Hackers can use Snapchat to disable iPhones, researcher says
A cyber security researcher has discovered a vulnerability within the Snapchat mobile app that makes it possible for hackers to launch a denial-of-service attack that temporarily freezes a user’s iPhone.
Jaime Sanchez, who works as a cyber-security consultant for Telefonica, a major telecommunications company in Spain, said he and another researcher found a weakness in Snapchat’s system that allows hackers to send thousands of messages to individual users in a matter of seconds. Sanchez said he and the fellow researcher discovered the glitch on their own time.
Flooding one user with so many messages can clog their account to the point that the Snapchat app causes the entire device to freeze and ultimately crash, or require that the user perform a hard reset.
Snapchat is a popular mobile app for iPhone and Android devices that allows users to send each other photo and video messages that disappear a few seconds after they are opened by their recipients.
Every time a user attempts to send a message through Snapchat, a token, which is a code made up of letters and numbers, is generated to verify their identity. Sanchez, who wrote about his security findings on seguridadofensiva.com (in Spanish), said a flaw within Snapchat’s system allows hackers to reuse old tokens to send new messages.
By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, he said.
Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account. He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself. (See the video above.)
Launching a denial-of-service attack on Android devices doesn’t cause those smartphones to crash, but it does slow their speed. It also makes it impossible to use the app until the attack has finished.
Sanchez said he has not contacted Snapchat about the vulnerability because he claims the Los Angeles startup has no respect for the cyber security research community.
He says Snapchat earned that reputation by ignoring advice in August and on Christmas Eve from Gibson Security, a security group that predicted a flaw within the app could be used to expose user data. On New Year’s Eve, another group exploited that vulnerability and exposed the user names and phone numbers of nearly 5 million Snapchat users.
“They warned Snapchat about issues -- about the possible dump of database -- and Snapchat didn’t care,” he said.
The Times asked Snapchat if it knew of the vulnerability claimed by Sanchez. Snapchat said it was not aware of the problem.
“We are interested in learning more and can be contacted at firstname.lastname@example.org,” a Snapchat spokeswoman wrote in an email reply.
[Updated 9:54 a.m. PST Feb. 8: Sanchez on Saturday said Snapchat had blocked his accounts as well as the Internet protocol address he uses. He tweeted a photo of the error he receives when he tries to log on. “That’s their countermeasure,” he said in his tweet.
Snapchat could not be reached to confirm if it has blocked Sanchez.]
“That’s their countermeasure,” he said in his tweet.