Hackers Can Crash Your iPhone Through a New Flaw Found in Snapchat

Yahoo Tech

Updated July 16, 2015 at 8:02 PM

Hackers Can Crash Your iPhone Through a New Flaw Found in Snapchat

By Tom’s Guide / Paul Wagenseil

A flaw in the way Snapchat handles user-verification tokens makes the image-messaging service vulnerable to a denial-of-service attack that can crash iPhones, two Spanish researchers say.

The researchers, Jaime Sanchez and Pablo San Emeterio, first detailed the flaw in a Spanish-language blog posting Jan. 12 and then presented their findings at the ShmooCon security conference in Washington, D.C., on Jan. 18.

MORE: Best Smartphones 2014

But it was not until Sanchez spoke to reporter Salvador Rodriguez of the Los Angeles Times for a story published Feb. 7 that the flaw got widespread attention.

Sanchez and San Emeterio found it was possible to copy the authentication token of a single Snapchat message and apply it to other messages, even those originating from other Snapchat accounts.

Flooding an iPhone with an overwhelming number of Snapchat messages that all bore the same authentication token would make the targeted iPhone seize up or crash, requiring a “hard” reset that rebooted the phone, Sanchez told Rodriguez.

Rodriguez posted a video of an iPhone 5s receiving what appear to be dozens of messages at once from the same sender and then becoming unresponsive.

“Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account,” Rodriguez wrote. “He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself.”

The same attack on an Android phone slows, but does not crash, the device, Sanchez said.

The researcher did not suggest how Snapchat might fix the problem, but it seemed that drastically shortening the lifespan of an authentication token might work.

Sanchez told Rodriguez he had not informed Snapchat of the flaw, nor did he plan to, citing Snapchat’s purportedly dismissive attitude toward outside security researchers.

In the past six weeks, several security researchers have said they had informed Snapchat of flaws they had found in its smartphone apps, only to be ignored.

Two Australian researchers posted their findings online in late December, after having allegedly waited four months for a reponse from Snapchat.

A group of mischievous hackers quickly exploited those flaws to “scrape” Snapchat’s servers and dump usernames and telephone numbers of 4.6 million North American Snapchat users online.

Other researchers from Texas and Georgia complained of similar rebuffs from Snapchat, even as the company made partly unsuccessful efforts to fix the flaws the researchers pointed out.

“They doesn’t care about security and make it easy having fun,” Sanchez tweeted about the company following his ShmooCon presentation.

Snapchat told the L.A. Times it was not aware of the issue Sanchez and San Emeterio discovered and invited the researchers to contact the company.

Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Finance
These 3 stocks are poised to benefit from the massive energy transition
The energy transition will benefit companies providing electrical needs for surging demand. Analysts point to these three stocks as a Buy.
Yahoo Sports
Phil Mickelson on the majors: 'What if none of the LIV players played?'
Phil Mickelson hints that big changes could be coming to LIV Golf's rosters, and the majors will need to pay attention.
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Yahoo Sports
NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks
Tuesday's last-2-minute report should be interesting.
Yahoo Finance
Social Security just passed Medicare as the government's most pressing insolvency risk
An annual government report offered a glimmer of good news for Social Security and a jolt of good news for Medicare even as both programs continue to be on pace to run dry next decade.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024
Fantasy baseball analyst Dalton Del Don delivers his latest batch of hot takes as we enter Week 6 of the season.
Yahoo Sports
Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL
Kelly allegedly harassed a female strength and conditioning coach who sued him and the Toronto Argonauts in February.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Finance
Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike
Minneapolis Fed president Neel Kashkari said interest rates will likely stay at current levels for an "extended period" and didn't rule out a hike if inflation stalls near 3%.
Yahoo Sports
NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series
Our NBA staff makes its picks for Knicks-Pacers and every second-round series.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hackers Can Crash Your iPhone Through a New Flaw Found in Snapchat

Recommended Stories

Former NBA guard Darius Morris dies at 33

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The FDIC change that leaves wealthy bank depositors with less protection

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

These 3 stocks are poised to benefit from the massive energy transition

Phil Mickelson on the majors: 'What if none of the LIV players played?'

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

NBA playoffs: Officials admit they flubbed critical kick-ball call in controversial final minute of Pacers-Knicks

Social Security just passed Medicare as the government's most pressing insolvency risk

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

The Scorecard: Andy Pages looks set to go down as one of the best fantasy baseball waiver wire pickups of 2024

Ex-Ole Miss QB and Denver Broncos draft pick Chad Kelly suspended at least nine games by CFL

The best budgeting apps for 2024

Fed’s Kashkari: Rates will stay high for 'extended period' and can't rule out a hike

NBA playoffs: Predictions for Celtics-Cavaliers and every second-round series

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

The best RBs for 2024 fantasy football according to our analysts