Snapchat flaw can be used to remotely crash one iPhone or spam millions

Summary:Snapchat bug could lead to mass spam campaign or denial of service attacks on any iPhone.

Snapchat's security issues are drawing attention once again, this time over a flaw that could let an attacker flood an iPhone with messages and cause it to crash.

A simple error in the way the Snapchat app for iOS devices handles security tokens makes the Apple mobiles vulnerable to a denial of service attack that can cause it to crash, according to security researcher Jaime Sanchez.

Sanchez detailed his findings in a blog over the weekend, explaining the root cause is that Snapchat's security tokens don't expire. As Sanchez explains, new Snapchat tokens are generated to authenticate a user's identity each time they send a new message or update their contact list.

But because the tokens don't expire, they can be re-used multiple times — either to send out spam from multiple devices to Snapchat users or to direct a load of requests at one target device.

"I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less then one hour," he wrote.

"The other problem is that any attacker could just send all the snaps to one user only, as a Denial of Service attack."

The researcher demonstrated the attack to the LA Times last week, showing how he could use his account to send 1,000 messages to a reporter's phone within five seconds, which caused the device to hang until it shut down.

Sanchez told the paper he reported the flaw publicly before alerting Snapchat to its existence because the US startup didn't respect the work of security researchers — a claim that was made by the Australian researchers who found the flaw that led to its leak of 4.6 million user details .

Snapchat has blocked the accounts Sanchez used to demonstrate the attacks.

ZDNet has asked Snapchat whether it's fixing the issue and will update the story if it receives one. 

More on Snapchat

Topics: Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.