Snapchat Attack Can Freeze, Crash iPhones

Snapchat is still vulnerable to hackers -- and that could mean bad news for iPhone users. Jamie Sanchez, a security researcher who first discovered the flaw in the popular picture messaging app, said Snapchat opens the iPhone up to denial-of-service attacks that can cause the device to freeze and crash.

EUSnapchat uses security tokens for authentication,EU he wrote in a blog post. EUSecurity tokens are used to prove one's identity electronically, in place of a password, to prove that the customer is who they claim to be, so they don't have to exchange the original password that may be captured by attackers.EU

As Sanchez explained it, a token is created any time you make a request to Snapchat to update your contact list, add someone, send a snap, etc. The EUrequest tokenEU is based on your password and a timestamp, among other things. The problem is that the tokens donEUt expire like they should.

Android Not Immune

EUI've been using for the attack one token create almost one month ago. So, I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time,EU Sanchez said. EUThat could let an attacker send spam to the 4.6 million leaked account list in less then one hour.EU

But thatEUs not the only problem. According to Sanchez, any attacker could just send all the snaps to one user only as a denial of service attack. That could crash the iPhone and force a restart to free the phone from the attackerEUs grip. Apparently, the attack only crashes on iPhones -- not Android-powered devices. But Sanchez said the attack does slow down Android phones to the point where itEUs impossible to use the device until the attack is over.

Sanchez does have some good news: If you have...

Comments are closed.