Snapchat can simply not catch a break. According to new reports that have emerged, a cyber security researcher has found a vulnerability with the app that can make it possible for hackers to launch a DoS attack and freeze iPhones.
The LA Times has reported about a post by Jamie Sanchez, a Researcher who found this flaw. Sacnhez says that Snapchat’s vulnerability can open up the iPhone being used to a denial-of-service (DoS) attack, causing a crash. A hacker can achieve this by sending thousands of messages to a Snapchat user in seconds which will crash the device so badly, it will need a hard reset to have it up and working again.
Essentially when you attempt to send messages via Snapchat, a token is created. These tokens are made out of random letters and numbers and can verify the senders’ identities. Sanchez has reportedly found a way hackers can take these old tokens, reuse them and send new messages.
To bombard one user with many messages within seconds, a hacker can use old tokens and powerful computers. It could well be termed as a cyber attack. Salvador Rodrigues of the publication showed a video where Sanchez sent to his device 1,000 Snapchat messages within five seconds, causing his iPhone to freeze, shut down and restart itself.
While the DoS attack on iPhones causes a massive hard reset, on Android things aren’t as bad. The Android device will not crash but will slow down considerably and will not let you use Snapchat till the hack has finished.
What could cause more worry for Snapchat users is the fact that Sanchez has not reported this vulnerability to the app’s team. The researcher says that he hasn’t done so since Snapchat does not respect the cyber security research community, a fact amply proven when the app makers ignored security advice back in August last year.
The ignoring of Gibson Security’s advice caused Snapchat dear when millions of Snapchat users’ information like phone number and user ID leaked onto the web. The flaw’s origins lay in the Find Friends feature of the app that Snapchat finally plugged later.
Hopefully, Snapchat will take swift notice of the newer DoS problem and fix it before it explodes.
