/article-new/2014/02/snapchatlogo.png?lossy)
A vulnerability in the Snapchat app opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash, according to cyber security researcher Jamie Sanchez [Google Translation] (via The Los Angeles Times).
A weakness in the app’s system can allow a hacker to send thousands of messages to a Snapchat user in seconds, which can cause a crash that requires a hard reset to fix. Tokens generated by the app used to verify user identity can be reused by hackers to send a flood of messages.
By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, [Sanchez] said.
Sanchez demonstrated the flaw for The Los Angeles Times, sending a reporter 1,000 messages within five seconds in a denial-of-service attack, which caused the reporter's iPhone to freeze until it restarted.
The security researcher declined to contact Snapchat with his findings as he believes the startup "has no respect for the cyber security research community" after ignoring previous app vulnerability reports.
Snapchat has faced multiple problems as its private messaging app has grown in popularity, including vulnerabilities that allowed users to bypass screenshot notifications and a recent security breach that compromised the user names and phone numbers of more than 4.6 million customers, which Snapchat was warned about ahead of time by a security group.
When asked about this particular vulnerability, Snapchat said it was unaware of the problem but interested in learning more.
Top Rated Comments
(View all)snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do this
After the earlier story that quoted Tim Cook saying spending 10 figures on a company is no problem, and now this snapchat story...
I wish it was April 1st, and the next post on MacRumors is that Apple has agreed to buy SnapChat for $1bil, just to see everyone lose their stuff in the comments.
I mean, Facebook bought Instagram for $1bil, so i could at least be a believable story for a few minutes. Just for the laughs. :p:)
FB already offer $3B for it and was spurned.
As for snapchat, it's useful to share quick pictures to everyone, make a "story" (a collection of many pictures, funny in parties!), send random stupid faces, doesn't require cell to be used (only wifi) thus is usable on ipods or with plans with low data, doesn't require to give your phone number, received/read notification, and is quicker to send than sms/mms across all devices.
1. As if your going to have that many friends on there for them to be able to send 1,000 images all at once.
It's quite easy to get someone's snapchat nickname (for instance using FB/twitter) and you can then crash their device whenever you want to piss them off. Any teen with some knowledge in dev can simply google the API (leaked on reddit some time ago) and have fun, and I suppose there'll be tools very soon to do it with no knwloedge at all.2. As if the average friend will have the know how to perform this and if their your friend why would they want too?
So in reality is doesn't really pose a threat, but if a tech expert wanted too they could exploit it though they would have little t gain from it.
Also aren't cyber community group just the same groups of people who create viruses and other malware who are then taken on by anti virus companies?
Finally, while some cyber community groups are making viruses and all, some of them simply work on security to improve softwares.
snapchat is more trouble than what its worth. if you wanna sext just use iMessage
okay, let's do thisOoh, romance is in the air!