Snapchat vulnerability opens iPhone users to disabling attack, says researchers
Snapchat has had a rough few months, what with the massive scraping of its users' information and such. The latest headache for the company comes in the form of a vulnerability to iPhone users in particular, which can allow someone to be targeted with a denial-of-service attack, temporarily disabling one's iPhone.
The discovery was made by cyber researcher Jaime Sanchez and another unnamed researcher working as a consultant for Telefonica. While on their own time, the two discovered a vulnerability in the app that allows someone to flood a user with thousand of messages in a measure of seconds, resulting in a locked up iPhone.
As a result of being hit with thousands of messages, the iPhone can either freeze and require a hard reset, or can crash and restart on its own. The vulnerability revolves around Snapchat's use of tokens, which are generated for identity verification. Through an issue with how these are utilized, a hacker could reuse old tokens to send a flood of messages.
The issue presents a few different problems — it could allow a particular user to be repeatedly cyberattacked, disabling their iPhone, or it could be used by spammers to mass distribute spam — something with which Snapchat has already had an ongoing problem. The attack was demonstrated on video, which shows a multitude of messages disabling an iPhone.
The researchers did not approach Snapchat about the vulnerability, said Sanchez, due to the company's ignoring the warning it was given late last year about the issue that ultimately caused usernames and phone numbers to be nabbed.
SOURCE: LA Times