How "Crash Safari" Reboots Your Phone
HTML-код
- Опубликовано: 5 окт 2024
- Crash Safari dot com -- and no, I'm deliberately not linking to it! -- crashes your phone. Or your browser. Pretty much instantly. How? And after several months of obscurity, why did it go viral so fast today?
And yes, I did have to put this video together really quickly. Thank you SO MUCH to the wonderful Matthew Walster, @dotwaffle on Twitter, who not only found me somewhere to film at short notice but also volunteered to hold the camera. I am massively grateful to him -- thank you!
I'm on Twitter at / tomscott
on Facebook at / tomscott
and on Instagram at "tomscottgo"
and also on the web: www.tomscott.com/
Love these videos about computer exploits :-)
Can you do this with commands blocks? XD
+Evil Piggles You don't need command blocks to crash Minecraft. Just fire a million poppies through a nether portal and then go into the nether ;)
+Ian Niblett you could make a command block thing to fire a million poppies through a nether portal and then teleport the player in a portal, so the player doesn't need to do anything. I wonder if there is a way to run something on a server that makes the computer of the client crash (not just minecraft but the OS), but keep the server running...
+legogo29 Hmm. Hard to say. It used to be trivial to crash a computer with faulty graphics code, but that's gotten a little harder, and you wouldn't be able to do that from a game server remotely unless there is an inherently faulty piece of code in the client.
Trouble is, barring bugs or program specific exploits, on a desktop system you shouldn't be able to get out of the client's address space. Crashing a game client wouldn't be hard unless it is rock-solid about checking the network commands it receives, but crashing the computer itself? That's a bit more of a problem...
+xisumavoid evil x, is that you? Stop using xisuma's account to research computer exploits.
Tom: "I'm just as bad as them, using this for clickbait."
Also Tom: *doesn't use exaggerated titles, explains the info properly, and actually provides an interesting analysis of the code and why it happens instead of just reporting that it happens*
Tom is too humble
No, wait, actually
He's more than humble enough :)
Is the camera slightly moving around or am I going crazy?
+CloudKid Handheld camera (see the description!) with a minor stabilisation effect attached. Best I could do at short notice!
+Tom Scott Ah alright, thanks for clearing that up. Great video!
+Deany Kong How do you do that? :o
I like to think it gives a feeling of urgency. It's totally not a wobbly cameraman. Honest.
+CloudKid you might be going crazy, who knows
"JOURNALISM!"
-Tom Scott, 2016
The Real Cool Cat 🤗🤗🤗
thanks cool cat
Still relevant
@@ShihammeDarc always has been.
"Each browser tab is a seperate process on your machine"...
THATS why there's so much going on in my task manager, thanks...
+Sam Shredits Yes, if you bring up Task Manager with Chrome running, each of those separate tabs will have its own listing in Task Manager.
@A guy who exists well, it safer(coz 1 such bad site won't crash your whole browser (supposedly)) and it not the reason why Chrome is such a memory hog
@@trg3625 Probably to isolate tabs better. Processes handle task switching better on OS level so a blocking tab won't affect the others. Besides giving each tab one process encapsulates any running JavaScript and worker threads better.
The fact that it crashes due to memory exhaustion is not really a huge problem. It's annoying but it happens. However, the fact that memory exhaustion in an application (Safari) crashes the whole operating system is a huge, enormous bug in memory management of that operating system. And indication that Safari has some strange privileges that no application should have
Jan Sten Adámek,..... hi
Wendell Dador When an application uses too much memory, the system should kill it and display something like „Safari stopped working“ so that all your other apps can continue to run.
It's not actually crashing the OS, although it looks similar. The thing that crashed is Springboard, the application launcher, which is also the parent process of all the apps on the system. An easy way to tell the difference (other than that a "re-spring", as it's known, is much faster than a reboot) is that Touch ID keeps working. After a reboot, you normally have to enter your passcode again, to unlock the secure enclave.
