Printed from

Snapchat vulnerability leaves phones open to attack

updated 01:55 pm EST, Sun February 9, 2014

Use of security tokens allows Snapchat denial of service attack

Snapchat, the picture based messaging platform, appears to have more problems on its hands after its recent account breach. It has been discovered that the program can be used in denial-of-service attacks against iOS and Android based phones to disable or crash the devices through sending thousands of messages to the device in a matter of seconds.

In a demonstration with the LA Times, Jaime Sanchez, a consultant for Telefonica, displayed the attack that takes advantage of the security token authorization Snapchat uses by recycling those non-expiring tokens to send new messages. Sanchez was able to send 1,000 messages in five seconds in a video showing that the attack froze the iPhone application and reset the phone. The phone appears to continue hanging up after restarting until the attack reaches its end.

By his calculations, using a script and several computers at once could "let an attack send spam to the 4.5 million leaked account list in less than one hour." The attack hasn't appeared in the wild so far, but given the wealth of information available from previous breaches, it will only be a matter of time. One loophole was closed that allowed the spoof of snaps from the teamsnapchat account to initiate the attack on any user since the account is on every friend list.

Sanchez notes on his blog that while the iPhone can experience a reset, Android phones have shown more resilience to the attack. They merely slow down and leave Snapchat unusable until the attack has run its course.

While Sanchez displayed the attack to media, he said that he chose not to inform Snapchat of the situation because of how they had handled issues in the past. Most notably because they ignored warnings from Gibson Security which tried to bring the possible exposure of user data to their attention that eventually came to fruition earlier this year.

In return it appears that Snapchat's solution to the problem was not to fix the issue or reach out to Sanchez, but rather to block his accounts and IP instead.

By Electronista Staff
Post tools:




Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News