A weakness in Snapchat gives hackers the ability to cause the iPhone to crash. The news comes just a month after another vulnerability in the messaging app was highlighted, where millions of usernames and phone numbers were posted online.
In the most recent highlight, Jamie Sanchez, a security researcher, found that a denial-of-service attack could be used through the free messaging app. Hackers would be able to use Snapchat to send hundreds of messages to the same phone, which would crash the system and require a reset of a user’s device. This will only happen on iPhones, but Android users will find that their phones are much slower than normal.
The app creates tokens to verify an identity and hackers will be able to reuse them allowing the sending of hundreds of messages all within the space of seconds. Hackers cannot just target individual phones. They can also target groups of users who use the app.
Unlike the problem with the leaking details, Snapchat has taken this threat extremely seriously. In a statement issues, the company said that it would reach out to Sanchez to learn more about his security threat and create a fix for it.
Unfortunately for the company, Sanchez took his find to the Los Angeles Times first, instead of notifying the app creators. He claimed that the company “has no respect for the cyber security research community.”
This was due to the previous way that the app creators handled a security incident. He did not want the same thing to happen when he alerted Snapchat to the weakness that can cause the iPhone to crash. He decided going public right away would mean the company would have to actually do something about it.
During the Christmas holidays, a security research firm in Australia informed the app creators of a vulnerability that would lead to hackers getting usernames just by having—or just guessing—phone numbers. When the company failed to acknowledge this vulnerability as series, hackers went to expose the issue by posting 4.6 million user details online. It was removed quickly, but it meant the app creators had to acknowledge there was a problem and put them in the public eye.
Sanchez explained the problem in more detail on his own blog. He explained how tokens are created for each message that is sent. When a new message is sent, even between the same people, a new token is created to verify the identity of the users. However, these tokens are never deleted, which means that they can be reused over and over again.
The security researcher developed a script that would allow spam messages to be sent automatically reusing the tokens. Used in conjunction with the previous vulnerability highlighted last month, 4.6 million users could be affected at the same time.
During a demonstration to the Los Angeles Times, Sanchez sent 1,000 messages to one phone in five seconds, causing the denial-of-service attack and crashing the phone. His accounts have since been blocked by Snapchat as they work on a fix for the weakness that causes the iPhone to crash.
By Alexandria Ingham