The website, crashsafari.com [update: now taken offline, source code available below], was created to do just what the URL name promises. With four lines of HTML beginning with the header “What were you expecting?”, it can run a script that is able to crash the iPhone’s default browser.
Android devices are also affected by the script. It attempts to add thousands of characters per second onto the browser’s address bar. This results in an overloaded memory workload, overheating, and an eventual device reboot.
Some users have also confirmed that the site works just as equally on desktop Chrome and Safari. Unlike their smartphone counterparts, however, they will not be prone to overheating and rebooting issues as most desktop and notebook CPUs with at least a 10W TDP or above are designed to handle the stress.
Back in May 2015, a rare iOS bug caused a specifically-crafted string of text characters to automatically crash and reboot any iOS device without user warning. Users who received the string with Messages were not able to switch to other applications without crashing the app, while users who received the string on their lock screen were not able to open the Messages app at all. In 2009, there was an even more critical SMS string of text characters that allowed attackers to remotely execute code on a recipient’s iOS device. This was patched back in iOS 3.0.1.
The new CrashSafari prank is also similar to last year’s 13-character Google Chrome bug for Mac OS X that caused any open browser tab to crash very hard. Here is the link to the actual line of code for any Mac user who hasn’t updated Google Chrome since March 2015.
Update [January 25, 2016 11:00pm] – It appears as if crashsafari.com has been taken offline due to its clever popularity in just a few short hours. Nevertheless, here is the original source code for anyone who wishes to compile the HTML document themselves. Enjoy.
(Larger image here) Credit: Gizmodo