The popular sharing application Snapchat has been found to have a vulnerability, one that would allow hackers to launch a denial-of-service attack that can impermanently freeze your iPhone.
The glitch was discovered by Jaime Sanchez, a cyber-security consultant for a major telecommunications company Telefonica situated in Spain. He and another researcher found the weakness in Snapchat’s system which would permit hackers to send thousands of Snaps to users in seconds.
An account can be barricaded when large numbers of consecutive messages floods one user. The Snapchat app will then drive the device to freeze, crash and sometimes even require the iPhone owner to perform a hard reset.
Snapchat is an app that enables its users to share photos and videos to each other that automatically disappears after a few seconds they are viewed by your intended receivers. Each time a user sends a message, a token is created to confirm your identity.
The findings of Sanchez that can be found on segudidadofensive.com indicated that the flaw makes it possible for hackers to reuse old tokens to send new messages. Spammers can exploit this vulnerability, as well as aid hackers to launch a cyber attack against individuals.
He also demonstrated the said glitch by sending 1,000 messages to an account which caused the whole device to freeze, shut down and eventually restart itself. It’s a slightly different case for Android phones; it doesn’t cause the crashing of the device but rather a significant slowing of speed. One cannot access the app until the attack has ceased.
Sanchez has not alerted Snapchat about this issue because he claims that they have not shown respect for the cyber security research community. The Los Angeles startup ignored Gibson Security when the group alerted them that the app could be used to access user data on Christmas Eve.
True enough, on Dec. 31, a group of hackers exploited this weakness to expose the user names and phone numbers of nearly 5 million Snapchat users. “They warned Snapchat about issues – about the possible dump of database – and Snapchat didn’t care.”
When the LA Times asked Snapchat regarding this glitch, they said they were not aware. An e-mail from a Snapchat spokeswoman read: “We are interested in learning more and can be contacted at security@snapchat.com.”
