Snapchat flaw can be used to remotely crash one iPhone or spam millions

Snapchat bug could lead to mass spam campaign or denial of service attacks on any iPhone.

Snapchat's security issues are drawing attention once again, this time over a flaw that could let an attacker flood an iPhone with messages and cause it to crash.

A simple error in the way the Snapchat app for iOS devices handles security tokens makes the Apple mobiles vulnerable to a denial of service attack that can cause it to crash, according to security researcher Jaime Sanchez.

Read this

Snapchat names, aliases and phone numbers obtainable via Android and iOS APIs, say researchers

According to a Snapchat Security Advisory published by Australian researchers, Snapchat names, aliases and phone numbers can be discovered and harvested via the Snapchat Android and iOS API even if an account is private.

Read More

Sanchez detailed his findings in a blog over the weekend, explaining the root cause is that Snapchat's security tokens don't expire. As Sanchez explains, new Snapchat tokens are generated to authenticate a user's identity each time they send a new message or update their contact list.

But because the tokens don't expire, they can be re-used multiple times — either to send out spam from multiple devices to Snapchat users or to direct a load of requests at one target device.

"I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time. That could let an attacker send spam to the 4.6 million leaked account list in less then one hour," he wrote.

"The other problem is that any attacker could just send all the snaps to one user only, as a Denial of Service attack."

The researcher demonstrated the attack to the LA Times last week, showing how he could use his account to send 1,000 messages to a reporter's phone within five seconds, which caused the device to hang until it shut down.

Sanchez told the paper he reported the flaw publicly before alerting Snapchat to its existence because the US startup didn't respect the work of security researchers — a claim that was made by the Australian researchers who found the flaw that led to its leak of 4.6 million user details .

Snapchat has blocked the accounts Sanchez used to demonstrate the attacks.

ZDNet has asked Snapchat whether it's fixing the issue and will update the story if it receives one. 

More on Snapchat