A text bomb is a fragment of text containing characters that can affect the operation of an app or device. Text bombs are usually triggered by software bugs that result in certain characters or their combination being processed incorrectly.
An example is the 2018 text bomb containing Unicode characters from the Indian language Telugu that caused Apple devices to crash. The bug was later fixed.
Types of text bombs
Two types of text bombs can be singled out.
- Text bombs triggered by specific user actions. Text bombs containing active elements that the recipient triggers by tapping, or by following a link. An example of this type of text bomb is a message distributed through WhatsApp in 2018. The text contained a long string of Unicode characters conveniently hidden by the messaging app. When the user tapped the “black dot of death” (in other versions, an emoji or the words “read more”), the messenger attempted to process the characters and crashed.
- Text bombs that trigger automatically. Messages the app tries to process on its own, without the user having to tap a dot, emoji, link, or anything else. For example, one information security researcher crashed the iPhones of Uber drivers by entering in the app a username containing Telugu characters.
How to guard against text bombs
To protect your phone or computer from text bombs, use only the latest versions of messengers, browsers, and other apps that receive text messages or data from the Internet. For this, enable automatic software updates. It’s also a good idea to install a reliable antivirus on your device and, if you can, block messages from strangers.
A text bomb is not text bombing
Don’t confuse text bombs with text bombing — a type of cyberattack that involves sending a huge number of e-mails or text messages to a victim all at once. This does not crash the device or its apps, but the continuous stream of junk messages can be a serious nuisance.