Skip to main content

How This Prank Site Can Crash Your iPhone

Remember when all your joker friends on Twitter and Facebook were Rickrolling you with fake shortened Web links? Now it's happening again, but the links will force your iPhone to reboot, crash Safari on the desktop, or cause Chrome to hang endlessly.

Credit: Maxim Kostenko/Shutterstock

(Image credit: Maxim Kostenko/Shutterstock)

The website the malicious links lead to is called simply CrashSafari.com, and you load it at your own risk. The domain registration is hidden behind a proxy, but Wired tracked down a San Francisco app developer named Matthew Bryant who claimed ownership and said it was meant "purely as a joke." (There's no permanent damage caused by the website.)

If you want to make sure you don't lose 5 minutes of your life because of a prankster's trick, your options are limited if you use one of Apple's mobile devices. Because all browsers in iOS run on top of Safari, they'll take down the device, too.

MORE: iPhone 7 Rumors: Specs, Features and Release Date

On an OS X machine, you could try using Firefox. The browser will hang for a couple of minutes, but eventually the script-warning window will appear, and you can hit "Debug script" to stop the process.

Windows users can use Internet Explorer — on our work machine, IE 11 handled the CrashSafari site with barely a hiccup, and we were able to open other tabs after a split-second pause. On Android, Chrome crashed and Firefox generated the debug-script popup, but the device was otherwise stable.

CrashSafari exploits a known issue that lets four lines of JavaScript fill up a browser with more useless information than it can handle. Browsers that survive the process will display an endless amount of numbers in their address bars.

In a discussion on the Chromium developer boards in July 2014, one developer deemed the flaw behind CrashSafari "not a security bug" because it is "just a generic DoS [denial-of-service] in the browser."

Another developer pointed out that fixing the issue would involve limiting how quickly a browser could communicate with other processes on a system, which would create problems of a much more serious nature.