the messaging app. It seems strange to me, as I'd imagine something like Cyrillic (the specific example here was a character from an Indian language breaking Apple stuff) is handled properly, and outside of that it seems weird that any other compound character would break this sort of thing. Isn't it just stored as a set string? I thought the OS usually had functionality for dealing with that....

Are there any papers on the intimates of how this happens, or just announcements that it is? Or does anyone here know specifics?
 

canadianvice

Distinguished
Jul 25, 2012
235
1
19,115
Well, I saw some videos on YouTube (Tom Scott) and the basic idea with many of them is character-transformational languages that exploit the fact most of these are coded by non-natives. One example that was given is arabic and the iPhone truncation methods for showing a text toast.

Basically, if you position the arabic character string so the cutoff hits in the middle, the iPhone tries to remove the excess characters to the limit - the problem is that arabic can acquire extra characters as a word size is reduced (such as diacratics and other things) which means that as the phone tries to truncate it, it actually can expand, and this is an edge case the devs forget about.

It seems to be a common trait among many of these. Not a great answer, as it's not as technical as I was hoping, but there you are.