Snapchat Can Be Used To Crash Your iPhone With Flood Of Messages

snapchat_can_be_used_to_crash_your_iphone_quikrpostSnapchat’s security issues are drawing attention once again, this time a cyber security researcher has discovered a vulnerability within the Snapchat mobile app that makes it possible for hackers to launch a denial-of-service attack that temporarily freezes a user’s iPhone. By exploiting a flaw in photo messaging service Snapchat, an attacker could render victims’ iPhones temporarily inoperable by flooding their account with messages.

Security consultant Jamie Sanchez discovered that by recycling the Snapchat’s own security authorization tokens to send thousands of messages over several seconds to a victim’s iPhone, leading to a device crash and reset. Since the security tokens don’t expire, hackers can reuse them to target individual users with a denial of service attack, or send spam messages to thousands of users.

Snapchat was criticized in early January when a group of hackers used the company’s own APIs, or the special pieces of code that let developers link their own apps into Snapchat, to collect 4.6 million user names and phone numbers. The hackers posted the information on the Internet, and to add insult to injury, Snapchat had been warned of the vulnerability months in advance.

Sanchez detailed his findings in a blog over the weekend, explaining the root cause is that Snapchat’s security tokens don’t expire. As Sanchez explains, new Snapchat tokens are generated to authenticate a user’s identity each time they send a new message or update their contact list. But because the tokens don’t expire, they can be re-used multiple times — either to send out spam from multiple devices to Snapchat users or to direct a load of requests at one target device.

MUST READ  Android 4.1.1 Devices are Vulnerable to Heartbleed

“I’m able to use a custom script I’ve created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less then one hour,” he wrote. “The other problem is that any attacker could just send all the snaps to one user only, as a Denial of Service attack.”

Instead, he demonstrated the flaw to the LA Times. During the demonstration, Mr. Sanchez sent 1,000 messages to a reporter’s iPhone over five seconds, causing a hard crash and device reboot. Snapchat told the paper it wasn’t aware of the security flaw, then shut down Mr. Sanchez’s account and blocked his IP addresses.

Mr. Sanchez posted a photo on Twitter as proof, saying “My two accounts and IPs involved in the research of the Snapchat Dos has been banned. That’s their countermeasure.”

Snapchat issued a statement saying they were working to resolve the issue and would be reaching out to the security researcher who publicized the attack to learn more.

The security researcher has complained that Snapchat has no respect for cyber security research community, which was proved recently when the service did not pay much heed to researchers’ warning about a security hole that could expose user data and the researchers ultimately published phone numbers of about 4.6 million users to prove their point.

 

To get our android application click here.

You can follow us on Twitter , add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest happenings in the world of tech.

MUST READ  Facebook To Buy Drone Maker Titan Aerospace

Anurag

Engineer by responsibility and Blogger by choice, Hi I am Anurag Ajmera from Ajmer (by birth) and living in Karnal and Delhi NCR for the last 20 years of my 24 years of life. Passionate about trekking, coding and discovering. I love to meet new people and do sketching in my spare time. Hard on my principles and soft on my skills I love to play football. Vegetarian by force I have respect for nature and its beauty.

Anurag

Engineer by responsibility and Blogger by choice, Hi I am Anurag Ajmera from Ajmer (by birth) and living in Karnal and Delhi NCR for the last 20 years of my 24 years of life. Passionate about trekking, coding and discovering. I love to meet new people and do sketching in my spare time. Hard on my principles and soft on my skills I love to play football. Vegetarian by force I have respect for nature and its beauty.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>