Snapchat Vulnerability Can Lead to iPhone Denial-of-Service Attacks

snapchatlogoA vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).

A weakness in the app’s system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.

By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.

Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.

The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.

Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.

When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.

Top Rated Comments

Hastings101 Avatar
115 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage

okay, let's do this
Score: 7 Votes (Like | Disagree)
ZacNicholson Avatar
115 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
Score: 7 Votes (Like | Disagree)
dcchicago29 Avatar
115 months ago
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...

I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)

FB already offer $3B for it and was spurned.
Score: 3 Votes (Like | Disagree)
wordoflife Avatar
115 months ago
If you use snapchat, I would suggest only allowing your friends/contacts to snap you.
Score: 3 Votes (Like | Disagree)
Alenore Avatar
115 months ago
The fact that iOS enable an application to use all the memory/whatever in the phone is wrong in the first place (would it be Safari or Snapchat).

As for snapchat, it's useful to share quick pictures to everyone, make a "story" (a collection of many pictures, funny in parties!), send random stupid faces, doesn't require cell to be used (only wifi) thus is usable on ipods or with plans with low data, doesn't require to give your phone number, received/read notification, and is quicker to send than sms/mms across all devices.

1. As if your going to have that many friends on there for them to be able to send 1,000 images all at once.

2. As if the average friend will have the know how to perform this and if their your friend why would they want too?

So in reality is doesn't really pose a threat, but if a tech expert wanted too they could exploit it though they would have little t gain from it.

Also aren't cyber community group just the same groups of people who create viruses and other malware who are then taken on by anti virus companies?
It's quite easy to get someone's snapchat nickname (for instance using FB/twitter) and you can then crash their device whenever you want to piss them off. Any teen with some knowledge in dev can simply google the API (leaked on reddit some time ago) and have fun, and I suppose there'll be tools very soon to do it with no knwloedge at all.

Finally, while some cyber community groups are making viruses and all, some of them simply work on security to improve softwares.
Score: 2 Votes (Like | Disagree)
AngerDanger Avatar
115 months ago
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
Ooh, romance is in the air!
Score: 2 Votes (Like | Disagree)

Popular Stories

Cyber Monday Deals Feature 2022

Best Cyber Monday Apple Deals Still Available for AirPods, Apple TV, iPad, and More

Monday November 28, 2022 5:24 am PST by
The Black Friday and Cyber Monday holiday shopping rush is drawing to a close, but there are still some good deals to be had out there. For Apple products, many of the deals you've seen since last week are still available, though some have expired. So for anyone who missed out on Black Friday deals, there's still an opportunity to get some of the year's best prices on many Apple devices. Note: ...
iPhone 14 Pro Rear Camera

iPhone 15 to Use 'State-of-the-Art' Image Sensor From Sony for Better Low-Light Performance

Monday November 28, 2022 11:00 am PST by
Apple's upcoming iPhone 15 models will be equipped with Sony's newest "state of the art" image sensors, according to a report from Nikkei. Compared to standard sensors, Sony's image sensor doubles the saturation signal in each pixel, allowing it to capture more light to cut down on underexposure and overexposure. Nikkei says that it is able to better photograph a person's face even with...
Apple Watch Ultra Oceanic Plus App

Apple Announces Oceanic+ App Now Available for Apple Watch Ultra

Monday November 28, 2022 6:11 am PST by
Apple today announced that the Oceanic+ app is available for the Apple Watch Ultra starting today. Designed by Huish Outdoors in collaboration with Apple, the app serves as a dive computer for recreational scuba diving at depths up to 40 meters/130 feet. Apple already offers a basic Depth app on the Apple Watch Ultra for viewing your current depth, maximum depth reached, water temperature,...
app store awards 2021

Apple Announces 2022 App Store Award Winners, Highlighting Best Apps of the Year

Tuesday November 29, 2022 3:10 am PST by
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team. The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said: This year's App Store Award winners reimagined...
rapid security response

Apple Releases Another Rapid Security Response Update for iOS 16.2 Beta Users

Monday November 28, 2022 10:16 am PST by
Apple today released a Rapid Security Response update that is available for those running the iOS 16.2 beta, marking the launch of the second RSR update since the feature was released in iOS 16. The Rapid Security Response Update is designed to provide iOS 16.2 beta users with bug fixes without the need to install a full update. The initial RSR release for iOS 16.2 beta users was a test with ...
twitter elon musk

Elon Musk Claims Apple Has 'Mostly Stopped' Offering Ads on Twitter and Is Making Moderation Demands

Monday November 28, 2022 10:42 am PST by
Apple has cut back on its Twitter advertising, according to Twitter CEO Elon Musk. In a tweet, Musk said that Apple has "mostly stopped" its Twitter ads, asking if Apple hates "free speech." Musk went on to publish a poll asking if Apple should "publish all censorship actions" taken that impact customers and he began retweeting content from companies that Apple has had moderation discussions ...
iphone 11 tesla cybertruck close up

Elon Musk Pledges to Build iPhone Rival If Apple Ousts Twitter

Tuesday November 29, 2022 2:48 am PST by
Elon Musk has pledged to offer an "alternative phone" if Apple and Google remove Twitter from their app stores, adding to long-standing rumors about an iPhone rival from Tesla. Modified iPhone 11 Pro in the style of the Tesla Cybertruck, by Caviar. Musk's remark came after being asked about the potential scenario of Twitter being removed from app stores, which could conceivably happen if the...
General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note:...