Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks

snapchatlogoA vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).

A weakness in the app’s system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.

By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.

Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.

The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.

Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.

When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.

Top Rated Comments

Hastings101 Avatar
94 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage

okay, let's do this
Score: 7 Votes (Like | Disagree)
ZacNicholson Avatar
94 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
Score: 7 Votes (Like | Disagree)
dcchicago29 Avatar
94 months ago
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)

FB already offer $3B for it and was spurned.
Score: 3 Votes (Like | Disagree)
wordoflife Avatar
94 months ago
If you use snapchat, I would suggest only allowing your friends/contacts to snap you.
Score: 3 Votes (Like | Disagree)
Alenore Avatar
94 months ago
The fact that iOS enable an application to use all the memory/whatever in the phone is wrong in the first place (would it be Safari or Snapchat).

As for snapchat, it's useful to share quick pictures to everyone, make a "story" (a collection of many pictures, funny in parties!), send random stupid faces, doesn't require cell to be used (only wifi) thus is usable on ipods or with plans with low data, doesn't require to give your phone number, received/read notification, and is quicker to send than sms/mms across all devices.

1. As if your going to have that many friends on there for them to be able to send 1,000 images all at once.

2. As if the average friend will have the know how to perform this and if their your friend why would they want too?

So in reality is doesn't really pose a threat, but if a tech expert wanted too they could exploit it though they would have little t gain from it.

Also aren't cyber community group just the same groups of people who create viruses and other malware who are then taken on by anti virus companies?
It's quite easy to get someone's snapchat nickname (for instance using FB/twitter) and you can then crash their device whenever you want to piss them off. Any teen with some knowledge in dev can simply google the API (leaked on reddit some time ago) and have fun, and I suppose there'll be tools very soon to do it with no knwloedge at all.

Finally, while some cyber community groups are making viruses and all, some of them simply work on security to improve softwares.
Score: 2 Votes (Like | Disagree)
AngerDanger Avatar
94 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
Ooh, romance is in the air!
Score: 2 Votes (Like | Disagree)

Top Stories

siir apple event april 20

Siri Reveals Apple Event Planned for Tuesday, April 20

Tuesday April 13, 2021 12:04 am PDT by
Siri has apparently prematurely revealed that Apple plans to hold an event on Tuesday, April 20, where the company is expected to reveal brand new iPad Pro models and possibly its long-awaited AirTags trackers. Subscribe to the MacRumors YouTube channel for more videos. Upon being asked "When is the next Apple Event," Siri is currently responding with, "The special event is on Tuesday, April...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
Google maps feaure green

Google Maps App for iOS Finally Updated After Four Months

Monday April 12, 2021 10:03 am PDT by
Following the completed rollout of App Privacy labels for its App Store apps, Google today updated the Google Maps app for the first time in four months. Apple in December began requiring all new app submissions and app updates to include App Privacy labels, detailing the data that is collected by the app so consumers know what they're sharing. Google didn't begin implementing App Privacy ...
pixel watch prosser leak

Google Pixel Watch Allegedly Leaks with Circular Design, Rumored to Launch in October

Monday April 12, 2021 2:49 am PDT by
Renders of Google's first smartwatch, codenamed "Rohan," have been shared by Jon Prosser, showing that Google plans to adopt a circular design for its flagship wearable watch. Prosser shared the renders in an episode of his YouTube show "Front Page Tech," in which he claims they were made based on marketing material he had seen from a source within Google. The renders show that the Pixel...
apple event hashflag

Twitter Hashflag for April 20 Apple Event Goes Live

Tuesday April 13, 2021 2:21 pm PDT by
Following the overnight Siri leak and subsequent announcement that Apple will hold a media event on Tuesday, April 20, a new Twitter hashflag has appeared to help provide visibility for the event on the platform. For the last several recent events, Apple has utilized hashflags, which are little icons next to hashtags on Twitter, as a way to market its events. The company first started the...
macos catalina serial number

Apple Preparing Rollout of New Randomized Product Serial Numbers Ahead of 'Spring Loaded' Event

Wednesday April 14, 2021 2:08 am PDT by
Apple is advising its authorized premium resellers and dealers to prepare for new products with 10 and 12 digital serial numbers, days ahead of when it's expected to reveal a slew of new products. MacRumors previously reported that Apple plans to switch to randomized serial numbers for future products starting in early 2021. The company now seems to be preparing for that roll-out, telling...
iphone12cameras

Kuo: 2022 iPhones to Feature 48-Megapixel Camera, 8K Video, and 6.1 and 6.7" Sizes With No 5.4" Mini Option

Tuesday April 13, 2021 10:45 pm PDT by
The upcoming 2022 iPhone lineup will feature two 6.1-inch devices and two 6.7-inch devices, with no mini-sized 5.4-inch iPhone, well-respected Apple analyst Ming-Chi Kuo said in a note to investors that was seen by MacRumors. Two of the iPhones will be high-end models and two of the iPhones will be lower-end models, similar to the current iPhone 12 lineup. Apple introduced the 5.4-inch...
AppleTV and HomePod Feature

Bloomberg: Apple Working on New Apple TV With Integrated HomePod Speaker and FaceTime Camera

Monday April 12, 2021 3:32 am PDT by
Apple is working on a combined Apple TV with HomePod speaker that has a camera for video calls through a connected television set, according to Bloomberg's Mark Gurman. From the report: The company is working on a product that would combine an Apple TV set-top box with a HomePod speaker and include a camera for video conferencing through a connected TV and other smart-home functions,...
epic iap feature 3

Tim Cook Says App Store Would Become a 'Flea Market' if Third-Party Payment Systems Were Allowed

Monday April 12, 2021 9:41 am PDT by
In a recent interview with the Toronto Star, Apple CEO Tim Cook spoke about a wide variety of topics, ranging from App Tracking Transparency to Apple's ongoing legal battle over App Store policies with Fortnite creator Epic Games. Notably, Cook said that Epic Games' desire for Apple to let developers offer their own payment systems in apps "would make the App Store a flea market":At the...
tim cook toronto star

Tim Cook Says Apple is 'Not Against Digital Advertising' Ahead of iOS 14.5 Launch With App Tracking Transparency

Monday April 12, 2021 8:00 am PDT by
Starting with iOS 14.5, iPadOS 14.5, and tvOS 14.5, Apple will be requiring apps to receive a user's permission to track their activity for targeted advertising purposes, as part of a privacy measure known as App Tracking Transparency. Ahead of App Tracking Transparency being enforced, Apple CEO Tim Cook has participated in a privacy-focused interview with the Toronto Star, telling the...