Snapchat iPhone App Security Hole Creates DoS Opportunity
Another shot has been fired at the security of a popular photo messaging service that has recently been in the crosshairs of security researchers.
According to security expert Jaime Sanchez, a flaw in the Snapchat app for iOS could be used to launch a denial-of-service attack and cause the device to crash. The problem, he explained in a blog post, is that the security Snapchat uses for authentication don't expire.
"I've been using for the attack one token created almost one month ago," he blogged. "So, I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less than one hour."
The list he is referring to is a collection of phone numbers and associated usernames posted online roughly a month ago by hackers taking advantage of an exploit revealed by Gibson Security in December. That particular exploit abused a security hole Gibson Security first notified Snapchat about in August.
To demonstrate his attack, Sanchez launched a denial-of-service attack on the phone of a LA Times reporter and was able to send his account 1,000 messages within five seconds. This caused the device to freeze until the reporter shut it down and restarted the phone.