A re-spring is still a problem, but it's how the system reacts when it detects a potential threat in a privileged process - like Safari's JavaScript engine, Nitro, which has the ability to mark memory pages as executable.
Piotr Rywczak
What do you mean? Biology isn’t interesting :p
As a computer programmer I probably find this topic a little more interesting than most people.
@@gormster this comment was left by jailbreak gang
that's simple... I still have the iPad 1, I can't use safari without it crashing.
haha same
I have iPad 4 (I know, old 👁👄👁) and it's fine on safari
And yes I use this everyday the only iPad I have
@@plsstopreplyingtothisaccou5788 ipad 4 got me through middle school just fine but then it got touch disease and it doesn't work as of late
1:36, begging to be a GIF
+NoZephy You're welcome. media.giphy.com/media/642JmzRH2gRWw/giphy.gif
+QwertyuiopThePie Saved to my computer. I'll need this someday.
+QwertyuiopThePie you... you get the shit done
i like you, sir
+QwertyuiopThePie Brilliant! :D
+QwertyuiopThePie Saved, thank you very much indeed.
I fell for the trick in 2016 when I was discussing Crash Bandicoot in a chat room, saw someone post a link to Crash Safari, and thought it might be Crash Bandicoot related so I clicked it which caused every tab and window to crash. The person that linked it got banned for it. I was the only one that fell for the trick.
Does it work anymore?
@@spit2u744 No idea. Whenever I try it nowadays, my Internet automatically resets my connection, detects the site as a threat, and prevents me from being able to access it.
@@spit2u744 Do people still use Safari?
@@Her_Imperious_Condescension yes
At least this is a fairly benign way to make the issue exceedingly apparent, rather than a more malicious use of it.
How would you make this malicious? It just restarts your phone while browsing web. That's it. How do you abuse that?
***** I'm not talking about spamming the phone's history specifically. What I mean is that pushing to the browser history could potentially be abused and this highlights that. I can't think of any good examples, because from my perspective these exploits tend to be fairly clever, but it could be possible for one website to put a different malicious site into the history - perhaps a download link to some sort of virus - and coax the user into going 'back' to that website.
+hellterminator How would you make this malicious? Put that little chunk of code in lots of places by nefarious means, watch lots of people having their communications device repeatedly go down like a sack of spuds. Sounds pretty abusive.
16 Bit Images Placing the code in some site means that you already have control of that site, so why rely on the user going “back” to a malicious site when you can place your exploit in the site he or she is visiting right now?
Mr Fuzzy Going to some site makes my iPhone unusable for a few seconds, boo hoo.
If your money or personal data isn't being stolen and your device isn't permanently damaged, it's not a big deal.
Does Tom Scott own like 50 red T-shirts?
no, no. he owns more.
there is a park bench about it (he buys them in bulk dough to a television gig)
O was about to type ALL of this
Well, sorta?
yes
So if I set this as the home page on my friend's iPhone...
Oh god.
Oh yes..
Does it still work today?
@@vevan99 yep
@@vevan99 Not anymore T^T
i love how when some talks about Apple fixing a bug it's always "maybe they will, maybe they won't"
_"JOURNALISM!"_
I hear you my friend. While the web has increased information sharing in a way we could never imagine it's also destroyed journalistic integrity in the process. It's no longer about facts, it's about clicks and ad revenue.
And now all the news websites that still have integrity have to compete with "media" like Bright Side for views, just to keep their sites that running.
I mean, it always used to be about sales and ad revenue (tabloids), before that it used to be about shares and social status (gossip), so... not as much has changed as you might think. There's just more of it.
@@finalscore2983 Although... the proliferation of the web has made sharing opinions far more easier, which allows second-rate "media" outlets to exist.
I know you were probably joking at the end ("...or RUclips videos about it...Sorry") but I just wanted to state that I don't think that having somebody with technical understanding explain a 'viral' technical issue in fairly significant depth (at least compared to 99.9% of 'news' coverage) is an instance of hopping on the bandwagon of clickbai- pseudo-news :)
TheTrueRandomness Yeah. He’s a lot better than that...JOURNALISM
You always explain stuff simply but not treat us like idiots. Even being in the computer and electronics field I always learn something. Keep it up and thank you.
