By Tom’s Guide / Paul Wagenseil
A flaw in the way Snapchat handles user-verification tokens makes the image-messaging service vulnerable to a denial-of-service attack that can crash iPhones, two Spanish researchers say.
The researchers, Jaime Sanchez and Pablo San Emeterio, first detailed the flaw in a Spanish-language blog posting Jan. 12 and then presented their findings at the ShmooCon security conference in Washington, D.C., on Jan. 18.
MORE: Best Smartphones 2014
But it was not until Sanchez spoke to reporter Salvador Rodriguez of the Los Angeles Times for a story published Feb. 7 that the flaw got widespread attention.
Sanchez and San Emeterio found it was possible to copy the authentication token of a single Snapchat message and apply it to other messages, even those originating from other Snapchat accounts.
Flooding an iPhone with an overwhelming number of Snapchat messages that all bore the same authentication token would make the targeted iPhone seize up or crash, requiring a “hard” reset that rebooted the phone, Sanchez told Rodriguez.
Rodriguez posted a video of an iPhone 5s receiving what appear to be dozens of messages at once from the same sender and then becoming unresponsive.
“Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account,” Rodriguez wrote. “He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself.”
The same attack on an Android phone slows, but does not crash, the device, Sanchez said.
The researcher did not suggest how Snapchat might fix the problem, but it seemed that drastically shortening the lifespan of an authentication token might work.
Sanchez told Rodriguez he had not informed Snapchat of the flaw, nor did he plan to, citing Snapchat’s purportedly dismissive attitude toward outside security researchers.
In the past six weeks, several security researchers have said they had informed Snapchat of flaws they had found in its smartphone apps, only to be ignored.
Two Australian researchers posted their findings online in late December, after having allegedly waited four months for a reponse from Snapchat.
A group of mischievous hackers quickly exploited those flaws to “scrape” Snapchat’s servers and dump usernames and telephone numbers of 4.6 million North American Snapchat users online.
“They doesn’t care about security and make it easy having fun,” Sanchez tweeted about the company following his ShmooCon presentation.
Snapchat told the L.A. Times it was not aware of the issue Sanchez and San Emeterio discovered and invited the researchers to contact the company.
- Mobile Security Guide: Everything You Need to Know
- Snapchat Data Breach: What Went Wrong and What to Do
- 9 Best Mobile Security Software Products