Snapchat vulnerability can be exploited to crash iPhones, researcher says

Snapchat request tokens can be resused to launch denial-of-service attacks against the app's users

A vulnerability in Snapchat allows attackers to launch denial-of-service attacks against users of the popular photo messaging app, causing their phones to become unresponsive and even crash.

According to Jaime Sanchez, the security researcher who discovered the issue, authorization tokens accompanying Snapchat requests from authenticated users don't expire.

These tokens are generated by the app for every action -- like adding friends or sending snaps -- in order to avoid sending the password every time. However, since past tokens don't expire, they can be reused from different devices to send commands through the Snapchat API (application programming interface).

"I'm able to use a custom script I've created to send snaps to a list of users from several computers at the same time," Sanchez said. "That could let an attacker send spam to the 4.6 million leaked account list in less than one hour."

Hackers exploited a different vulnerability in Snpachat at the beginning of January to extract over 4.6 million phone number and user name pairs from the service. They then posted the list online.

However, in addition to spamming a large number of users, the new issue discovered by Sanchez can also be used to attack a single user by sending him hundreds or thousands of snaps using unexpired tokens.

When this attack is performed against a user who uses Snapchat on an iPhone his device will freeze and the OS will eventually reboot itself, Sanchez said.

The researcher demonstrated the attack against the iPhone of a reporter from the Los Angeles Times with his approval by sending 1,000 messages to the reporter's Snapchat account within five seconds. A video of the demonstration was also posted on YouTube.

"Launching a denial-of-service attack on Android devices doesn't cause those smartphones to crash, but it does slow their speed," Sanchez said. "It also makes it impossible to use the app until the attack has finished."

There is a limiting factor to this attack: the default privacy setting in Snapchat that only allows accounts in a user's friends list to send him snaps, meaning the attacker would first have to convince the targeted user to add him as a friend. According to Snapchat's documentation, sending a snap to a user without being in his list of friends will result in the user receiving a notification so they can add back the sender.

Users who changed their account's default privacy setting so they can receive snaps from anyone would be directly exposed to the attack described by Sanchez.

Snapchat did not immediately respond to a request for comment.

Sanchez said via email that he didn't report the issue to Snapchat before disclosing it publicly because he feels the company has a poor attitude toward security researchers based on how it handled previous vulnerabilities reported to it. In December a security research outfit called Gibson Security published an exploit that allowed attackers to match phone numbers to Snapchat accounts after claiming that the company didn't fix the underlying vulnerability for four months.

According to Sanchez, the problem disclosed by him still hadn't been fixed Saturday, but two accounts and a VPN IP address that he used for testing had been banned. Instead of banning the accounts of a researcher who has no interest in attacking real users and doesn't even use the service, the company should work on improving the security of their application, Sanchez said.

The researcher believes preventing this issue would require an easy fix on the server side. He doesn't know why the OS crashes on iPhones, but he suspects that it has something to do with the Push Notification system that iOS devices use to receive notifications from third-party applications. The research into that aspect continues, he said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags SnapChatsecuritymobile securityExploits / vulnerabilities

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?