I'm off to maliciously crash the phones of my friends.
Christopher Johnston same 😈
@@katie4936 this was fixed
@@Preinstallable that was a 3 year old comment
You're friends with Apple users??? Why???
@@js0988 imagine caring what operating system someone uses
Wait, so history.pushState makes it possible to just put whatever into browser history? I could see that being really cool in a puzzle game. Like, there would be a puzzle that seems impossible to solve, and a hint that says "look to the past" or something, so you'd need to check your history, where you'd find the solution to the puzzle.
I like how you build a narrative for these videos. It makes them more entertaining than just plainly explaining how the code works.
Thanks to RUclips again for giving me a video about a software vulnerability not present anymore.
I like how Tom made a whole video about how it’s impossible for a computer to detect if a piece of code has an infinite loop then just casually slips in “safari checks to see if there’s an infinite loop and stops loading the page”
The distinction is "checking if one program probably loops" vs "checking if any conceivable problem definitely loops or not"
I like the way you say stuff like "something has gone desperately wrong". Makes me think you should record desaster stories or something, it just sounds so terrifyingly serious! XD
Tom's videos always have the absolute best endings. Funny and clever, every single time.
You definitely don't need to apologize for such a great and well researched video. I love your videos.
Yea but you earned the click by actually explaining it in detail lol
I wonder how easy it is for Tom to describe such technical stuff when the rest of us is sweating just before every single PowerPoint presentation 😂
In the 1024 system, it comes to 22 gigs, 303 megs, 195 kilos, and 55 bytes. It is 23.940.238.391 total bytes.
I swear tom's videos have the most comments from verified tubers.
I just want to say, I love your videos and they inspire me all the time!
Thanks for everything you do
Always love when you have updates. Some of the most fun things that I never hear about otherwise.
Dude THESE are the kinda videos we like to see!!!!!!!
The second I saw that for loop I said 'oh no' out loud.
Haha, I love the self awareness at the end! Great video Tom!! I really like the directions you've been taking things. This channel will just continue to grow with this kind of content.
Yeah, that's a nasty little buffer overflow error. It's a security hole all right. Someone *could* use it to execute arbitrary code.
Could. They haven't done that yet. Apple will likely fix it in the next update.
Is this fixed? When I go to the website, it just says "What were you expecting?" and that's that.
I am on my iPhone 7 running iOS 10.1 and I am getting the same result as CubeBag
*Update: Tried it on my mac and nothing crashes but it adds a ton of pages in my history starting with /1 then /12, /123, /1234, etc.
If you're on PC, Mac or anything with an anti-virus thing, the page is actually a trojen.
BennyBlue It isn't.
Yes it is fixed
I remember a web page from the late 90's ( back in the Netscape days) that would change your homepage to itself then close your browser.
So every time you opened your browser after that it would instantly close.
2:30
HOLY MOLY I'M IN THE MATRIX AND AGENT SMITH HAS A RED T SHIRT
I see what you did there
Love the way you explain & present these things.
These features you've pointed out about firefox and chrome are really flawed. Admittedly I am a "new tab 'till crash" type browser, but nonetheless:
Chrome shares resources between pages on the same domain. I don't know if each page IS actually a new thread, but if one crashes they all crash. Which makes Chrome fail safe rarely - sometimes, defeating the purpose.
Firefox's "hey something's going on here, better impose limitations" seems to work on a similar premise. It'll cap you at 4gb of ram usage (of 16) then grind to a halt. To bad M$ fixed that window refresh issue that let you draw pictures with dying programs, that was fun.
IOS Chrome just crashed when the video ended.
He’s actually a skilled truthful journalist. More of the kind of journalists we need
But hey, that code is sure fun to use in a MITM attack when my friends come over to my house ;)
+Yextus Oh hell yeah. I am coming up with all kinds of stuff to do with this.
