Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks

by

snapchatlogoA vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).

A weakness in the app’s system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.

By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.

Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.

The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.

Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.

When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.

Top Rated Comments

Hastings101 Avatar
Hastings101
133 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage

okay, let's do this
Score: 7 Votes (Like | Disagree)
ZacNicholson Avatar
ZacNicholson
133 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
Score: 7 Votes (Like | Disagree)
dcchicago29 Avatar
dcchicago29
133 months ago
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)

FB already offer $3B for it and was spurned.
Score: 3 Votes (Like | Disagree)
wordoflife Avatar
wordoflife
133 months ago
If you use snapchat, I would suggest only allowing your friends/contacts to snap you.
Score: 3 Votes (Like | Disagree)
Alenore Avatar
Alenore
133 months ago
The fact that iOS enable an application to use all the memory/whatever in the phone is wrong in the first place (would it be Safari or Snapchat).

As for snapchat, it's useful to share quick pictures to everyone, make a "story" (a collection of many pictures, funny in parties!), send random stupid faces, doesn't require cell to be used (only wifi) thus is usable on ipods or with plans with low data, doesn't require to give your phone number, received/read notification, and is quicker to send than sms/mms across all devices.

1. As if your going to have that many friends on there for them to be able to send 1,000 images all at once.

2. As if the average friend will have the know how to perform this and if their your friend why would they want too?

So in reality is doesn't really pose a threat, but if a tech expert wanted too they could exploit it though they would have little t gain from it.

Also aren't cyber community group just the same groups of people who create viruses and other malware who are then taken on by anti virus companies?
It's quite easy to get someone's snapchat nickname (for instance using FB/twitter) and you can then crash their device whenever you want to piss them off. Any teen with some knowledge in dev can simply google the API (leaked on reddit some time ago) and have fun, and I suppose there'll be tools very soon to do it with no knwloedge at all.

Finally, while some cyber community groups are making viruses and all, some of them simply work on security to improve softwares.
Score: 2 Votes (Like | Disagree)
AngerDanger Avatar
AngerDanger
133 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
Ooh, romance is in the air!
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article263 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article390 comments
iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Read Full Article444 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article208 comments