Instagram stories from the account pg talal have been causing smartphones to crash.
The issue has garnered significant attention online, leading to guides, news articles, and a buzz on social media.
The stories differ in effect based on the device: Android phones show a purple screen with confetti, while iPhones become unresponsive and display a gray screen with Arabic text.
Key Questions and Findings
How can an Instagram story cause so much disruption?
The crash might be intentional and not accidental.
The story uses oversized interactive elements (stickers) which push the limits of smartphone processing capabilities.
Technical Breakdown
Stickers Used:
Two elements: a countdown timer and a quiz.
These elements are scaled to astronomical sizes using HTTP proxy manipulation.
Typical x and y scale values for stickers range between 0 and 1, but they're scaled to 18 digits in the affected stories.
Device Impact
Android:
High-end devices (e.g., Samsung Galaxy S21 Ultra) can handle the story without crashing.
Mid-range phones struggle but don't crash immediately.
Older/low-end devices crash badly and become unresponsive.
iOS:
All iPhones crash, regardless of their processing power, because iOS can't handle the overly large numbers used in the story's elements.
Displays only the original gray image with Arabic text.
Technical Analysis
HTTP Proxy Use:
Allows the modification of Instagram story data before it's sent to Instagram's servers.
This technique is used to artificially inflate the size of interactive elements in the stories beyond normal limits.
Software Response:
Android: Struggles with rendering but shows part of the countdown timer.
iOS: Crashes due to inability to handle oversized data.
Potential Motivations
The creator, pg talal, is likely highlighting a vulnerability rather than causing malice.
Instagram's system should filter out impractically large numbers but fails to do so.
Recreation Attempts
Efforts to recreate the crash effect using HTTP proxy and modification were partly successful.
Instagram has taken measures to fix the specific crash but new vulnerabilities are still exploitable.
Conclusion
Software, including Instagram, will always have vulnerabilities due to unexpected inputs and edge cases.
Highlights the importance of robust error handling and data validation in software development.
Additional Considerations
The possibility of using such exploits for larger-scale impact, like crashing a large number of devices via ads, raises security and ethical concerns.