+simontay1984 MITM is short for "Man In The Middle" which mean you impersonate a phone or computer identity by sitting in middle their internet connection. In that case I don't know what purpose of crashing browser help in MITM because even connection to RUclips is encrypted nowadays.
github.com/Garbaz/networkstuff/tree/master/pt_hk/htmlinject
-Replace the-
-alert(\"Hello World\");-
-with the appropriate code and have fun :P-
EDIT: Added crashbrowser.sh, browsercrash.filter and browsercrash.ef . Put these 3 files in the same folder, run crashbrowser.sh and have fun. (If you don't have any intention to edit the filter, you can leave the .filter file be. For it to run the only things required are the shellscript and the compiled ettercap filter [.ef])
Requires linux with ettercap
IMPORTANT: It is up to you to educate yourself about what you are doing with these scripts and it is your responsibility to establish an appropriate test environment. If you get in trouble for attempting a malicious MITM attack, it's your trouble, not mine. I'm serious: You can get in trouble if you use it in e.g. a public WIFI not owned by you.
Yextus
Meh, don't like python. But nice to see there are other tools capable of the same.
+Garbaz I guess its just preference then, but MiTMf comes with more options than ettercap and you can add and edit filters while its running which is really nice
It got you more than just a click; it got you a whole like. Congrats!
Apple must have issued a fix. Crash Safari dot corn does not crash Safari anymore.
It's more like a respring really, only takes about 5 seconds to get back in the OS, no sim pin required either.
+Jan Jansen Yep, there's a couple of comments saying that. It's weirdly half-and-half: I suspect it's just crashing the home screen, but given most laypeople would consider that "a reboot" even if it doesn't require Touch ID, that's what I went with. As with the Gmail example (and saying "to 100,000" rather than "to 99,999") sometimes it's best to prioritise clarity over accuracy :)
+Tom Scott It is actually 100000 times, the loop starts with i = 0 and runs to i == 99999, which is exactly 100000 iterations.
Sorry, I'll stop being a smart-ass now :S
+Tom Scott your springboard actually is an application running on your phone, and you go from there its like a desktop.
+Tom Scott well, technically it would do it 100.000 times. it just starts at 0 instead of 1. :P
+LegionaryCohort480 +abexuro - He knows it runs 100,000 times, nerds. But he said, "...zero, then one, all the way up to 100,000", which is incorrect. He should have said, "... zero, then one, all the way up to 99,999". That's the part he was "apologizing" for.
4:48 Homebrew Communities: _Allow us to introduce ourselves._
Does it work?
Crashsafari
1:27 Fun fact, nobody's "hurriedly bashing out a few hundred words". That kind of writing is almost entirely automated. Those tech companies are spending at most ten minutes getting that article out there.
saw you on an other site, but had to come to your video to like and comment. you explained it really well and your joke at the and made me giggle
This may be the most devastating use of pushHistory, but the most irritating use is definitely when annoying ads take over your browser window and insert 100 copies of the same page, effectively disabling your back button unless you know you can press-and-hold on the back button to select which page to return to. And now some of those ads have even gotten smart enough to overflow the displayed history length, making THAT impossible to even do.
Worth more than all the mainstream tech news combined about this subject!
I do wonder if this has any practical use. Does anyone know if there ever is any state where something is deeply wrong with your Iphone, and you absolutely need to reset it, but something is stopping the phone from shutting down naturally by holding down the power button? Of course, this state also would still have to allow you to use safari on your phone without much of an issue.
+PhilfreezeCH Good luck doing that on an iphone quickly.
When your iphone is old and worn out and the power button does not work.
+simontay1984 dude, every phone resets when you hold the power button for around 10 seconds, no matter if it's frozen or not.
Schonaton05 Norb why?
linus with his 1tb ram pc:
hold my beer
Every tab in Chrome is a separate process?! So that's why all my RAM got filled up when I had 500+ tabs open!
Your RAM filled up because is stored 500 tabs. It doesn't matter if it is in seperate processes or not.
most of them are sleeping though.
Who needs ASMR when videos like this exist (All jokes, this was very informational and entertaining)
DELL PRODUCT PLACEMENT!!!
No, that's just my laptop. I'll always declare if it's a sponsored video :)
+Tom Scott London bus product placement!!!!
+QW3RTYUU Hope he get's some dalla dalla bills yo!
+Tom Scott Isn't it a UK or EU legal requirement that you do?
+James Bradwell Yes. thats the joke. Tom made a video about that before.
Every time I watch a video with you talking in it, I feel the unshakable need to clear my throat.
I'm on the latest iOS beta and I believe that the rebooting bug has been resolved (or it has been for me at least). Still crashes safari though
+MillZPro Aw. :(
+dodekeract Me too. I'm on iOS 9.3
Nice stylistic link between Tom's trademark red t-shirt and the red bus in the picture.
0:40 I think Firefox has now multi threading
An explanation like this is worth a million news articles.
"while(true) {}" brings back a lot of bad memories
Chrome > Firefox > Death > Aids> Internet Explorer > Safari
+CatnamedMittens “Michael Bialas” >Internet Explorer.
But seriously, what's wrong with Safari? I have no problems with it. Everything is fine.
Powerpuff God It's just bait. Don't worry.
>Internet Explorer
+Masre Super Fixed.
CatnamedMittens Kay kay, cool bro. Have a nice day.
I would like to know what causes apps to crash. I'd like to know how they work and why some apps rarely crash while others crash almost immediately when you try to do anything with it. Is it be due to a looping error similar to browsers or something entirely different. I'm really interesting to find out.
Poor code will easily attempts illegal operations : release something it did not allocate, write on something it does not own, reserve more than 100% of something, ask for senseless stuff ; and fail to notice the OS telling it.
When that happens, the OS considers the code has gone mad and terminates it, before it does any more damage.
5 years later, it still happens somehow
If Tom replies to this, I'll do nothing special. That's it. Actually I'll like the video... oh hell I'll do that anyway.
the difference between this article and the ones on tech sites IMO, is that this doesn't just ask what is it and report on that.... it asks WHY, and reports on that.... its the reason i subbed to Tom Scott in the first place.... and then i saw all the other awesome content like citation needed and the language files
Chrome separating processes for tabs is exactly why I don't use it. Generally where I notice problems is Flash/HTML5, that's the real hog. And while Firefox is dumping all I do under 1 process at around roughly 2,5GB RAM it makes all elements (images, videos etc) black prompting me to refresh Firefox at some point. So that's kind of "contained". Chrome on the other hand totally doesn't and happily stacks and stacks and stacks until it ate 16GB of RAM and the entire pc goes into a major fit about everything.
+Niels Schellekens What are you doing with your PC to use up 16GB on just webpages? You gotta have a buttload of pages opened. I have 5 opened, 2 fully buffered YT 1080p videos and some information pages and only using 600MB of RAM for chrome... And yes, I am using it the whole day without restarting chrome or stuff.
+Niels Schellekens looks at chrome, 34 tabs in 4 windows, containing 3 youtube videos and 4 infinite scrolling pages that a re heavily scroled, chome is using about 4.5GB, the tabs have been open for the last week. im not sure what your doing wrong
+Niels Schellekens tp;dr (too preachy, didn't read)
Thank you for including the code! It's really cool to see that such a small piece of code can do so much.
Side note about use JavaScript to mess with people client-side: some of you may have heard of the anonymous chat site Omegle, where you're paired with a random person online who you don't know and told to chat. One of their newer features (though it's not so new anymore) is the ability to ask a question to two random people and eavesdrop on them discussing it. Weird, I know.
When Omegle Spy (as it's called) was first introduced, the devs did basically no sanitation on these questions. None. Which meant it was quite easy to inject JavaScript code which, when your question was displayed to other users of the site, would just...run. So, partly as a troll and partly to show how it could be abused, I opened up a new Firefox process and submitted my own question: "Tell Omegle to fix their code," followed by a fork bomb. Anyone who was randomly assigned my question quickly had their browser crash (or, for Chrome users, that one tab). It was glorious :)
There has never been a better channel that's explained bite-sized coding topics to a complete novice like me
*phone* allows its self to receive 25gigabytes of data, realises it can only store one, crashes
The computer doesn't evaluate the entire operation at once though, so how could it know? It just keeps adding more history until it exceeds the maximum amount of data that can be held in memory, and fails.
I love these types of videos you do Tom
WAIT I just realized that Tom looks like grian's minecraft skin
Don't be sorry, I love these videos!
Researchers have figured out away to jailbreak iOS 9.1 devices though safari apparently, so go figure?
yeah but ios 9.1 is old already.
"Or RUclips Video about it" *Look away* you are so adorable Tom.
so it doesnt crash on a computer with 32GB of ram?
***** isnt the 4GB the limit of 32bit? But i have 64bit 16GB
Your videos are best bedtime videos ever.
That didn't explain why crashing a single app reboots the phone. The OS shall kill the process if it consumes too much memory
It's an iphone, so it can't do basic things like that.
Like Android's LowMemoryKiller? :D
Hey Tom! Mozillas Nightly builds have e10n, which also puts tabs as individual processes. So it's coming soon, in case you want to add it as an annotation
RUclips player crashed at 0:25 and I sat there for like 20 seconds thinking it was part of the video... :D
Out of random curiosity, I decided to write a small program that did the same thing, except instead of spamming the browser's history, it just counted how many characters would have been written after a certain amount of loop iterations. For 100,000 iterations the result turned out to be 23,939,749,495 bytes, or about 22.3 GB
journalism!!!
+Tom Scott Not sure whether you were just referring to your iPhone in particular, but the latest generation iPhone has 2GB of RAM. Also there's a typo in the english CC at 1:14 where it says "fianlly" instead of "finally".
+Malthe Elkær Mine's 1GB, so that's what I went with. (I think when I wrote the script, I intended to have it in my hand, before I realised I needed to film with it.) And thank you - fixing that now!
+String.Epsilon Well my v10 has 4.
checkmate atheists.
I guess I have an idea why this site exists. And most people who ever talked to this special kind of "Mr. Apple lover" will.
Conversation example piece:
A: Apple is so great
B: No it isn´t. It was back when Woz
A: You don´t know anything. Their design
B: Is stolen from Braun. Check [Link to site Tom doesn´t want to see down here] and you will see how great Apple is.
Honestly, your videos are the best.
2:55
Off-by-one error. 0->99,999
Actually, I can think of *one* practical use for that. I'm occasionally faced with people whose iPhone's power button has given out, so that they're unable to restart their phone. Sure, there's Settings / General / Reset / Reset Network Settings, which will reboot it, but then you have the hassle of having to enter passwords again for all your WiFi connections.
i'm sure that there's more than one reboot option in settings, i've probably used an actual reboot option once, but i no longer use apple devices
“What were you expecting?” It says. Kinda disappointed
Just throwing it out there that the Norwegian translation by MasterHigure was spot on. Godt jobba :D
1:36
Journalism!
Journalism!
Journalism!
Journalism!
Love that apology at the end XD
chrome://inducebrowsercrashforrealz crashes chrome and edge!
In chrome every browser tab is a different process, which is why chrome just loves to gobble ram
Haha, it started buffering and skipping at the start and I just left it because I've grown accustomed to people (*cough* Tom *cough*) including it as part of the video, especially on a video about crashing
1:57 *Virgin* on the top left
2:32
Finally some code I understand :P
i feel like im becoming smarter listening to this when 75% of what hes saying i dont even understand
Another awesome video, a pleasure watching as always
This is Diamonds for Android users.